Google search redirects me to Shopica

[jhall30]

Hello, I have been having this problem with my search engine redirecting me to alternate sites such as Shopica. It also would not allow me to access microsoft websites or Mcafee. I have been having this problem for nearly a month. I downloaded mawarebytes on January 1st, ran the program and it seemed to solve my problem... well now its back! Then I tried Spybot, it detects nothing. I would greatly appreciate any help with this. Thanks so much


DDS (Ver_09-01-07.01) - NTFSx86
Run by Jody Hall at 19:07:08.27 on Thu 01/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.386 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jody Hall\Local Settings\Temporary Internet Files\Content.IE5\V1NI8FMF\dds[2].com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.ivnet.com
uInternet Settings,ProxyOverride = *.msn.com;*.yahoo.com;64.136.29.30;64.136.21.30;64.136.29.34;msn.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;yahoo.com;<local>;*.local
uSearchURL,(Default) = hxxp://www.ivnet.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [P2kAutostart]
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: \\?\globalroot\systemroot\system32\senekawi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jodyha~1\applic~1\mozilla\firefox\profiles\3nfadbov.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7900
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-23 207656]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2008-7-14 238848]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-12-23 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-23 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-23 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-23 34152]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-23 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2006-12-23 358736]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-12-23 144704]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-11-6 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-11-6 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-11-6 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-11-6 23680]
S4 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S4 senekalight;senekalight;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]

=============== Created Last 30 ================

2009-01-15 18:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 18:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:33 <DIR> --d----- C:\fixwareout
2009-01-13 17:15 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-13 17:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-13 15:56 3 a------- c:\windows\system32\senekadf.dat
2009-01-13 15:55 59 a------- c:\windows\system32\seneka.dat
2009-01-13 09:13 22,277 a------- c:\windows\system32\senekalog.dat
2009-01-11 16:10 20,992 a------- c:\windows\system32\senekalight.dll
2009-01-11 16:10 14,336 a------- c:\windows\system32\senekawi.dll
2009-01-02 22:04 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-01-02 22:04 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-01-02 22:03 19,569 a------- c:\windows\005949_.tmp
2009-01-02 21:29 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-01-02 21:15 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-02 20:52 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-02 20:50 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-02 20:50 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-02 20:50 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-02 20:50 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-02 20:47 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-02 20:46 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-02 20:45 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-02 20:45 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-02 20:42 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-01-02 20:41 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-02 20:41 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-02 20:03 <DIR> --d----- C:\b0ca5bd096538ed248
2009-01-02 19:56 <DIR> --d----- C:\2e8cfc05cea480de2c4e10f60955d0
2009-01-02 19:36 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-02 19:36 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-02 19:36 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-02 19:36 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-02 19:36 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-02 19:36 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-02 19:36 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-02 19:36 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-02 19:36 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-02 19:20 <DIR> --d----- C:\b889c92b696667cf7f
2009-01-02 00:28 7,208 -------- c:\windows\system32\secupd.sig
2009-01-02 00:28 4,569 -------- c:\windows\system32\secupd.dat
2009-01-02 00:28 56,700 a------- c:\windows\system32\ieuinit.inf
2009-01-01 23:37 1,082,368 a------- c:\windows\system32\esent.dll
2009-01-01 22:44 354,304 a------- c:\windows\system32\winhttp.dll
2009-01-01 22:44 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-01-01 22:33 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-01-01 19:15 <DIR> --d----- c:\docume~1\jodyha~1\applic~1\Malwarebytes
2009-01-01 18:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 18:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-01 15:18 155,648 a------- c:\windows\system32\igfxres.dll
2009-01-01 14:44 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-01-01 14:44 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-01-01 14:44 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-01-01 14:44 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-01-01 14:44 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-01-01 14:44 72,704 ac------ c:\windows\system32\dllcache\wingb.ime
2009-01-01 14:44 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-01-01 14:44 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-01-01 14:42 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-01-01 14:41 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-01-01 14:31 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-01 14:31 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-01 14:31 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-01 14:31 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-01 14:31 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-01 14:31 45,568 a------- c:\windows\system32\safrslv.dll
2009-01-01 14:31 43,520 a------- c:\windows\system32\safrcdlg.dll
2009-01-01 14:31 43,520 a------- c:\windows\system32\racpldlg.dll
2009-01-01 14:31 29,696 a------- c:\windows\system32\safrdm.dll
2009-01-01 14:31 32,768 a------- c:\windows\system32\mnmsrvc.exe
2009-01-01 14:31 32,768 a------- c:\windows\system32\isrdbg32.dll
2009-01-01 14:28 184,320 a------- c:\windows\system32\accwiz.exe
2009-01-01 14:17 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-01-01 14:17 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-01-01 14:16 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-01-01 14:16 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-01-01 14:15 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-01-01 14:15 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-01-01 14:15 23,552 a------- c:\windows\system32\wdmaud.drv
2009-01-01 14:13 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-01-01 14:10 1,041,871 a------- c:\windows\setupapi.log.3.old
2008-12-31 07:59 24,872 a------- c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-30 17:53 103,360 a------- c:\windows\system32\drivers\AnyDVD.sys
2008-12-28 18:05 441 a------- c:\windows\system32\TDSSwupe.dat
2008-12-26 13:27 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\CanonIJSolutionMenu
2008-12-26 13:22 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\CanonIJEPPEX
2008-12-26 13:20 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\CanonIJMyPrinter
2008-12-26 13:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2008-12-26 13:05 <DIR> --d----- c:\program files\common files\CANON
2008-12-26 13:01 230,912 a------- c:\windows\system32\CNMLM9D.DLL
2008-12-26 13:01 1,339,392 a------- c:\windows\system32\CNC620C.DLL
2008-12-26 13:01 270,336 a------- c:\windows\system32\CNC620L.DLL
2008-12-26 13:01 188,416 a------- c:\windows\system32\CNC620O.DLL
2008-12-26 13:01 98,304 a------- c:\windows\system32\CNC620I.DLL
2008-12-26 13:01 142,336 a------- c:\windows\system32\CNMNPUI.DLL
2008-12-26 13:01 362,496 a------- c:\windows\system32\CNMNPPM.DLL
2008-12-26 13:01 117,850 a------- c:\windows\system32\Cnmnput.chm

