[Not curable - Virut] Some windows apps won't run after...

Hi,

I was infected yesterday and took me a while to get my computer back to the way it was (well, almost). I ran McAfee anti-virus software and was able to detect and removed a number of trojans & virus (according to its log file). I also bought RegCure and ran it sucessfully.

The problem that I'm still having is that there are a number of windows applications that cease to run.

1) Regedit, Regedit32 does nothing when I ran them.
2) I can't get to 'Services' under 'Admin. Tool'. Keep getting this error:
(The procedure entry point ?PickIconDlg@@YGHPAUHWND_@@PAGIPAH@Z could not be located in dynamic link library mmcbase.dll)
3) Device Manager under System Properties screen won't run either. It gave me the same error as number 2 above.

What can I do to get these apps to run again ?

Thanks,
Tony

 

I ran DDS and got 2 files:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/4/2004 7:06:41 PM
System Uptime: 6/14/2009 8:53:37 AM (4 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 8.779 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
H: is FIXED (NTFS) - 466 GiB total, 133.567 GiB free.
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\11067F9C23C04
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\11067F9C23C04
Service: NIC1394

==== System Restore Points ===================

RP877: 5/30/2009 6:40:23 PM - Configured Studio 9
RP878: 5/30/2009 6:40:32 PM - Removed Studio 9
RP879: 5/30/2009 6:48:12 PM - Installed Studio 9
RP880: 5/30/2009 6:49:15 PM - Installed Studio 9
RP881: 6/1/2009 12:45:49 AM - System Checkpoint
RP882: 6/2/2009 5:39:05 PM - System Checkpoint
RP883: 6/4/2009 6:16:19 PM - System Checkpoint
RP884: 6/5/2009 7:16:12 PM - System Checkpoint
RP885: 6/6/2009 9:38:37 PM - System Checkpoint
RP886: 6/7/2009 10:12:22 PM - System Checkpoint
RP887: 6/9/2009 4:02:59 PM - System Checkpoint
RP888: 6/10/2009 7:11:03 PM - System Checkpoint
RP889: 6/11/2009 5:53:07 AM - Software Distribution Service 3.0
RP890: 6/12/2009 7:47:18 AM - System Checkpoint
RP891: 6/13/2009 11:05:44 AM - System Checkpoint
RP892: 6/13/2009 9:43:45 PM - Removed ShadowProtect ImageManager
RP893: 6/13/2009 9:44:02 PM - Removed ShadowProtect ImageManager
RP894: 6/13/2009 9:44:30 PM - Installed ShadowProtect Desktop
RP895: 6/13/2009 10:35:23 PM - Software Distribution Service 3.0
RP896: 6/14/2009 1:19:59 AM - Installed ShadowProtect Desktop

==== Installed Programs ======================


3D Creation Station
ActivePerl 5.8.8 Build 820
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Photoshop 5.0 Limited Edition
Adobe Reader 7.1.0
Aladdin Pinball
America Online (Choose which version to remove)
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Coach Version 1.0(Build:20030807.3)
ArcSoft Camera Suite 1.3
AT&T WorldNet Setup
ATI Control Panel
ATI Display Driver
AutoUpdate
Banctec Service Agreement
Barbie (R) as Princess Bride (TM)
Barbie(R) Beauty Styler(TM) CD-ROM
Barbie(TM) as Rapunzel
Barbie(TM) as The Princess and the Pauper
Barbie(TM) Beauty Boutique(TM) CD-ROM
Barbie(TM) Horse Adventures(TM)
Barbie(TM) of Swan Lake
Barbie(TM) Sparkling Ice Show(TM)
Boeing IPSec Client v06_01.054
Broadcom Advanced Control Suite 2
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Channel Master
Complete Home Designer 3.0
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
D.W. the Picky Eater
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell ResourceCD
Dell Solution Center
DellSupport
Disney's ReadingQuest
DivX Codec
DivX Content Uploader
DivX Converter
DivX Web Player
EarthLink MDAC
Gem Drop
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Google Updater
HD Writer 2.5E for HDC
Help and Support Customization
Hollywood FX 5.5 Additional Effects
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Imation Disk Manager II Service
Imation Disk Manager V a Service
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
Internet Explorer Q903235
IsoBuster 1.8
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_16
Java 2 SDK, SE v1.4.2_16
JumpStart 1st Grade 2001
JumpStart Advanced 1st Grade
JumpStart Advanced 2nd Grade
JumpStart Explorers
JumpStart Field Trip Adventure
JumpStart Kindergarten 2001
JumpStart Math
Juniper Terminal Services Client
Learn2 Player (Uninstall Only)
Little Bear Kindergarten Thinking Adventures
Little Bear Rainy Day Activities
MAGIX Media Manager 2004 silver
MAGIX mp3 maker 10 deLuxe
Malwarebytes' Anti-Malware
Maxtor Manager
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microangelo Toolset 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft Organization Chart 2.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Modem Event Monitor
Modem Helper
Modem On Hold
MovieEdit Task
MSSoap
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
Nero 7 Essentials
NETg Skill Builder DX
Oregon Trail(R) 5
PhotoStitch
Pinnacle Hollywood FX
PowerDVD 5.1
Quicken 2007
QuickTime
RAM 2.5
RAW Image Task 1.1
Reader Rabbit's 1st Grade
Reader Rabbit's Reading Ages 4-6
RealPlayer Basic
RegCure 1.6.0.0
Remote Administrator v2.1
RemoteCapture Task 1.0.3
RUMBA
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
ShadowProtect Desktop
ShadowProtect ImageManager
Shockwave
Sib Icon Editor
Sky Rangers Jet Simulator
Sky Rangers Simulator
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
Studio 11
Studio 9
Studio 9 Content CD/DVD
Super Collapse! from GameHouse
Super Collapse! II
Teamcenter 2005 for Application Sharing
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax Premier 2004
UGS Teamcenter Community Utilities 2005
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vpskeys 4.3
WebEx
WebFldrs XP
WexTech AnswerWorks
WinAVI MP4 Converter
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
XoftSpySE
XviD MPEG-4 Video Codec
Yahoo! Desktop Login
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool

