Inactive Google search link gets hijacked - Can someone please help

Status
Not open for further replies.
S

slohtia

Sometimes when I click on the google search results link. It takes me to a totally different site. I am running Windows XP Home.

I have attached combofix logs.

ComboFix 10-12-18.01 - User Name 12/18/2010 22:33:16.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2766 [GMT -8:00]
Running from: c:\documents and settings\User Name\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\User Name\g2mdlhlpx.exe
c:\documents and settings\User Name\Local Settings\Application Data\{6FE905A6-4D6B-4797-BF99-47517B0780AE}
c:\documents and settings\User Name\Local Settings\Application Data\{6FE905A6-4D6B-4797-BF99-47517B0780AE}\chrome.manifest
c:\documents and settings\User Name\Local Settings\Application Data\{6FE905A6-4D6B-4797-BF99-47517B0780AE}\chrome\content\_cfg.js
c:\documents and settings\User Name\Local Settings\Application Data\{6FE905A6-4D6B-4797-BF99-47517B0780AE}\chrome\content\overlay.xul
c:\documents and settings\User Name\Local Settings\Application Data\{6FE905A6-4D6B-4797-BF99-47517B0780AE}\install.rdf
c:\documents and settings\User Name\System
c:\documents and settings\User Name\System\win_qs8.jqx
C:\Thumbs.db

----- BITS: Possible infected sites -----

hxxp://au.download.windowj+|Cv+@J:NGD_DQ{ztHG.Xa?7I('{AC76BA86-7AD7-1033-7B44-A82000000003}-S-1-5-21-1715567821-790525478-839522115-1004XtD$?|Af&v
.
((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 06:27 . 2010-12-19 06:27 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-12-18 21:43 . 2010-12-18 21:43 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-12-18 21:43 . 2010-12-18 21:43 -------- d-----w- c:\windows\system32\xlive
2010-12-18 21:42 . 2010-12-19 05:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-18 21:36 . 2010-12-18 21:36 -------- d-----w- c:\windows\Logs
2010-12-18 21:22 . 2010-12-18 21:22 -------- d-----w- c:\program files\Eidos
2010-12-18 06:59 . 2007-04-17 02:50 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-12-18 04:33 . 2004-08-04 10:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-12-18 04:04 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-18 04:04 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-18 04:04 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-18 04:04 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-18 04:04 . 2006-03-30 10:03 22339 ----a-r- c:\windows\SETC0.tmp
2010-12-18 04:04 . 2005-03-30 17:54 10559 ----a-r- c:\windows\SETC1.tmp
2010-12-18 04:03 . 2004-08-04 10:00 13753 ----a-r- c:\windows\SET8D.tmp
2010-12-18 04:03 . 2004-08-04 10:00 1086058 ----a-r- c:\windows\SET81.tmp
2010-12-18 04:03 . 2004-08-04 10:00 1042903 ----a-r- c:\windows\SET7E.tmp
2010-12-18 00:41 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-18 00:41 . 2004-08-04 10:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-12-18 00:16 . 2005-03-30 17:54 10559 ----a-r- c:\windows\SET12F.tmp
2010-12-18 00:16 . 2006-03-30 10:03 22339 ----a-r- c:\windows\SET12E.tmp
2010-12-18 00:16 . 2004-08-04 10:00 13753 ----a-r- c:\windows\SETFB.tmp
2010-12-18 00:16 . 2004-08-04 10:00 1086058 ----a-r- c:\windows\SETEF.tmp
2010-12-18 00:16 . 2004-08-04 10:00 1042903 ----a-r- c:\windows\SETEC.tmp
2010-12-15 05:41 . 2010-12-15 23:40 -------- d-----w- C:\2010-12 (Dec)
2010-12-03 18:06 . 2010-12-03 20:06 -------- d-----w- c:\program files\PhonePower