==================== Find3M ====================

2009-01-01 14:30 23,356 ac------ c:\windows\system32\emptyregdb.dat
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-19 11:21 93,128 a------- c:\windows\system32\ElbyCDIO.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-07-23 16:43 7,499,056 a------- c:\program files\Firefox Setup 3.0.1.exe
2006-12-23 17:27 591,400 ac------ c:\program files\DMSetup.exe
2005-09-23 16:48 103,650 ac------ c:\program files\LimeWireWin.exe
2005-06-16 19:44 1,500,464 ac------ c:\program files\HiSpeed.exe
2005-03-05 10:26 4,816,464 ac------ c:\program files\Firefox Setup 1.0.1.exe

============= FINISH: 19:09:28.68 ===============

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

------------------------------------------------------

Download ResetTeaTimer

• and Save it to your Desktop.
• Double-click ResetTeaTimer.zip
• Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.
• A DOS window will open and close again, this is normal.

------------------------------------------------------

If for some reason during these fixes you receive prompts from Spybot about whether to accept or deny any changes, please Accept them all.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

[jhall30]

Thank you very much Chemist! I ran combofix and attached the file, awaiting further instructions.

ComboFix 09-01-17.03 - Jody Hall 2009-01-17 16:12:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.617 [GMT -6:00]
Running from: c:\documents and settings\Jody Hall\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jody Hall\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fad.sys
c:\windows\system32\TDSSwupe.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 11:55 . 2009-01-17 11:55 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-17 11:42 . 2009-01-17 12:05 <DIR> d-------- c:\program files\NOS
2009-01-17 11:42 . 2009-01-17 12:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-01-17 11:36 . 2009-01-17 11:36 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-01-17 11:36 . 2009-01-17 11:36 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-01-16 19:18 . 2009-01-16 19:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-16 18:42 . 2009-01-16 18:42 103,488 --a------ c:\windows\SYSTEM32\DRIVERS\AnyDVD.sys
2009-01-16 16:35 . 2009-01-16 16:35 93,352 --a------ c:\windows\SYSTEM32\ElbyCDIO.dll
2009-01-15 19:13 . 2009-01-15 19:13 250 --a------ c:\windows\gmer.ini
2009-01-15 18:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-15 18:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 21:33 . 2009-01-14 21:43 <DIR> d-------- C:\fixwareout
2009-01-14 15:43 . 2009-01-14 15:43 24,360 --a------ c:\windows\SYSTEM32\DRIVERS\ElbyCDIO.sys
2009-01-13 17:15 . 2009-01-13 19:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-13 17:15 . 2009-01-13 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 22:04 . 2008-04-13 18:12 1,306,624 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2009-01-02 22:04 . 2008-04-13 11:27 79,872 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml6r.dll
2009-01-02 22:03 . 2006-12-28 13:01 19,569 --a------ c:\windows\005949_.tmp
2009-01-02 21:29 . 2008-08-14 04:04 138,496 -----c--- c:\windows\SYSTEM32\DLLCACHE\afd.sys
2009-01-02 21:15 . 2008-12-11 04:57 333,952 -----c--- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2009-01-02 20:52 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-02 20:50 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-01-02 20:50 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-01-02 20:50 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-01-02 20:50 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-01-02 20:47 . 2008-05-08 08:02 203,136 -----c--- c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
2009-01-02 20:46 . 2008-10-24 05:21 455,296 -----c--- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2009-01-02 20:45 . 2008-04-11 13:04 691,712 -----c--- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