==== Event Viewer Messages From Past Week ========

6/9/2009 8:38:19 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.81.181. The machine with the IP address 130.38.206.27 did not allow the name to be claimed by this machine.
6/9/2009 6:55:05 PM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.64.12. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/8/2009 8:12:52 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.99.219. The machine with the IP address 130.38.206.27 did not allow the name to be claimed by this machine.
6/8/2009 7:59:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
6/8/2009 7:59:04 AM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/8/2009 1:00:03 PM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.66.141. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/7/2009 9:45:16 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Dc2' on the volume 'ShadowMount11'. It has stopped monitoring the volume.
6/7/2009 7:36:21 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.112.107. The machine with the IP address 130.38.206.27 did not allow the name to be claimed by this machine.
6/7/2009 5:21:04 PM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.97.202. The machine with the IP address 130.38.206.27 did not allow the name to be claimed by this machine.
6/14/2009 9:22:42 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mmcbase.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.2.3790.4136.
6/14/2009 1:13:16 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.112.17. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/13/2009 9:10:36 PM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.80.135. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/13/2009 9:10:35 PM, error: NetBT [4321] - The name "CELESTE :0" could not be registered on the Interface with IP address 144.112.80.135. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/13/2009 8:46:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Remote Administrator Service service to connect.
6/13/2009 8:46:27 PM, error: Service Control Manager [7000] - The Remote Administrator Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2009 8:46:27 PM, error: Service Control Manager [7000] - The Dhcp server service failed to start due to the following error: The system cannot find the file specified.
6/13/2009 4:43:48 PM, error: Service Control Manager [7034] - The xElevate Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:48 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:41 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:41 PM, error: Service Control Manager [7034] - The UStorage Server Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:35 PM, error: Service Control Manager [7034] - The sopidkc Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:34 PM, error: Service Control Manager [7034] - The ShadowProtect Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:33 PM, error: Service Control Manager [7034] - The Remote Administrator Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:24 PM, error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:24 PM, error: Service Control Manager [7034] - The Dhcp server service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:21 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 4:43:20 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2009 11:49:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file reg.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
6/13/2009 10:47:15 PM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.80.37. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/13/2009 10:47:15 PM, error: NetBT [4321] - The name "CELESTE :0" could not be registered on the Interface with IP address 144.112.80.37. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/12/2009 8:54:40 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.83.24. The machine with the IP address 130.38.206.27 did not allow the name to be claimed by this machine.
6/12/2009 7:15:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
6/12/2009 4:32:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 001111364C63 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
6/12/2009 4:04:03 PM, error: NetBT [4321] - The name "CELESTE :0" could not be registered on the Interface with IP address 144.112.83.24. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/12/2009 1:00:17 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSNAPVSS with arguments "-Service" in order to run the server: {E4EB5095-F587-4159-A1D8-2710692FD243}
6/11/2009 9:10:07 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service gusvc with arguments " " in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
6/11/2009 8:45:32 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CFFCA5CA-E66F-4360-8535-13294F46EF7D} because another computer on the network has the same name. The server could not start.
6/11/2009 8:45:32 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.66.177. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/11/2009 5:56:31 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.96.154. The machine with the IP address 130.38.206.27 did not allow the name to be claimed by this machine.
6/11/2009 5:25:58 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0DC636AB-7FA2-47CA-A727-934465651C08} because another computer on the network has the same name. The server could not start.
6/11/2009 5:25:58 PM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 192.168.1.65. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
6/11/2009 5:25:58 PM, error: NetBT [4321] - The name "CELESTE :0" could not be registered on the Interface with IP address 192.168.1.65. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
6/11/2009 3:20:01 PM, error: NetBT [4321] - The name "CELESTE :0" could not be registered on the Interface with IP address 144.112.66.177. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/10/2009 8:45:14 AM, error: NetBT [4321] - The name "CELESTE :20" could not be registered on the Interface with IP address 144.112.83.174. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.
6/10/2009 8:45:11 AM, error: NetBT [4321] - The name "CELESTE :0" could not be registered on the Interface with IP address 144.112.83.174. The machine with the IP address 130.42.5.26 did not allow the name to be claimed by this machine.