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-10 08:49 . 2010-11-10 08:49 58704 ----a-r- c:\documents and settings\User Name\Application Data\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2010-06-02 05:59 . 2010-06-02 05:59 8474512 ----a-w- c:\program files\Common Files\Samsung_Mobile_USB_Driver_V1.3.550.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-13 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Sticky Pad"="c:\program files\StickyPad\StickyPad.exe" [2007-04-24 528441]
"cdloader"="c:\documents and settings\User Name\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"Google Update"="c:\documents and settings\User Name\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User Name^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\User Name\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User Name^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\User Name\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-09-12 20:33 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-08-20 21:57 221184 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 23:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 17:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-26 22:27 16132608 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 06:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/10/2010 6:26 AM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2010-12-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2010-12-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2010-12-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2010-12-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 06:16]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 06:16]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-790525478-839522115-1004Core.job
- c:\documents and settings\User Name\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 20:31]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-790525478-839522115-1004UA.job
- c:\documents and settings\User Name\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 20:31]

2010-12-01 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard76002003-08-20 21:57Y3A6331MTK3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 21:57]

2010-12-19 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2010-03-22 21:23]

2010-12-19 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-11-08 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: wellsfargo.com\invmnt
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\User Name\Application Data\Mozilla\Firefox\Profiles\z6g0sl0i.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Elasticfox: {2204c510-88f3-11db-b606-0800200c9a66} - %profile%\extensions\{2204c510-88f3-11db-b606-0800200c9a66}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-Pyadaguze - c:\windows\dbdinhl.dll
MSConfigStartUp-Sfezovo - c:\windows\ecoqutun.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E} - c:\program files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
 
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

There is a sticky that specifically says not to run Combofix unless instructed to do so by a helper.
 
Thanks. Here are the logs from Malware Bytes:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5360

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/20/2010 1:22:22 AM
mbam-log-2010-12-20 (01-22-22).txt

Scan type: Quick scan
Objects scanned: 146351
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**************************************************************************************
Logs from GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-20 01:26:14
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdePort3 WDC_WD2500AAJS-75B4A0 rev.01.03A01
Running: qo0yy61n.exe; Driver: C:\DOCUME~1\SUNITL~1\LOCALS~1\Temp\pwldipob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 sector 10: rootkit-like behavior;
Disk \Device\Harddisk1\DR1 sector 32: rootkit-like behavior;
Disk \Device\Harddisk1\DR1 sector 57: rootkit-like behavior;
Disk \Device\Harddisk1\DR1 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8AEE239B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AEE239B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AEE239B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AEE239B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AEE239B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8AEE239B

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Device\Ide\IdeDeviceP3T0L0-1b -> \??\IDE#DiskWDC_WD2500AAJS-75B4A0___________________01.03A01#5&274e0f5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
***************************************************************************************

Here is DDS Log



DDS (Ver_10-12-12.02) - NTFSx86
Run by Username at 1:28:39.78 on Mon 12/20/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2071 [GMT -8:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\StickyPad\StickyPad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Documents and Settings\Username\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\2_Program\Anti_Virus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sticky Pad] c:\program files\stickypad\StickyPad.exe
uRun: [cdloader] "c:\documents and settings\Username\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\Username\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: wellsfargo.com\invmnt
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271841469234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271841462796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sunitl~1\applic~1\mozilla\firefox\profiles\z6g0sl0i.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\Username\application data\mozilla\firefox\profiles\z6g0sl0i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Username\application data\mozilla\firefox\profiles\z6g0sl0i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\Username\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\Username\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Username\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Username\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Elasticfox: {2204c510-88f3-11db-b606-0800200c9a66} - %profile%\extensions\{2204c510-88f3-11db-b606-0800200c9a66}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-10 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-18 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-18 135336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-18 61960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-18 267944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-11-10 30312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-11-10 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-11-10 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-11-10 121576]