2009-01-02 20:45 . 2008-05-01 08:33 331,776 -----c--- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-01-02 20:42 . 2008-10-03 04:02 247,326 -----c--- c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2009-01-02 20:41 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2009-01-02 20:41 . 2008-10-15 10:34 337,408 -----c--- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2009-01-02 20:03 . 2009-01-02 20:03 <DIR> d-------- C:\b0ca5bd096538ed248
2009-01-02 19:56 . 2009-01-02 19:56 <DIR> d-------- C:\2e8cfc05cea480de2c4e10f60955d0
2009-01-02 19:36 . 2008-10-16 14:38 6,066,176 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-01-02 19:36 . 2007-04-17 03:32 2,455,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-02 19:36 . 2007-03-07 23:10 991,232 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll.mui
2009-01-02 19:36 . 2008-10-16 14:38 459,264 -----c--- c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-01-02 19:36 . 2008-10-16 14:38 383,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-01-02 19:36 . 2008-10-16 14:38 267,776 -----c--- c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-01-02 19:36 . 2008-10-16 14:38 63,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2009-01-02 19:36 . 2008-10-16 14:38 52,224 -----c--- c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2009-01-02 19:36 . 2008-10-16 07:11 13,824 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-01-02 19:20 . 2009-01-02 19:20 <DIR> d-------- C:\b889c92b696667cf7f
2009-01-02 00:28 . 2007-08-13 18:06 56,700 --a------ c:\windows\SYSTEM32\ieuinit.inf
2009-01-02 00:28 . 2004-08-02 14:20 7,208 --------- c:\windows\SYSTEM32\secupd.sig
2009-01-02 00:28 . 2004-08-02 14:20 4,569 --------- c:\windows\SYSTEM32\secupd.dat
2009-01-01 23:37 . 2008-04-13 18:11 1,082,368 --a------ c:\windows\SYSTEM32\esent.dll
2009-01-01 22:44 . 2008-04-13 18:12 354,304 --a------ c:\windows\SYSTEM32\winhttp.dll
2009-01-01 22:44 . 2008-04-13 18:12 18,944 --a------ c:\windows\SYSTEM32\qmgrprxy.dll
2009-01-01 22:33 . 2008-10-16 14:12 213,528 --a------ c:\windows\SYSTEM32\wuaucpl.cpl
2009-01-01 19:15 . 2009-01-01 19:15 <DIR> d-------- c:\documents and settings\Jody Hall\Application Data\Malwarebytes
2009-01-01 18:57 . 2009-01-15 18:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 18:57 . 2009-01-01 18:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 15:18 . 2003-04-07 00:05 155,648 --a------ c:\windows\SYSTEM32\igfxres.dll
2009-01-01 14:44 . 2008-04-13 18:11 156,672 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winzm.ime
2009-01-01 14:44 . 2008-04-13 18:11 156,672 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winsp.ime
2009-01-01 14:44 . 2008-04-13 18:11 156,672 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winpy.ime
2009-01-01 14:44 . 2008-04-13 18:11 79,360 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winar30.ime
2009-01-01 14:44 . 2008-04-13 18:11 72,704 --a--c--- c:\windows\SYSTEM32\DLLCACHE\wingb.ime
2009-01-01 14:44 . 2008-04-13 18:11 65,536 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winime.ime
2009-01-01 14:44 . 2003-07-16 14:51 41,600 --a--c--- c:\windows\SYSTEM32\DLLCACHE\weitekp9.dll
2009-01-01 14:44 . 2003-07-16 14:51 31,232 --a--c--- c:\windows\SYSTEM32\DLLCACHE\weitekp9.sys
2009-01-01 14:42 . 2008-04-13 18:09 13,463,552 --a--c--- c:\windows\SYSTEM32\DLLCACHE\hwxjpn.dll
2009-01-01 14:41 . 2001-08-17 22:36 2,134,528 --a--c--- c:\windows\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2009-01-01 14:31 . 2008-04-13 18:12 45,568 --a------ c:\windows\SYSTEM32\safrslv.dll
2009-01-01 14:31 . 2008-04-13 18:12 43,520 --a------ c:\windows\SYSTEM32\safrcdlg.dll
2009-01-01 14:31 . 2008-04-13 18:12 43,520 --a------ c:\windows\SYSTEM32\racpldlg.dll
2009-01-01 14:31 . 2008-04-13 18:12 32,768 --a------ c:\windows\SYSTEM32\mnmsrvc.exe
2009-01-01 14:31 . 2008-04-13 18:11 32,768 --a------ c:\windows\SYSTEM32\isrdbg32.dll
2009-01-01 14:31 . 2008-04-13 18:12 29,696 --a------ c:\windows\SYSTEM32\safrdm.dll
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\SYSTEM32\wuaucpl.cpl.manifest
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\SYSTEM32\sapi.cpl.manifest
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\SYSTEM32\ncpa.cpl.manifest
2009-01-01 14:31 . 2009-01-01 14:31 488 -rah----- c:\windows\SYSTEM32\logonui.exe.manifest