==== End Of File ===========================



DDS (Ver_09-05-14.01) - NTFSx86
Run by Tony at 12:58:41.90 on Sun 06/14/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.355 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\r_server.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\xElevate_d44f.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Tony\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Office2K\OFFICE11\WINWORD.EXE
C:\Program Files\Office2K\OFFICE11\MSTORDB.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tony\Local Settings\Application Data\Imation\IFM\Imation Flash Detect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tony\bin\depends.exe
C:\Program Files\McAfee\VirusScan Enterprise\shcfg32.exe
C:\Documents and Settings\Tony\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=c370872&key=783593795f5245dacc8fb319b4a1bb4b&ts=41490e4f&A=354192770000009&B=1054537200000&C=1054537200000&D=1084690800000&I=6.0B5&N=PL&O=I
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
uRun: [reader_s] c:\documents and settings\tony\reader_s.exe
uRun: [VPSKEYS] c:\program files\vpskeys\vpskeys.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRunOnce: [446930proj] c:\progra~1\databe~1\comple~1.0\tdesign3.exe c:\program files\data becker\complete home designer 3.0\houses1\\bgd01.wds
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe "
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
dRun: [reader_s] c:\documents and settings\tony\reader_s.exe
dRun: [kell] c:\program files\manson\liser.exe
StartupFolder: c:\documents and settings\tony\start menu\programs\startup\santa.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imatio~1.lnk - c:\documents and settings\tony\local settings\application data\imation\ifm\Imation Flash Detect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\office2k\office\OSA9.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\office2k\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office2k\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: boeing.com
Trusted Zone: boeing.com\owa.web
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {544E07A8-DFE4-4281-85DC-D54C3DFE398A} - hxxps://encryptemail.web.boeing.com/certweb/CertXCtrl/CertTool.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://encryptemail.web.boeing.com/certweb/Capicom/capicom.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://boeing.webex.com/client/T23LBA/webex/ieatgpc.cab
AppInit_DLLs: c:\progra~1\manson\liser.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2008-5-21 113904]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-8-13 32008]
R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2008-5-21 79616]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-12-31 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2007-8-13 54608]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2004-6-9 14336]
R2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2007-12-3 241664]
R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\shadowprotectsvc.exe [2008-5-21 1990656]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2002-8-29 124928]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2008-5-21 61952]
R2 WDHLLKNL;WDHLLKNL;c:\windows\system32\drivers\Wdhllknl.sys [2002-11-26 4816]
R2 xElevateService;xElevate Service;c:\windows\system32\xElevate_d44f.exe [2005-7-27 65536]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-7-15 24521]
S2 BlackICE;BlackICE;c:\program files\network ice\blackice\blackd.exe [2005-7-26 847872]
S2 DhcpSrv;Dhcp server;c:\windows\dll\rundll32.exe --> c:\windows\dll\RUNDLL32.exe [?]
S2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2004-6-9 14336]
S3 COAX;COAX;c:\windows\system32\drivers\coax.sys [2002-11-26 18424]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-7-15 155280]
S3 isadisk;isadisk;c:\windows\system32\isadisk.sys [2004-6-9 2304]
S3 KBEEP;KBEEP;c:\docume~1\antoin~1\locals~1\temp\KBEEP.SYS [2004-9-5 17920]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-31 72712]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-31 34184]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-31 171240]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2004-12-3 155264]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2005-7-26 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2005-7-26 24344]
S3 RMBS;RMBS;c:\windows\system32\drivers\rmbs.sys [2002-11-26 17828]
S4 black;black;c:\windows\system32\drivers\blackdrv.sys [2005-7-26 229367]
S4 StorageCraft Image Manager;StorageCraft Image Manager; [x]