=============== Created Last 30 ================

2010-12-20 09:03:56 -------- d-----w- c:\docume~1\sunitl~1\applic~1\Malwarebytes
2010-12-20 09:03:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 09:03:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-20 09:03:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 09:03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-20 00:33:30 -------- d-----w- c:\windows\system32\AGEIA
2010-12-19 11:20:27 -------- d-----w- c:\docume~1\sunitl~1\applic~1\Avira
2010-12-19 07:57:42 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-19 07:57:41 -------- d-----w- c:\program files\Avira
2010-12-19 07:57:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-19 06:23:35 -------- d-sha-r- C:\cmdcons
2010-12-19 06:08:55 98816 ----a-w- c:\windows\sed.exe
2010-12-19 06:08:55 89088 ----a-w- c:\windows\MBR.exe
2010-12-19 06:08:55 256512 ----a-w- c:\windows\PEV.exe
2010-12-19 06:08:55 161792 ----a-w- c:\windows\SWREG.exe
2010-12-19 06:08:46 -------- d-----w- C:\ComboFix
2010-12-18 21:43:40 -------- d-----w- c:\windows\system32\xlive
2010-12-18 21:43:40 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-12-18 21:42:53 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-12-18 21:36:24 -------- d-----w- c:\windows\Logs
2010-12-18 21:22:56 -------- d-----w- c:\program files\Eidos
2010-12-18 06:59:44 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-12-18 04:33:55 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-12-18 04:04:09 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-18 04:04:09 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-18 04:04:09 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-18 04:04:09 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-18 00:41:53 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-18 00:41:53 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2010-12-15 05:41:23 -------- d-----w- C:\2010-12 (Dec)
2010-12-03 18:06:01 -------- d-----w- c:\program files\PhonePower

==================== Find3M ====================

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 05:59:48 8474512 ----a-w- c:\program files\common files\Samsung_Mobile_USB_Driver_V1.3.550.0.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500AAJS-75B4A0 rev.01.03A01 -> Harddisk1\DR1 -> \Device\Ide\IdePort3 P3T0L0-1b

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AEE2555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aee87b0]; MOV EAX, [0x8aee882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EEECC] -> \Device\Harddisk1\DR1[0x8AF1FAB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EEECC] -> [0x8AF221C0]
\Driver\atapi[0x8AEFF368] -> IRP_MJ_CREATE -> 0x8AEE2555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-1b -> \??\IDE#DiskWDC_WD2500AAJS-75B4A0___________________01.03A01#5&274e0f5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AEE239B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 1:29:19.17 ===============
*********************************************************************************************

Attach.txt logs



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2010 8:35:04 PM
System Uptime: 12/20/2010 1:10:32 AM (0 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel Pentium III Xeon processor | Socket 775 | 2826/333mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 2826/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 150.253 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 889.467 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 466 GiB total, 428.48 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/17/2010 10:51:57 PM - System Checkpoint
RP2: 12/18/2010 1:22:54 PM - Installed Batman: Arkham Asylum
RP3: 12/18/2010 1:36:30 PM - Installed DirectX
RP4: 12/18/2010 1:38:08 PM - Installed Windows Installer KB893803v2.
RP5: 12/18/2010 1:43:47 PM - Installed DirectX
RP6: 12/18/2010 1:51:20 PM - Installed NVIDIA PhysX
RP7: 12/18/2010 2:32:59 PM - Installed DirectX
RP8: 12/18/2010 9:45:56 PM - Removed NVIDIA PhysX
RP9: 12/18/2010 10:27:31 PM - Removed NVIDIA PhysX
RP10: 12/19/2010 4:10:14 PM - Removed Batman: Arkham Asylum
RP11: 12/19/2010 4:20:00 PM - Installed Batman: Arkham Asylum
RP12: 12/19/2010 4:32:26 PM - Installed DirectX
RP13: 12/19/2010 4:33:28 PM - Installed NVIDIA PhysX
RP14: 12/19/2010 9:36:57 PM - Configured Microsoft Office Enterprise 2007
RP15: 12/19/2010 9:47:41 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP16: 12/19/2010 9:48:27 PM - Configured Microsoft Office Enterprise 2007
RP17: 12/19/2010 9:56:11 PM - Configured Microsoft Office Enterprise 2007
RP18: 12/19/2010 10:23:34 PM - Configured Microsoft Office Enterprise 2007
RP19: 12/19/2010 10:31:01 PM - Printer Driver Send To Microsoft OneNote Driver Installed

