Thread: Google Search redirect to shopper sites malware
View Single Post
Old 12-10-2008, 12:02 AM   #2 (permalink)
SearchEngineBug
Registered User
 
Join Date: Dec 2008
Posts: 2
OS: XP


Re: Google Search redirect to shopper sites malware
So looking at other replies it seems I need to run combofix and post the log. So here it is. Strangly the problem seems to have gone away with that one action. Am I still infected? Really I want to know if someone is able to see my passwords and intercept everything I am doing on the internet....


I don't know why my original post seems to not be word wrapping either.

thanks again in advance

ComboFix 08-12-09.02 - david.edrich 2008-12-10 0:29:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1360 [GMT -6:00]
Running from: c:\documents and settings\plesieur\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\Cache
c:\windows\system32\ntnet.drv
c:\windows\system32\sysaudio.sys
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 16:55 . 2007-05-07 01:30 7,168 -ra------ c:\windows\system32\ppspCoInst.dll
2008-12-09 16:44 . 2005-10-24 21:41 245,760 -ra------ c:\windows\system32\MosUSer.exe
2008-12-09 16:44 . 2005-10-24 21:44 229,376 -ra------ c:\windows\system32\MosUPar.exe
2008-12-09 16:44 . 2006-05-04 00:26 144,756 -ra------ c:\windows\system32\mosUsbSr.sys
2008-12-09 16:44 . 2006-05-04 00:26 140,419 -ra------ c:\windows\system32\MCSENUM.vxd
2008-12-09 16:44 . 2004-09-16 22:15 18,496 -ra------ c:\windows\system32\drivers\DbgMsg9X.sys
2008-12-09 16:44 . 2006-05-04 00:28 8,720 -ra------ c:\windows\system32\MOSUSRPT.vxd
2008-12-09 16:44 . 2006-05-04 00:29 8,670 -ra------ c:\windows\system32\MOSUPRPT.vxd
2008-12-09 16:44 . 2005-10-24 22:11 7,536 -ra------ c:\windows\system32\MOSUSER.DLL
2008-12-09 16:44 . 2005-10-24 22:12 4,352 -ra------ c:\windows\system32\MOSUPAR.DLL
2008-12-09 11:21 . 2008-12-09 11:21 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-08 23:40 . 2008-12-08 23:40 250 --a------ c:\windows\gmer.ini
2008-12-08 14:09 . 2008-12-09 16:13 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 14:09 . 2008-12-09 16:13 <DIR> d-------- c:\documents and settings\plesieur\Application Data\SUPERAntiSpyware.com
2008-12-08 14:09 . 2008-12-08 14:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 11:53 . 2008-12-09 16:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-08 11:53 . 2008-12-09 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 11:50 . 2008-12-08 11:52 15,083,520 --a------ C:\spybotsd160.exe
2008-12-08 01:29 . 2008-12-08 01:29 <DIR> d-------- c:\documents and settings\plesieur\Application Data\Malwarebytes
2008-12-08 01:29 . 2008-12-08 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 00:09 . 2008-12-09 23:59 <DIR> d-------- c:\program files\Fighters
2008-12-08 00:09 . 2008-12-08 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2008-12-07 23:38 . 2008-12-08 13:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-12-07 23:36 . 2008-12-07 23:36 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-07 23:36 . 2008-12-08 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-12-07 23:33 . 2008-12-07 23:33 292,352 --a------ C:\STOPzilla_Setup.exe
2008-12-07 23:13 . 2008-12-07 23:13 646,376 --a------ C:\SpywareTerminatorSetup.exe
2008-12-07 22:59 . 2008-12-09 23:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 22:58 . 2008-12-07 22:58 13,596,592 --a------ C:\sdsetup.exe
2008-12-07 22:34 . 2008-12-07 22:34 1,077,632 --a------ C:\RegCureSetup_1501_RW.exe
2008-12-02 18:12 . 2008-12-04 16:12 <DIR> d-------- C:\1shinerxy
2008-12-02 18:06 . 2008-12-04 12:07 <DIR> d-------- C:\1SA
2008-11-27 01:40 . 2008-11-27 01:40 1,489 --a------ C:\syslinux.cfg
2008-11-24 17:00 . 2008-11-22 03:26 1,048,576 --a------ C:\1RUX64Nov.bin
2008-11-23 23:10 . 2008-08-07 17:31 138,080 --a------ c:\windows\system32\drivers\symsnap.sys
2008-11-23 23:10 . 2008-01-19 20:12 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys
2008-11-23 23:10 . 2008-08-13 17:07 38,112 --a------ c:\windows\system32\drivers\v2imount.sys