=============== Created Last 30 ================

2009-06-14 12:50 2,072,739 a------- c:\temp\Imation_Disk_Manager_III.exe
2009-06-14 11:01 284,160 -------- c:\windows\system32\HDK3CTNT.DLL
2009-06-14 11:01 29,696 -------- c:\windows\system32\HDK3HTML.DLL
2009-06-14 11:01 177,152 -------- c:\windows\system32\HDK3ANIM.DLL
2009-06-14 11:01 <DIR> --d----- c:\program files\DATA BECKER
2009-06-14 09:15 <DIR> --d----- c:\program files\DellSupport
2009-06-14 00:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-13 16:06 <DIR> --dsh--- C:\found.000
2009-06-13 15:49 <DIR> --d----- c:\windows\system32\796525
2009-06-13 15:48 15,000 a------- c:\windows\system32\gsf83iujid.dll
2009-06-13 15:47 15,000 a------- c:\windows\system32\fgddferdd.dll
2009-06-13 15:34 <DIR> --d----- c:\windows\DLL
2009-06-13 15:34 <DIR> --d----- c:\program files\podmena
2009-06-13 15:34 1 ----h--- c:\windows\b4657.dat
2009-06-13 15:34 27,136 a---h--- c:\windows\romeo15.exe
2009-06-13 15:34 <DIR> --d----- c:\windows\system32\3361
2009-06-13 15:34 2 ----h--- c:\windows\zaponce53193.dat
2009-06-13 15:34 2 ----h--- c:\windows\zaponce53290.dat
2009-06-13 15:33 77,824 a------- c:\windows\ppimania.exe
2009-06-13 15:33 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-06-13 15:33 8 a------- c:\windows\system32\comsa32.sys
2009-06-13 15:33 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-06-13 15:33 <DIR> --dshr-- c:\program files\Manson
2009-06-13 15:33 40,960 a------- c:\documents and settings\tony\reader_s.exe
2009-06-13 15:33 40,960 a------- c:\windows\system32\reader_s.exe
2009-06-13 15:33 80 a------- c:\windows\system32\3D.tmp
2009-06-12 11:18 <DIR> --d----- c:\documents and settings\tony\HODObjs
2009-06-12 11:11 <DIR> --d----- c:\documents and settings\tony\HODData
2009-06-12 11:11 <DIR> --d----- c:\documents and settings\tony\HODServers
2009-06-12 11:11 <DIR> --d----- c:\program files\IBMHOD
2009-05-30 18:53 11,264 a------- c:\windows\system32\drivers\asapiW2k.sys
2009-05-30 18:49 61,440 a------- c:\windows\system32\pclepim1.dll