2009-01-01 14:28 . 2008-04-13 18:11 2,061,824 --a------ c:\windows\SYSTEM32\mstscax.dll
2009-01-01 14:17 . 2008-04-13 12:45 52,864 --a------ c:\windows\SYSTEM32\DRIVERS\dmusic.sys
2009-01-01 14:17 . 2008-04-13 12:45 6,272 --a------ c:\windows\SYSTEM32\DRIVERS\splitter.sys
2009-01-01 14:16 . 2008-04-13 12:40 57,600 --a------ c:\windows\SYSTEM32\DRIVERS\redbook.sys
2009-01-01 14:16 . 2008-04-13 12:45 10,624 --a------ c:\windows\SYSTEM32\DRIVERS\gameenum.sys
2009-01-01 14:15 . 2008-04-13 13:19 146,048 --a------ c:\windows\SYSTEM32\DRIVERS\portcls.sys
2009-01-01 14:15 . 2008-04-13 12:45 60,160 --a------ c:\windows\SYSTEM32\DRIVERS\drmk.sys
2009-01-01 14:15 . 2008-04-13 18:12 23,552 --a------ c:\windows\SYSTEM32\wdmaud.drv
2009-01-01 14:13 . 2008-04-13 18:13 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\termdd.sys
2009-01-01 14:10 . 2009-01-01 23:17 1,041,871 --a------ c:\windows\setupapi.log.3.old
2009-01-01 14:09 . 2009-01-01 14:09 <DIR> d---s---- c:\windows\SYSTEM32\CONFIG\systemprofile\History
2008-12-31 22:46 . 2003-12-20 09:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2008-12-31 22:46 . 2003-12-20 09:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2008-12-31 22:46 . 2008-12-31 22:46 <DIR> d-------- c:\documents and settings\Administrator
2008-12-26 13:27 . 2008-12-26 13:27 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2008-12-26 13:22 . 2008-12-26 13:22 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2008-12-26 13:20 . 2009-01-04 15:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-26 13:20 . 2008-12-26 13:20 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2008-12-26 13:05 . 2008-12-26 13:05 <DIR> d-------- c:\program files\Common Files\CANON
2008-12-26 13:02 . 2008-12-26 13:02 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-26 13:01 . 2008-12-26 13:01 <DIR> d--h----- c:\windows\SYSTEM32\CanonIJ Uninstaller Information
2008-12-26 13:01 . 2008-12-26 13:01 <DIR> d--h----- c:\program files\CanonBJ
2008-12-26 13:01 . 2008-04-07 08:58 1,339,392 --a------ c:\windows\SYSTEM32\CNC620C.DLL
2008-12-26 13:01 . 2007-05-14 09:49 362,496 --a------ c:\windows\SYSTEM32\CNMNPPM.DLL
2008-12-26 13:01 . 2008-05-30 03:27 270,336 --a------ c:\windows\SYSTEM32\CNC620L.DLL
2008-12-26 13:01 . 2008-05-29 23:00 230,912 --a------ c:\windows\SYSTEM32\CNMLM9D.DLL
2008-12-26 13:01 . 2007-03-15 08:12 188,416 --a------ c:\windows\SYSTEM32\CNC620O.DLL
2008-12-26 13:01 . 2007-05-14 09:49 142,336 --a------ c:\windows\SYSTEM32\CNMNPUI.DLL
2008-12-26 13:01 . 2007-03-19 18:14 117,850 --a------ c:\windows\SYSTEM32\Cnmnput.chm
2008-12-26 13:01 . 2008-04-07 08:58 98,304 --a------ c:\windows\SYSTEM32\CNC620I.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 17:54 --------- d-----w c:\program files\Common Files\Adobe
2009-01-17 17:36 --------- d-----w c:\program files\Java
2008-12-26 19:20 --------- d-----w c:\program files\Canon
2008-12-26 18:05 --------- d-----w c:\program files\Dell AIO Printer A920
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-07-23 22:43 7,499,056 ----a-w c:\program files\Firefox Setup 3.0.1.exe
2006-12-23 23:27 591,400 -c--a-w c:\program files\DMSetup.exe
2005-09-23 22:48 103,650 -c--a-w c:\program files\LimeWireWin.exe
2005-06-17 01:44 1,500,464 -c--a-w c:\program files\HiSpeed.exe
2005-03-05 16:26 4,816,464 -c--a-w c:\program files\Firefox Setup 1.0.1.exe
2007-11-09 21:10 30,288 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 79,440 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 75,344 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 140,880 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 42,576 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 50,768 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 34,384 ----a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 685,648 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 30,288 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-16 2530240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-03 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-13 18:11 625664 c:\windows\SYSTEM32\catsrvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:limewire
"6346:UDP"= 6346:UDP:limewire