2008-11-23 23:10 . 2008-01-19 19:40 15,088 --a------ c:\windows\system32\drivers\vproeventmonitor.sys
2008-11-23 23:08 . 2008-11-23 23:09 <DIR> d-------- c:\program files\Norton Ghost
2008-11-22 03:26 . 2008-12-04 19:35 2,097,152 --a------ C:\1RUX64.bin
2008-11-22 02:53 . 2008-11-30 23:00 <DIR> d-------- C:\1Nov221RU_BackupNoCompile
2008-11-22 02:48 . 2008-11-22 02:52 <DIR> d-------- C:\1Nov221RU
2008-11-21 12:30 . 2008-11-19 15:32 1,048,576 --a------ C:\ReeflpcX64.rom
2008-11-21 11:53 . 2008-11-21 11:53 <DIR> d-------- C:\1Om
2008-11-18 15:57 . 2008-11-18 15:58 518,939,027 --a------ C:\AIOPendrivelinux08.zip
2008-11-16 01:16 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-11-16 01:16 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-11-14 23:40 . 2008-11-30 21:05 <DIR> d-------- C:\1ru11_15_08Save
2008-11-14 20:27 . 2008-11-14 20:11 22,885,353 --a------ C:\1ru11_15_08_false.zip
2008-11-14 20:09 . 2008-11-14 20:28 20,914,331 --a------ C:\1ru11_15_08.zip
2008-11-14 20:08 . 2008-11-14 20:08 1,048,576 --a------ C:\1RUX64.fd
2008-11-14 19:23 . 2008-11-23 00:58 <DIR> d-------- C:\1rutest
2008-11-12 12:57 . 2008-11-12 12:56 117,125 --a------ C:\BdsPlatform.cod
2008-11-12 12:56 . 2008-11-12 11:55 4,070 --a------ C:\PlatformData.cod
2008-11-12 12:16 . 2008-11-12 12:13 67,873 --a------ C:\makefile2
2008-11-11 16:12 . 2008-11-11 16:20 <DIR> d-------- C:\usbboot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 06:38 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-10 06:29 --------- d-----w c:\documents and settings\plesieur\Application Data\Skype
2008-12-10 06:21 --------- d-----w c:\program files\Vinade
2008-12-10 06:05 --------- d-----w c:\documents and settings\plesieur\Application Data\skypePM
2008-12-09 22:13 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 18:20 --------- d-----w c:\documents and settings\plesieur\Application Data\CoreFTP
2008-11-29 01:31 30 ----a-w c:\program files\Exiferupdate.ini
2008-11-24 06:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 06:23 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-24 05:30 --------- d-----w c:\documents and settings\plesieur\Application Data\Symantec
2008-11-13 19:54 --------- d-----w c:\program files\ZOC5
2008-11-13 18:06 3,198,976 ----a-w C:\biosdbg-32.exe
2008-11-13 03:53 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 22:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 22:20 3,194,880 ----a-w C:\biosdbg.exe
2008-10-29 06:43 7,168 ----a-w c:\documents and settings\plesieur\sslsocks.dll
2008-10-29 06:43 54,272 ----a-w c:\documents and settings\plesieur\sslepc.dll
2008-10-29 06:43 53,248 ----a-w c:\documents and settings\plesieur\sslppp.dll
2008-10-29 06:43 31,232 ----a-w c:\documents and settings\plesieur\ssll2.dll
2008-10-29 06:43 0 ----a-w c:\documents and settings\plesieur\ssllnch.exe
2008-10-28 22:33 3,448,320 ----a-w C:\biosdbg-64.exe
2008-10-27 21:36 3,186,688 ----a-w C:\biosdbgOLD.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 16:50 1,048,576 ----a-w C:\ReefGood.bin
2008-10-10 22:13 --------- d-----w c:\documents and settings\plesieur\Application Data\NewSoft
2008-10-10 14:11 56,912 ----a-w c:\documents and settings\plesieur\g2mdlhlpx.exe
2008-10-10 14:11 --------- d-----w c:\program files\Citrix
2008-10-03 21:12 1,048,576 ----a-w C:\ReefLpcX64USBTEST.bin
2008-09-23 18:36 4,194,304 ----a-w C:\reef.bin
2008-09-16 21:26 5,645,528 ----a-w C:\2rf.zip
2008-09-14 15:27 181,969 ----a-w C:\H2ODebug.zip
2008-07-14 06:41 61,224 ----a-w c:\documents and settings\plesieur\GoToAssistDownloadHelper.exe
2007-08-15 14:07 22 --sh--w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2007-08-14 09:12 286720 --------- c:\program files\EMC IRM\Common\ASOShExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-01 185632]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"iKeyWorks"="c:\program files\A4Tech\Keyboard\Ikeymain.exe" [2007-06-25 65536]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-06-30 241664]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-08-13 2245984]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