==================== Find3M ====================

2009-06-13 20:46 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-06-13 20:14 16,896 a------- c:\windows\system32\wbem\UNSECAPP.EXE
2009-06-13 20:14 36,352 a------- c:\windows\system32\wbem\scrcons.exe
2009-06-13 20:12 17,408 a------- c:\windows\system32\wpdshextautoplay.exe
2009-06-13 20:12 189,952 a------- c:\windows\system32\WISPTIS.EXE
2009-06-13 20:12 433,664 a------- c:\windows\system32\wiaacmgr.exe
2009-06-13 20:12 289,792 a------- c:\windows\system32\vssvc.exe
2009-06-13 20:12 16,896 a------- c:\windows\system32\upnpcont.exe
2009-06-13 20:12 131,584 a------- c:\windows\system32\sndrec32.exe
2009-06-13 20:12 49,152 a------- c:\windows\system32\RSMUI.EXE
2009-06-13 20:12 24,576 a------- c:\windows\system32\RSMSINK.EXE
2009-06-13 20:12 67,072 a------- c:\windows\system32\rdshost.exe
2009-06-13 20:12 109,568 a------- c:\windows\system32\progman.exe
2009-06-13 20:12 192,512 a------- c:\windows\system32\PdeSrv2.exe
2009-06-13 20:12 40,448 a------- c:\windows\system32\OSUNINST.EXE
2009-06-13 20:11 45,568 a------- c:\windows\system32\mshta.exe
2009-06-13 20:11 143,360 a------- c:\windows\system32\mobsync.exe
2009-06-13 20:11 100,864 a------- c:\windows\system32\logagent.exe
2009-06-13 20:11 14,848 a------- c:\windows\system32\jdbgmgr.exe
2009-06-13 20:11 150,528 a------- c:\windows\system32\imapi.exe
2009-06-13 20:11 15,872 a------- c:\windows\system32\dmremote.exe
2009-06-13 20:11 224,768 a------- c:\windows\system32\dmadmin.exe
2009-06-13 20:11 524,288 a------- c:\windows\system32\DivXsm.exe
2009-06-13 20:11 82,944 a------- c:\windows\system32\dfrgfat.exe
2009-06-13 20:10 8,192 a------- c:\windows\system32\CONTROL.EXE
2009-06-13 20:10 102,912 a------- c:\windows\system32\clipbrd.exe
2009-06-13 20:10 44,544 a------- c:\windows\system32\alg.exe
2009-06-13 20:10 184,320 a------- c:\windows\system32\accwiz.exe
2009-06-13 20:07 769,024 a------- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-06-13 20:03 1,077,248 a------- c:\windows\help\sbsi\training\orun32.exe
2009-06-13 19:52 1,033,728 a------- c:\windows\explorer.exe
2009-06-13 17:59 5,632 a------- c:\windows\system32\WRITE.EXE
2009-06-13 17:59 119,808 a------- c:\windows\system32\WINMINE.EXE
2009-06-13 17:59 28,672 a------- c:\windows\system32\verclsid.exe
2009-06-13 17:59 26,112 a------- c:\windows\system32\userinit.exe
2009-06-13 17:59 347,136 a------- c:\windows\system32\tourstart.exe
2009-06-13 17:58 47,104 a------- c:\windows\system32\ssmypics.scr
2009-06-13 17:58 538,624 a------- c:\windows\system32\spider.exe
2009-06-13 17:58 33,280 a------- c:\windows\system32\rundll32.exe
2009-06-13 17:58 11,776 a------- c:\windows\system32\regsvr32.exe
2009-06-13 17:58 406,016 a------- c:\windows\system32\PSDrvCheck.exe
2009-06-13 17:58 17,920 a------- c:\windows\system32\ping.exe
2009-06-13 17:58 126,976 a------- c:\windows\system32\MSHEARTS.EXE
2009-06-13 17:57 55,296 a------- c:\windows\system32\FREECELL.EXE
2009-06-13 17:57 180,224 a------- c:\windows\system32\dwwin.exe
2009-06-13 17:57 10,752 a------- c:\windows\system32\dumprep.exe
2009-06-13 17:57 7,264 a------- c:\windows\system32\CIDAEMON.EXE
2009-06-13 17:45 299,520 a------- c:\windows\uninst.exe
2009-06-13 17:45 146,432 a------- c:\windows\regedit.exe
2009-06-13 17:45 69,120 a------- c:\windows\notepad.exe
2009-06-13 17:44 10,752 a------- c:\windows\hh.exe
2009-06-13 17:44 796,672 a------- c:\windows\GPInstall.exe
2009-06-13 16:43 267,776 a------- c:\windows\system32\fxssvc.exe
2009-06-13 16:43 65,536 a------- c:\windows\system32\xElevate_d44f.exe
2009-06-13 16:43 65,536 a------- c:\windows\wanmpsvc.exe
2009-06-13 16:43 139,264 -------- c:\windows\system32\UStorSrv.exe
2009-06-13 16:43 44,032 a------- c:\windows\system32\CTSVCCDA.EXE
2009-06-13 16:43 5,632 a------- c:\windows\system32\cisvc.exe
2009-06-13 16:43 15,360 a------- c:\windows\system32\ctfmon.exe
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-28 15:08 79,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-05-21 13:47 466 a------- c:\documents and settings\tony\shadowProtect.reg
2008-01-31 09:20 28,672 a------- c:\documents and settings\tony\atwbxdet.dll
2008-01-07 14:04 2,850 a------- c:\program files\Quicken.QIF
2006-03-29 22:17 3,239,638 a------- c:\documents and settings\tony\neoteris_read_14837200.reg
2005-12-06 22:18 3,232,942 a------- c:\documents and settings\tony\neoteris_read_10994782.reg
2005-07-30 13:09 1,199,658 a------- c:\program files\Z_Token.zip
2005-04-20 22:42 43,840 a------- c:\documents and settings\tony\datetime.zip
2005-04-20 22:41 88 a------- c:\documents and settings\tony\test.bat
2005-04-20 22:34 1,879 a------- c:\documents and settings\tony\chomp.bat
2005-04-20 22:26 423 a------- c:\documents and settings\tony\gtd.bat
2003-02-08 01:02 718 a------- c:\documents and settings\tony\DateTime.bat
2001-02-14 02:00 86 a------- c:\documents and settings\tony\SETTIME.BAT
2000-12-04 01:00 256 a------- c:\documents and settings\tony\SORTTIME.CMD

============= FINISH: 12:59:35.21 ===============

 

Thank you very much...

 

Broni,

VirusScan Enterprise + AntiSpyware Enterprise is listed as disabled.
- The instruction on running DDS tell us to stop these softwares before running the dss program.

I have increased my free diskspace to 18GB.

I downloaded DrWeb CureIt and attempted to run it but failed. Everytime I ran it, I got the blue screen of death. twice already ! The message on the screen said something to this affect:

*** STOP: 0x000 ...more...
** iaStor.sys - Address ...some more text...

Looks like some issues with iaStor.sys driver file ?

Please advise.

Thanks,
Tony

 

I did as instructed but got the same result..BSOD (Blue Screen of Death) with the same exact message as before (iaStor.sys...)

thx,
Tony

 