R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\BLKWGU.sys [2008-07-14 238848]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [2008-11-06 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [2008-11-06 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [2008-11-06 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [2008-11-06 23680]
S4 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
senekalight
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-13 18:12]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-P2kAutostart - (no file)
SafeBoot-senekalight


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.msn.com;*.yahoo.com;64.136.29.30;64.136.21.30;64.136.29.34;msn.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;yahoo.com;<local>;*.local
uSearchURL,(Default) = hxxp://www.ivnet.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 16:20:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-17 16:27:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-17 22:26:45

Pre-Run: 46,068,834,304 bytes free
Post-Run: 46,380,351,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
272 --- E O F --- 2009-01-14 01:18:40

[chemist]

Hello jhall30.

Please run gmer again as before and attach it's log to your next reply.

[jhall30]

Hello Chemist, here it is...

[chemist]

Hello again, jhall30. Thanks for running gmer. MBAM did a little of my work for me.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:

Registry Mechanic

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

------------------------------------------------------

I see you have P2P software ( BitLord ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

------------------------------------------------------

Close any open browsers.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

NetSvc::
senekalight

Driver::
senekalight
EAPPkt

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"=-
"6346:UDP"=-

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

------------------------------------------------------

Please restart your computer in Safe Mode.

• Restart your computer.
• After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key. In some systems, this may be the F5 key.
• Instead of Windows loading as normal, a menu should appear.
• Use the up arrow key to highlight Safe Mode and press Enter.
• Login on your usual account. Make sure to close any open browsers.

------------------------------------------------------



Referring to the picture above, drag CFScript onto ComboFix

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

[jhall30]

Ummm... don't laugh at this question, but how do I open "notepad"?

[chemist]

Go Start > Run and type notepad then click OK.

[jhall30]

OK...bitlord is removed

ComboFix 09-01-17.03 - Administrator 2009-01-17 18:13:39.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.810 [GMT -6:00]
Running from: c:\documents and settings\Jody Hall\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jody Hall\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EAPPKT
-------\Legacy_SENEKALIGHT
-------\Service_EAPPkt