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATI Problem Report Wizard
Avira AntiVir Personal - Free Antivirus
Batman: Arkham Asylum
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry Email and MDS Services Simulators 4.1.2
BlackBerry Smartphone Simulators 4.6.0.150 (9000)
BlackBerry Smartphone Simulators 5.0.0.508 (8530-Verizon)
BlackBerry Smartphone Simulators 5.0.0.586 (9700)
BlackBerry Smartphone Simulators 5.0.0.621 (9650)
BlackBerry® Media Sync
Bonjour
BREW Tools Suite 3.1.1
BTIL Development Kit
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
Dell Resource CD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DigitImg
DocProc
DocProcQFolder
doPDF 7.0 printer
EndItAll 2.0
eSupportQFolder
Google Calendar Sync
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.1.0.366
GPBaseService
GPL Ghostscript 8.63
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 10.0
HP Memories Disc
hp photosmart 7600 series
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Software Update
HP Solution Center 10.0
HPPhotoSmartPhotobookWebPack1
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 20
LG USB Modem driver
Logitech QuickCam
Logitech QuickCam Driver Package
Magic DVD Ripper V5.4.2
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Mercedes-Benz PM
Mercedes-Benz WIS
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Service Pack 3
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft_VC90_CRT_x86
MindManager X5 Pro
Motorola Driver Installation 3.1.0
Motorola iDEN SDK for J2ME (MIDP 2.0)
Mozilla Firefox (3.6.13)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
NETGEAR Print Server Software
NVIDIA PhysX
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PhonePower
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PowerDVD
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PS7600
PSShortcuts
PSSWCORE
PSUsage
QuickBooks Pro 2008
Quicken WillMaker Plus 2008
QuickTime
Realtek High Definition Audio Driver
Safari
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB979365)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Skins
Skype™ 4.2
SmartDraw 2010
SmartDraw PDF Filter
SmartSound Common Data
SmartSound Quicktracks 5
SmartWebPrintingOC
SolutionCenter
Status
StickyPad
SupportSoft Assisted Service
Sysadm
System Requirements Lab
Tis
Toolbox
Total Commander (Remove or Repair)
TrayApp
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
VBA
VideoToolkit01
ViewSonic Windows XP Signed Files
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
WinSCP 4.2.8
Works Suite OS Pack
Works Synchronization
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/20/2010 1:09:30 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 3:20:52 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SanDisk Cruzer Mini USB Device.
12/19/2010 12:42:03 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MEENAL-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD09828E-A768-. The master browser is stopping or an election is being forced.
12/19/2010 12:07:40 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service to connect.
12/19/2010 12:07:40 AM, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2010 12:00:36 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 12:00:36 AM, error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 12:00:36 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 12:00:36 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 12:00:36 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/19/2010 12:00:30 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 3:38:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LVSrvLauncher service to connect.
12/18/2010 3:38:09 AM, error: Service Control Manager [7000] - The LVSrvLauncher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2010 2:16:42 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/18/2010 2:16:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mozyFilter
12/18/2010 2:16:40 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/18/2010 2:15:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
12/18/2010 2:15:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.
12/18/2010 2:15:26 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The system cannot find the file specified.
12/18/2010 2:15:26 PM, error: Service Control Manager [7000] - The MozyHome Backup Service service failed to start due to the following error: The system cannot find the path specified.
12/18/2010 2:15:26 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2010 2:15:26 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2010 2:15:26 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
12/18/2010 2:12:59 PM, error: Print [23] - Printer SmartDraw PDF Filter failed to initialize because a suitable CUSTPDF Writer driver could not be found.
12/18/2010 2:12:58 PM, error: Print [23] - Printer doPDF v7 failed to initialize because a suitable doPDF 7 Printer Driver driver could not be found.
12/18/2010 10:28:13 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/18/2010 10:08:12 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 1:49:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
12/18/2010 1:49:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
12/18/2010 1:49:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
12/18/2010 1:49:29 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2010 1:49:29 PM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2010 11:16:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
12/17/2010 11:16:51 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2010 11:08:37 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
Was there some reason you posted duplicate logs? I have deleted them.

You have a rootkit. Please run the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Post log.
  • A reboot is required after disinfection.
================================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Google Search link gets hijacked

Hi Bobbye,

I did run TDSSkiller.exe as suggested by you. Then I ran Combofix.exe.