ComboFix 09-06-14.02 - Tony 06/14/2009 19:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.562 [GMT -7:00]
Running from: c:\tools-av\26000\26000.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\podmena
c:\windows\system32\3361
c:\windows\TEMP\mta44787.dll
c:\docume~1\Tony\LOCALS~1\Temp\csrss.exe
c:\docume~1\Tony\LOCALS~1\Temp\taskmgr.exe
c:\documents and settings\Tony\reader_s.exe
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
c:\program files\podmena\podmena.dll
c:\windows\IE4 Error Log.txt
c:\windows\Install.txt
c:\windows\ios.dat
c:\windows\irc.txt
c:\windows\KBPK090613.log
c:\windows\system32\3361\SVCHOST.EXE
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\dncyool32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\isadisk.sys
c:\windows\system32\msncache.dll
c:\windows\system32\reader_s.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe
H:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_DHCPSRV
-------\Legacy_ISADISK
-------\Legacy_MSNCACHE
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV
-------\Legacy_PROTECT
-------\Legacy_R_SERVER
-------\Legacy_SOPIDKC
-------\Service_DhcpSrv
-------\Service_isadisk
-------\Service_msncache
-------\Service_podmena
-------\Service_r_server
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 02:01 . 2009-06-15 02:01 -------- d-----w- C:\Tools-AV
2009-06-15 01:36 . 2009-06-15 01:36 -------- d-----w- C:\20932
2009-06-14 19:50 . 2005-07-13 22:51 2072739 ----a-w- c:\temp\Imation_Disk_Manager_III.exe
2009-06-14 19:37 . 2009-06-14 19:37 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Imation
2009-06-14 16:21 . 2009-06-14 16:21 64512 ----a-w- c:\documents and settings\Tony\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\HTML\item_templ\coach\RunGdp.exe
2009-06-14 16:19 . 2009-06-14 16:19 698511 ----a-w- c:\documents and settings\Tony\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\HTML\AutoMaintenance\AutoMaintenance.dll
2009-06-14 16:19 . 2009-06-14 16:19 225280 ----a-w- c:\documents and settings\Tony\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\HTML\AutoMaintenance\Images.dll
2009-06-14 16:18 . 2009-06-14 16:18 327437 ----a-w- c:\documents and settings\Tony\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\CIP\TransferAgentSetup.exe
2009-06-14 16:18 . 2009-06-14 16:18 1896448 ----a-w- c:\documents and settings\Tony\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\dplugins\2.0.1.571\DiagPlugin.dll
2009-06-14 16:18 . 2009-06-14 16:18 123138 ----a-w- c:\documents and settings\Tony\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\MakeDesktopShortcut.EXE
2009-06-14 16:15 . 2009-06-14 16:15 -------- d-----w- c:\program files\DellSupport
2009-06-14 07:23 . 2009-06-14 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-14 07:23 . 2009-06-14 08:11 -------- d-----w- c:\program files\RegCure
2009-06-13 23:06 . 2009-06-13 23:06 -------- d-sh--w- C:\found.000
2009-06-13 22:49 . 2009-06-14 00:59 -------- d-----w- c:\windows\system32\796525
2009-06-13 22:48 . 2009-06-13 22:48 15000 ----a-w- c:\windows\system32\gsf83iujid.dll
2009-06-13 22:47 . 2009-06-13 22:47 15000 ----a-w- c:\windows\system32\fgddferdd.dll
2009-06-13 22:34 . 2009-06-14 00:51 -------- d-----w- c:\windows\DLL
2009-06-13 22:34 . 2009-06-13 22:34 1 ---h--w- c:\windows\b4657.dat
2009-06-13 22:34 . 2009-06-14 00:45 27136 ---ha-w- c:\windows\romeo15.exe
2009-06-13 22:34 . 2009-06-13 22:34 2 ---h--w- c:\windows\zaponce53193.dat
2009-06-13 22:34 . 2009-06-13 22:34 2 ---h--w- c:\windows\zaponce53290.dat
2009-06-13 22:33 . 2009-06-14 00:45 77824 ----a-w- c:\windows\ppimania.exe
2009-06-13 22:33 . 2009-06-15 02:10 -------- d-sh--r- c:\program files\Manson
2009-06-12 18:18 . 2009-06-12 18:18 -------- d-----w- c:\documents and settings\Tony\HODObjs
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\documents and settings\Tony\HODData
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\documents and settings\Tony\HODServers
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\program files\IBMHOD
2009-05-31 01:53 . 2004-03-10 23:27 11264 ----a-w- c:\windows\system32\drivers\asapiW2k.sys
2009-05-31 01:53 . 2009-06-14 00:58 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
2009-05-31 01:53 . 2004-03-10 23:27 19456 ----a-w- c:\windows\system32\asapi.dll
2009-05-31 01:53 . 2003-03-16 05:15 90112 ----a-w- c:\windows\unvise32.exe
2009-05-31 01:49 . 2004-01-24 00:44 61440 ----a-w- c:\windows\system32\pclepim1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 02:19 . 2004-08-31 23:00 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2009-06-15 02:19 . 2004-08-31 23:00 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2009-06-15 02:14 . 2004-06-09 14:58 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-15 01:45 . 2004-09-18 02:12 -------- d-----w- c:\program files\Quicken
2009-06-14 16:18 . 2004-08-31 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-06-14 16:18 . 2005-07-17 15:12 -------- d--h--w- c:\documents and settings\Tony\Application Data\GTek
2009-06-14 16:16 . 2005-07-17 15:12 -------- d-----w- c:\documents and settings\Stella\Application Data\Gtek
2009-06-14 16:16 . 2005-07-17 15:12 -------- d-----w- c:\documents and settings\Megan\Application Data\Gtek
2009-06-14 16:16 . 2005-07-17 15:12 -------- d-----w- c:\documents and settings\Celeste\Application Data\Gtek
2009-06-14 16:16 . 2005-07-17 15:12 -------- d-----w- c:\documents and settings\Antoinette\Application Data\Gtek
2009-06-14 15:52 . 2005-07-14 01:31 -------- d-----w- c:\program files\Yahoo!
2009-06-14 15:52 . 2005-07-26 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-14 15:51 . 2005-07-26 03:25 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-14 04:13 . 2005-07-16 05:08 -------- d-----w- c:\program files\Radmin