((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 11:55 . 2009-01-17 11:55 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-17 11:42 . 2009-01-17 12:05 <DIR> d-------- c:\program files\NOS
2009-01-17 11:42 . 2009-01-17 12:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-01-17 11:36 . 2009-01-17 11:36 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-01-17 11:36 . 2009-01-17 11:36 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-01-16 19:18 . 2009-01-16 19:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-16 18:42 . 2009-01-16 18:42 103,488 --a------ c:\windows\SYSTEM32\DRIVERS\AnyDVD.sys
2009-01-16 16:35 . 2009-01-16 16:35 93,352 --a------ c:\windows\SYSTEM32\ElbyCDIO.dll
2009-01-15 19:13 . 2009-01-17 16:56 250 --a------ c:\windows\gmer.ini
2009-01-15 18:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-15 18:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 21:33 . 2009-01-14 21:43 <DIR> d-------- C:\fixwareout
2009-01-14 15:43 . 2009-01-14 15:43 24,360 --a------ c:\windows\SYSTEM32\DRIVERS\ElbyCDIO.sys
2009-01-13 17:15 . 2009-01-13 19:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-13 17:15 . 2009-01-13 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 22:04 . 2008-04-13 18:12 1,306,624 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2009-01-02 22:04 . 2008-04-13 11:27 79,872 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml6r.dll
2009-01-02 22:03 . 2006-12-28 13:01 19,569 --a------ c:\windows\005949_.tmp
2009-01-02 21:29 . 2008-08-14 04:04 138,496 -----c--- c:\windows\SYSTEM32\DLLCACHE\afd.sys
2009-01-02 21:15 . 2008-12-11 04:57 333,952 -----c--- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2009-01-02 20:52 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-02 20:50 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-01-02 20:50 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-01-02 20:50 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-01-02 20:50 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-01-02 20:47 . 2008-05-08 08:02 203,136 -----c--- c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
2009-01-02 20:46 . 2008-10-24 05:21 455,296 -----c--- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2009-01-02 20:45 . 2008-04-11 13:04 691,712 -----c--- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
2009-01-02 20:45 . 2008-05-01 08:33 331,776 -----c--- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-01-02 20:42 . 2008-10-03 04:02 247,326 -----c--- c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2009-01-02 20:41 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2009-01-02 20:41 . 2008-10-15 10:34 337,408 -----c--- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2009-01-02 20:03 . 2009-01-02 20:03 <DIR> d-------- C:\b0ca5bd096538ed248
2009-01-02 19:56 . 2009-01-02 19:56 <DIR> d-------- C:\2e8cfc05cea480de2c4e10f60955d0
2009-01-02 19:36 . 2008-10-16 14:38 6,066,176 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-01-02 19:36 . 2007-04-17 03:32 2,455,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-02 19:36 . 2007-03-07 23:10 991,232 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll.mui
2009-01-02 19:36 . 2008-10-16 14:38 459,264 -----c--- c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-01-02 19:36 . 2008-10-16 14:38 383,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-01-02 19:36 . 2008-10-16 14:38 267,776 -----c--- c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-01-02 19:36 . 2008-10-16 14:38 63,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2009-01-02 19:36 . 2008-10-16 14:38 52,224 -----c--- c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2009-01-02 19:36 . 2008-10-16 07:11 13,824 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-01-02 19:20 . 2009-01-02 19:20 <DIR> d-------- C:\b889c92b696667cf7f
2009-01-02 00:28 . 2007-08-13 18:06 56,700 --a------ c:\windows\SYSTEM32\ieuinit.inf
2009-01-02 00:28 . 2004-08-02 14:20 7,208 --------- c:\windows\SYSTEM32\secupd.sig
2009-01-02 00:28 . 2004-08-02 14:20 4,569 --------- c:\windows\SYSTEM32\secupd.dat
2009-01-01 23:37 . 2008-04-13 18:11 1,082,368 --a------ c:\windows\SYSTEM32\esent.dll
2009-01-01 22:44 . 2008-04-13 18:12 354,304 --a------ c:\windows\SYSTEM32\winhttp.dll
2009-01-01 22:44 . 2008-04-13 18:12 18,944 --a------ c:\windows\SYSTEM32\qmgrprxy.dll
2009-01-01 22:33 . 2008-10-16 14:12 213,528 --a------ c:\windows\SYSTEM32\wuaucpl.cpl
2009-01-01 19:15 . 2009-01-01 19:15 <DIR> d-------- c:\documents and settings\Jody Hall\Application Data\Malwarebytes
2009-01-01 18:57 . 2009-01-15 18:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 18:57 . 2009-01-01 18:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 15:18 . 2003-04-07 00:05 155,648 --a------ c:\windows\SYSTEM32\igfxres.dll
2009-01-01 14:44 . 2008-04-13 18:11 156,672 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winzm.ime
2009-01-01 14:44 . 2008-04-13 18:11 156,672 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winsp.ime
2009-01-01 14:44 . 2008-04-13 18:11 156,672 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winpy.ime
2009-01-01 14:44 . 2008-04-13 18:11 79,360 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winar30.ime
2009-01-01 14:44 . 2008-04-13 18:11 72,704 --a--c--- c:\windows\SYSTEM32\DLLCACHE\wingb.ime
2009-01-01 14:44 . 2008-04-13 18:11 65,536 --a--c--- c:\windows\SYSTEM32\DLLCACHE\winime.ime
2009-01-01 14:44 . 2003-07-16 14:51 41,600 --a--c--- c:\windows\SYSTEM32\DLLCACHE\weitekp9.dll
2009-01-01 14:44 . 2003-07-16 14:51 31,232 --a--c--- c:\windows\SYSTEM32\DLLCACHE\weitekp9.sys
2009-01-01 14:42 . 2008-04-13 18:09 13,463,552 --a--c--- c:\windows\SYSTEM32\DLLCACHE\hwxjpn.dll
2009-01-01 14:41 . 2001-08-17 22:36 2,134,528 --a--c--- c:\windows\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2009-01-01 14:31 . 2008-04-13 18:12 45,568 --a------ c:\windows\SYSTEM32\safrslv.dll
2009-01-01 14:31 . 2008-04-13 18:12 43,520 --a------ c:\windows\SYSTEM32\safrcdlg.dll
2009-01-01 14:31 . 2008-04-13 18:12 43,520 --a------ c:\windows\SYSTEM32\racpldlg.dll
2009-01-01 14:31 . 2008-04-13 18:12 32,768 --a------ c:\windows\SYSTEM32\mnmsrvc.exe
2009-01-01 14:31 . 2008-04-13 18:11 32,768 --a------ c:\windows\SYSTEM32\isrdbg32.dll