Attached are the logs from Combofix.


ComboFix 11-01-02.03 - User Name 01/02/2011 22:43:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2483 [GMT -8:00]
Running from: c:\2_program\Anti_Virus\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2010-12-19 07:57 . 2010-12-01 02:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-19 07:57 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-19 07:57 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-19 07:57 . 2010-12-19 07:57 -------- d-----w- c:\program files\Avira
2010-12-19 07:57 . 2010-12-19 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-18 21:43 . 2010-12-18 21:43 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-12-18 21:43 . 2010-12-18 21:43 -------- d-----w- c:\windows\system32\xlive
2010-12-18 21:42 . 2010-12-20 00:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-18 21:36 . 2010-12-18 21:36 -------- d-----w- c:\windows\Logs
2010-12-18 21:22 . 2010-12-18 21:22 -------- d-----w- c:\program files\Eidos
2010-12-18 06:59 . 2007-04-17 02:50 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-12-18 04:33 . 2004-08-04 10:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-12-18 04:04 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-18 04:04 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-18 04:04 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-18 04:04 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-18 00:41 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-18 00:41 . 2004-08-04 10:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-12-15 05:41 . 2010-12-20 05:09 -------- d-----w- C:\2010-12 (Dec)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-10 08:49 . 2010-11-10 08:49 58704 ----a-r- c:\documents and settings\User Name\Application Data\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2010-06-02 05:59 . 2010-06-02 05:59 8474512 ----a-w- c:\program files\Common Files\Samsung_Mobile_USB_Driver_V1.3.550.0.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-19_06.45.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 05:15 . 2008-10-25 05:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2011-01-03 06:31 . 2011-01-03 06:31 16384 c:\windows\Temp\Perflib_Perfdata_210.dat
+ 2008-08-26 06:50 . 2008-08-26 06:50 40960 c:\windows\system32\VBAME.DLL
- 1999-03-23 13:52 . 1999-03-23 13:52 40960 c:\windows\system32\VBAME.DLL
+ 2009-08-11 12:45 . 2006-10-27 03:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
- 2009-08-11 12:45 . 2006-10-27 02:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2010-12-20 05:47 . 2008-11-10 19:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
- 2009-08-11 12:45 . 2008-11-10 18:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-08-11 12:45 . 2008-11-10 19:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-07-20 17:34 . 2009-07-20 17:34 70936 c:\windows\system32\PhysXLoader.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 24344 c:\windows\system32\PhysXDevice.dll
- 2009-08-11 12:45 . 2008-11-10 18:41 32656 c:\windows\system32\msonpmon.dll
+ 2009-08-11 12:45 . 2008-11-10 19:41 32656 c:\windows\system32\msonpmon.dll
+ 2006-10-26 22:10 . 2006-10-26 22:10 33088 c:\windows\system32\FM20ENU.DLL
- 2006-10-26 21:10 . 2006-10-26 21:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2010-12-19 07:57 . 2010-06-17 22:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2010-12-20 09:03 . 2010-11-30 01:42 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-12-20 09:03 . 2010-11-30 01:42 20952 c:\windows\system32\drivers\mbam.sys
- 2009-08-11 10:11 . 2010-12-18 04:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-11 10:11 . 2010-12-19 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-12-19 08:01 . 2010-12-19 08:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-11 10:11 . 2010-12-18 04:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelSwedish.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelSpanish.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelPortugese.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelKorean.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelJapanese.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelGerman.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 58648 c:\windows\system32\AgCPanelFrench.dll
- 2009-08-11 12:45 . 2010-12-03 20:14 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-20 00:32 . 2010-12-20 00:32 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2006-12-02 05:54 . 2006-12-02 05:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 05:54 . 2006-12-02 05:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 05:54 . 2006-12-02 05:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-10-26 20:45 . 2006-10-26 20:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 21:45 . 2006-10-26 21:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2010-12-20 05:47 . 2008-11-10 19:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-08-11 12:45 . 2008-11-10 19:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
- 2009-08-11 12:45 . 2008-11-10 18:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 197912 c:\windows\system32\physxcudart_20.dll
+ 2009-06-20 04:06 . 2009-06-20 04:06 288024 c:\windows\system32\PhysXCplUI.exe
+ 2009-06-20 04:06 . 2009-06-20 04:06 288024 c:\windows\system32\PhysXCompatCplUI.exe
+ 2008-08-26 06:50 . 2008-08-26 06:50 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2006-10-26 21:45 . 2006-10-26 21:45 207360 c:\windows\system32\INKED.DLL