2009-06-14 03:14 . 2004-06-09 14:58 16896 ----a-w- c:\windows\system32\wbem\UNSECAPP.EXE
2009-06-14 03:14 . 2004-06-09 14:58 36352 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-06-14 03:12 . 2006-10-19 04:00 17408 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2009-06-14 03:12 . 2002-08-21 13:13 189952 ----a-w- c:\windows\system32\WISPTIS.EXE
2009-06-14 03:12 . 2004-06-09 14:57 433664 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-06-14 03:12 . 2004-06-09 14:57 289792 ----a-w- c:\windows\system32\vssvc.exe
2009-06-14 03:12 . 2004-06-09 14:57 16896 ----a-w- c:\windows\system32\upnpcont.exe
2009-06-14 03:12 . 2004-06-09 14:58 131584 ----a-w- c:\windows\system32\sndrec32.exe
2009-06-14 03:12 . 2004-06-09 14:57 49152 ----a-w- c:\windows\system32\RSMUI.EXE
2009-06-14 03:12 . 2004-06-09 14:57 24576 ----a-w- c:\windows\system32\RSMSINK.EXE
2009-06-14 03:12 . 2004-06-09 14:58 67072 ----a-w- c:\windows\system32\rdshost.exe
2009-06-14 03:12 . 2004-06-09 14:57 109568 ----a-w- c:\windows\system32\progman.exe
2009-06-14 03:12 . 2004-08-31 23:03 192512 ----a-w- c:\windows\system32\PdeSrv2.exe
2009-06-14 03:12 . 2004-06-09 14:57 40448 ----a-w- c:\windows\system32\OSUNINST.EXE
2009-06-14 03:11 . 2004-06-09 14:57 45568 ----a-w- c:\windows\system32\mshta.exe
2009-06-14 03:11 . 2004-06-09 14:57 143360 ----a-w- c:\windows\system32\mobsync.exe
2009-06-14 03:11 . 2004-08-31 23:04 100864 ----a-w- c:\windows\system32\logagent.exe
2009-06-14 03:11 . 2005-08-01 06:29 14848 ----a-w- c:\windows\system32\jdbgmgr.exe
2009-06-14 03:11 . 2004-06-09 14:58 150528 ----a-w- c:\windows\system32\imapi.exe
2009-06-14 03:11 . 2004-06-09 14:57 15872 ----a-w- c:\windows\system32\dmremote.exe
2009-06-14 03:11 . 2004-06-09 14:57 224768 ----a-w- c:\windows\system32\dmadmin.exe
2009-06-14 03:11 . 2008-01-04 21:59 524288 ----a-w- c:\windows\system32\DivXsm.exe
2009-06-14 03:11 . 2004-06-09 14:58 82944 ----a-w- c:\windows\system32\dfrgfat.exe
2009-06-14 03:10 . 2004-06-09 14:57 8192 ----a-w- c:\windows\system32\CONTROL.EXE
2009-06-14 03:10 . 2004-06-09 14:58 102912 ----a-w- c:\windows\system32\clipbrd.exe
2009-06-14 03:10 . 2004-06-09 14:58 44544 ----a-w- c:\windows\system32\alg.exe
2009-06-14 03:10 . 2004-08-31 22:51 184320 ----a-w- c:\windows\system32\accwiz.exe
2009-06-14 03:07 . 2004-03-30 01:34 769024 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
2009-06-14 03:03 . 2004-06-09 14:59 1077248 ----a-w- c:\windows\Help\SBSI\Training\orun32.exe
2009-06-14 02:52 . 2004-06-09 14:57 1033728 ----a-w- c:\windows\explorer.exe
2009-06-14 00:59 . 2004-06-09 14:58 5632 ----a-w- c:\windows\system32\WRITE.EXE
2009-06-14 00:59 . 2004-06-09 14:58 119808 ----a-w- c:\windows\system32\WINMINE.EXE
2009-06-14 00:59 . 2006-03-17 00:38 28672 ----a-w- c:\windows\system32\verclsid.exe
2009-06-14 00:59 . 2004-06-09 14:58 26112 ----a-w- c:\windows\system32\userinit.exe
2009-06-14 00:59 . 2004-06-09 14:58 347136 ----a-w- c:\windows\system32\tourstart.exe
2009-06-14 00:58 . 2004-06-09 14:57 47104 ----a-w- c:\windows\system32\ssmypics.scr
2009-06-14 00:58 . 2004-06-09 14:58 538624 ----a-w- c:\windows\system32\spider.exe
2009-06-14 00:58 . 2004-06-09 14:57 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-06-14 00:58 . 2004-06-09 14:57 11776 ----a-w- c:\windows\system32\regsvr32.exe
2009-06-14 00:58 . 2004-06-09 14:58 17920 ----a-w- c:\windows\system32\ping.exe
2009-06-14 00:58 . 2004-06-09 14:58 126976 ----a-w- c:\windows\system32\MSHEARTS.EXE
2009-06-14 00:57 . 2004-06-09 14:58 55296 ----a-w- c:\windows\system32\FREECELL.EXE
2009-06-14 00:57 . 2004-06-09 14:58 180224 ----a-w- c:\windows\system32\dwwin.exe
2009-06-14 00:57 . 2004-06-09 14:58 10752 ----a-w- c:\windows\system32\dumprep.exe
2009-06-14 00:57 . 2004-06-09 14:57 7264 ----a-w- c:\windows\system32\CIDAEMON.EXE
2009-06-14 00:45 . 2004-10-17 00:46 299520 ----a-w- c:\windows\uninst.exe
2009-06-14 00:45 . 2004-06-09 14:57 146432 ----a-w- c:\windows\regedit.exe
2009-06-14 00:45 . 2004-06-09 14:57 69120 ----a-w- c:\windows\notepad.exe
2009-06-14 00:44 . 2004-06-09 14:57 10752 ----a-w- c:\windows\hh.exe
2009-06-14 00:44 . 2005-01-15 22:05 796672 ----a-w- c:\windows\GPInstall.exe
2009-06-13 23:43 . 2005-07-27 14:59 65536 ----a-w- c:\windows\system32\xElevate_d44f.exe
2009-06-13 23:43 . 2004-08-31 22:44 267776 ----a-w- c:\windows\system32\fxssvc.exe
2009-06-13 23:43 . 2005-07-16 05:24 139264 ------w- c:\windows\system32\UStorSrv.exe
2009-06-13 23:43 . 2004-08-31 22:58 65536 ----a-w- c:\windows\wanmpsvc.exe
2009-06-13 23:43 . 2004-08-31 22:55 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-06-13 23:43 . 2004-06-09 14:57 5632 ----a-w- c:\windows\system32\cisvc.exe
2009-06-13 23:43 . 2004-06-09 14:58 15360 ----a-w- c:\windows\system32\ctfmon.exe
2009-06-13 22:51 . 2009-01-03 18:46 -------- d-----w- c:\program files\XoftSpySE
2009-06-13 22:33 . 2009-06-13 22:33 80 ----a-w- c:\windows\system32\3D.tmp
2009-05-31 04:30 . 2004-09-05 02:07 99632 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 01:49 . 2004-08-31 22:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:32 . 2004-06-09 14:58 345600 ------w- c:\windows\system32\localspl.dll
2009-05-01 11:30 . 2008-04-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-04-29 04:56 . 2005-06-18 06:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-06-09 14:58 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 05:52 . 2004-10-04 01:34 98232 ----a-w- c:\documents and settings\Megan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 22:08 . 2004-06-09 14:59 79263 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2008-01-07 21:04 . 2008-01-07 21:04 2850 ----a-w- c:\program files\Quicken.QIF
2005-07-30 20:09 . 2005-07-30 20:09 1199658 ----a-w- c:\program files\Z_Token.zip
.