2009-01-01 14:31 . 2008-04-13 18:12 29,696 --a------ c:\windows\SYSTEM32\safrdm.dll
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\SYSTEM32\wuaucpl.cpl.manifest
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\SYSTEM32\sapi.cpl.manifest
2009-01-01 14:31 . 2009-01-01 14:31 749 -rah----- c:\windows\SYSTEM32\ncpa.cpl.manifest
2009-01-01 14:31 . 2009-01-01 14:31 488 -rah----- c:\windows\SYSTEM32\logonui.exe.manifest
2009-01-01 14:28 . 2008-04-13 18:11 2,061,824 --a------ c:\windows\SYSTEM32\mstscax.dll
2009-01-01 14:17 . 2008-04-13 12:45 52,864 --a------ c:\windows\SYSTEM32\DRIVERS\dmusic.sys
2009-01-01 14:17 . 2008-04-13 12:45 6,272 --a------ c:\windows\SYSTEM32\DRIVERS\splitter.sys
2009-01-01 14:16 . 2008-04-13 12:40 57,600 --a------ c:\windows\SYSTEM32\DRIVERS\redbook.sys
2009-01-01 14:16 . 2008-04-13 12:45 10,624 --a------ c:\windows\SYSTEM32\DRIVERS\gameenum.sys
2009-01-01 14:15 . 2008-04-13 13:19 146,048 --a------ c:\windows\SYSTEM32\DRIVERS\portcls.sys
2009-01-01 14:15 . 2008-04-13 12:45 60,160 --a------ c:\windows\SYSTEM32\DRIVERS\drmk.sys
2009-01-01 14:15 . 2008-04-13 18:12 23,552 --a------ c:\windows\SYSTEM32\wdmaud.drv
2009-01-01 14:13 . 2008-04-13 18:13 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\termdd.sys
2009-01-01 14:10 . 2009-01-01 23:17 1,041,871 --a------ c:\windows\setupapi.log.3.old
2009-01-01 14:09 . 2009-01-01 14:09 <DIR> d---s---- c:\windows\SYSTEM32\CONFIG\systemprofile\History
2008-12-31 22:46 . 2003-12-20 09:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2008-12-31 22:46 . 2003-12-20 09:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2008-12-31 22:46 . 2008-12-31 22:46 <DIR> d-------- c:\documents and settings\Administrator
2008-12-26 13:27 . 2008-12-26 13:27 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2008-12-26 13:22 . 2008-12-26 13:22 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2008-12-26 13:20 . 2009-01-04 15:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-26 13:20 . 2008-12-26 13:20 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2008-12-26 13:05 . 2008-12-26 13:05 <DIR> d-------- c:\program files\Common Files\CANON
2008-12-26 13:02 . 2008-12-26 13:02 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-26 13:01 . 2008-12-26 13:01 <DIR> d--h----- c:\windows\SYSTEM32\CanonIJ Uninstaller Information
2008-12-26 13:01 . 2008-12-26 13:01 <DIR> d--h----- c:\program files\CanonBJ
2008-12-26 13:01 . 2008-04-07 08:58 1,339,392 --a------ c:\windows\SYSTEM32\CNC620C.DLL
2008-12-26 13:01 . 2007-05-14 09:49 362,496 --a------ c:\windows\SYSTEM32\CNMNPPM.DLL
2008-12-26 13:01 . 2008-05-30 03:27 270,336 --a------ c:\windows\SYSTEM32\CNC620L.DLL
2008-12-26 13:01 . 2008-05-29 23:00 230,912 --a------ c:\windows\SYSTEM32\CNMLM9D.DLL
2008-12-26 13:01 . 2007-03-15 08:12 188,416 --a------ c:\windows\SYSTEM32\CNC620O.DLL
2008-12-26 13:01 . 2007-05-14 09:49 142,336 --a------ c:\windows\SYSTEM32\CNMNPUI.DLL
2008-12-26 13:01 . 2007-03-19 18:14 117,850 --a------ c:\windows\SYSTEM32\Cnmnput.chm
2008-12-26 13:01 . 2008-04-07 08:58 98,304 --a------ c:\windows\SYSTEM32\CNC620I.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 23:30 --------- d-----w c:\program files\BitLord
2009-01-17 17:54 --------- d-----w c:\program files\Common Files\Adobe
2009-01-17 17:36 --------- d-----w c:\program files\Java
2008-12-26 19:20 --------- d-----w c:\program files\Canon
2008-12-26 18:05 --------- d-----w c:\program files\Dell AIO Printer A920
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-07-23 22:43 7,499,056 ----a-w c:\program files\Firefox Setup 3.0.1.exe
2006-12-23 23:27 591,400 -c--a-w c:\program files\DMSetup.exe
2005-09-23 22:48 103,650 -c--a-w c:\program files\LimeWireWin.exe
2005-06-17 01:44 1,500,464 -c--a-w c:\program files\HiSpeed.exe
2005-03-05 16:26 4,816,464 -c--a-w c:\program files\Firefox Setup 1.0.1.exe
2007-11-09 21:10 30,288 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 79,440 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 75,344 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 140,880 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 42,576 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 50,768 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 34,384 ----a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 685,648 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 30,288 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-17_16.25.27.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-17 22:22:10 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-01-17 22:24:42 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-01-17 22:22:10 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-17 22:24:42 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2009-01-17 22:22:10 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-17 22:24:42 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-18 00:21:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_788.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-16 2530240]
"P2kAutostart"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-03 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-13 18:11 625664 c:\windows\SYSTEM32\catsrvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\senekalight]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\BLKWGU.sys [2008-07-14 238848]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [2008-11-06 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [2008-11-06 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [2008-11-06 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [2008-11-06 23680]
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-13 18:12]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.msn.com;*.yahoo.com;64.136.29.30;64.136.21.30;64.136.29.34;msn.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;yahoo.com;<local>;*.local
uSearchURL,(Default) = hxxp://www.ivnet.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 18:22:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-17 18:29:11 - machine was rebooted [Jody Hall]
ComboFix-quarantined-files.txt 2009-01-18 00:28:46
ComboFix2.txt 2009-01-17 22:27:18