- 2006-10-26 20:45 . 2006-10-26 20:45 207360 c:\windows\system32\INKED.DLL
- 2009-08-11 02:58 . 2010-12-18 01:07 357752 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-11 02:58 . 2010-12-20 06:56 357752 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-19 07:57 . 2011-01-03 00:38 135096 c:\windows\system32\drivers\avipbb.sys
+ 2009-06-20 04:06 . 2009-06-20 04:06 116977 c:\windows\system32\AGEIA\AG1021\diag.bin
+ 2009-06-20 04:06 . 2009-06-20 04:06 214629 c:\windows\system32\AGEIA\AG1021\app.bin
+ 2009-06-20 04:06 . 2009-06-20 04:06 119473 c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2009-06-20 04:06 . 2009-06-20 04:06 199885 c:\windows\system32\AGEIA\AG1011\app.bin
+ 2009-08-11 12:45 . 2010-12-20 06:31 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-12-20 06:24 . 2010-12-20 06:24 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-04-21 09:49 . 2010-04-21 09:49 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-12-18 22:33 . 2010-12-18 22:33 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2006-12-02 07:25 . 2006-12-02 07:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 07:25 . 2006-12-02 07:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2008-10-25 05:15 . 2008-10-25 05:15 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2009-08-18 06:33 . 2009-08-18 06:33 1193832 c:\windows\system32\FM20.DLL
+ 2009-08-18 07:33 . 2009-08-18 07:33 1193832 c:\windows\system32\FM20.DLL
+ 2010-12-20 00:33 . 2010-12-20 00:33 1500160 c:\windows\Installer\388a2a6.msi
+ 2009-08-11 12:45 . 2010-12-20 06:31 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-11 12:45 . 2010-12-20 06:31 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-08-11 12:45 . 2010-12-03 20:14 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-12-18 22:33 . 2010-12-18 22:33 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-18 22:33 . 2010-12-18 22:33 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-20 00:32 . 2010-12-20 00:32 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-13 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Sticky Pad"="c:\program files\StickyPad\StickyPad.exe" [2007-04-24 528441]
"cdloader"="c:\documents and settings\User Name\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"Google Update"="c:\documents and settings\User Name\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User Name^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\User Name\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User Name^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\User Name\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 05:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-09-12 20:33 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-08-20 21:57 221184 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 18:24 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 23:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 17:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-26 22:27 16132608 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 06:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\User Name\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/10/2010 6:26 AM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/18/2010 11:57 PM 135336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [11/10/2010 12:49 AM 30312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/10/2010 12:49 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/10/2010 12:49 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/10/2010 12:49 AM 121576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2011-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2011-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2011-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2011-01-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:26]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 06:16]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 06:16]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-790525478-839522115-1004Core.job
- c:\documents and settings\User Name\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 20:31]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-790525478-839522115-1004UA.job
- c:\documents and settings\User Name\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 20:31]

2010-12-01 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard76002003-08-20 21:57Y3A6331MTK3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 21:57]

2011-01-03 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2010-03-22 21:23]

2011-01-03 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-11-08 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: wellsfargo.com\invmnt
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\User Name\Application Data\Mozilla\Firefox\Profiles\z6g0sl0i.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Elasticfox: {2204c510-88f3-11db-b606-0800200c9a66} - %profile%\extensions\{2204c510-88f3-11db-b606-0800200c9a66}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 22:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-790525478-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\msi.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-02 22:50:01
ComboFix-quarantined-files.txt 2011-01-03 06:49

Pre-Run: 160,468,000,768 bytes free
Post-Run: 160,597,213,184 bytes free

- - End Of File - - D3A5D333C81910A3263C597F2EF0B218
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
780
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back