c:\documents and settings\jeff.bobzin\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

c:\documents and settings\Paul Lesieur\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= sysaudio.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{E1C86793-3C84-4795-AB53-B2BC6AB5A8FC} [2004-08-04 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
R3 NESSLDrv;Network Extender SSLVPN Adapter;c:\windows\system32\DRIVERS\NESSLDrv.sys [2007-10-09 19224]
R3 SNESSLDr;Standalone Network Extender SSLVPN Adapter;c:\windows\system32\DRIVERS\SNESSLDr.sys [2007-01-24 19224]
R3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [2007-12-20 1558000]
S3 Amdudd;AMD USB Device Driver;c:\windows\system32\Drivers\Amdudd.sys [2008-08-01 30976]
S3 ISUSB;ISUSB.Sys i82930 Bulk IO test driver;c:\windows\system32\Drivers\ISUSB.sys [2004-07-07 16384]
S3 itp700drv;Intel ITP700 Debug Port Interface;c:\windows\system32\drivers\itp700drv.sys [2007-03-12 53770]
S3 itp800drv;Intel ITP800 Debug Port Interface;c:\windows\system32\drivers\itp800drv.sys [2007-03-12 57230]
S3 itpBridge;Intel ITP Bridge Interface;c:\windows\system32\drivers\itpBridge.sys [2007-03-12 60726]
S3 ItpXdpLdr;Intel ITP-XDP Ldr Driver (itpxdpldr.sys);c:\windows\system32\Drivers\ItpxdpLdr.sys [2007-03-12 20480]
S3 ItpXdpSys;Intel ITP-XDP Driver (itpxdpsys.sys);c:\windows\system32\Drivers\ItpXdpSys.sys [2007-03-12 14208]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\DRIVERS\mosuport.sys [2008-10-07 855040]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-03-14 116416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f91262c-6aac-11dc-a793-001b775b8ea6}]
\Shell\AutoRun\command - f:\__stickydrive\StickyDrive.exe
\Shell\StickyDrive\Command - f:\__stickydrive\StickyDrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9aa6a62-522c-11dd-a7ee-001b775b8ea6}]
\Shell\AutoRun\command - F:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\BackupInc.job
- c:\windows\system32\ntbackup.exe [2004-08-04 15:00]

2008-12-04 c:\windows\Tasks\Weekly Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 15:00]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {1268D7D0-80AF-42C0-B046-8510A379AA33} = 192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,68.94.156.1,68.94.157.1

c:\windows\UninstallVTPassage.exe - c:\windows\NESSLDrv.txt
c:\windows\NESSLDrv.sys
c:\windows\Downloaded Program Files\xtunnel.dll
c:\windows\Downloaded Program Files\CONFLICT.1\xtunnel.dll
O16 -: {68D8AAB2-C2A7-43F1-BA99-BE492EF7BF85}
hxxps://sslvpn.insydesw.com/XTunnel.cab
c:\windows\Downloaded Program Files\CONFLICT.1\XTunnel.inf

c:\windows\Downloaded Program Files\ErcdDigitalID.dll - O16 -: {6C310E2B-EB89-11D2-8500-0004ACEE8FFE}
hxxps://teal.intel.com/ecitr/IntelSign.cab
c:\windows\Downloaded Program Files\ercddigitalid.inf
FireFox -: Profile - c:\documents and settings\plesieur\Application Data\Mozilla\Firefox\Profiles\6me1ec3j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.americancatholic.org/
FF -: plugin - c:\program files\Google\Picasa3\npPicasa2.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 00:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????c??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1204)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\progra~1\Symantec\SYMANT~1\NscTop.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\dllhost.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-10 0:46:11 - machine was rebooted [david.edrich]
ComboFix-quarantined-files.txt 2008-12-10 06:46:08

Pre-Run: 525,246,464 bytes free
Post-Run: 470,831,104 bytes free

330 --- E O F --- 2008-11-16 22:15:54
SearchEngineBug is offline