Pre-Run: 47,517,609,984 bytes free
Post-Run: 46,381,875,200 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
267 --- E O F --- 2009-01-14 01:18:40

[chemist]

Hello again, jhall30. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
• Scroll down to where it says Java Runtime Environment (JRE) 6 Update 11 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
• Click the Download button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
• Click Continue The page will refresh.
• Click on the link to download Windows Offline Installation and Save the file to your Desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
• Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

• After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window.
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
  • Click OK to leave the Temporary Files Window.
  • Click OK to leave the Java Control Panel.
  • Delete jre-6u11-windows-i586-p.exe from your desktop.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Ensure your external and/or USB drives are inserted during the scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
report on system behavior

[jhall30]

Everything seems fine so far. Having a bit of trouble getting Java to download. Keeps timing out

[chemist]

You'll have to keep trying. Can you use another browser?

[jhall30]

Hello Chemist, results from kaspersky scan look favorable. My system seems to operating properly. Thank you very very much!

[chemist]

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"c:\windows\005949_.tmp"
"c:\program files\LimeWireWin.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

c:\program files\BitLord

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it. Press any key to continue.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /u

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Please re-enable TeaTimer:

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Check the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• How Did I Get Infected In The First Place? by TonyKlein
• PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

• SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  
• IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here
  
• MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

[jhall30]

Thank you once again Chemist! I truly appreciate all of your time and help! You folks are the best!

[chemist]

You're very welcome, jhall! Glad to have helped.