------- Sigcheck -------

[-] 2009-06-14 02:52 1033728 19A775F08E5A635B008346C46F43909D c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-06-13 23:43 15360 E69D961D2363009140F2BD37BC50C677 c:\windows\SYSTEM32\ctfmon.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-06-14 00:59 26112 F9F30A3786F36931E7865B29A45A5209 c:\windows\SYSTEM32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2009-06-13 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-25 68856]
"LaunchList "= "c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"VPSKEYS "= "c:\program files\Vpskeys\vpskeys.exe" [2009-06-14 102400]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2009-06-13 26112]
"SunJavaUpdateSched "= "c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-08-14 111952]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-06-14 155648]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-06-13 98304]
"mxomssmenu "= "c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"PinnacleDriverCheck "= "c:\windows\System32\PSDrvCheck.exe" [2009-06-14 406016]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray "= "c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif "= "c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"CTSysVol "= "c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet "= "c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-06-14 335872]
"CTHelper "= "CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg "= "CTASIO.DLL" - c:\windows\SYSTEM32\CTASIO.DLL [2003-02-20 110592]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
santa.bat [2009-6-13 190]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Imation Flash Detect.lnk - c:\documents and settings\Tony\Local Settings\Application Data\Imation\IFM\Imation Flash Detect.exe [2009-6-14 761856]
Microsoft Office.lnk - c:\program files\Office2K\Office\OSA9.EXE [2000-1-20 65536]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealSecure(r) Desktop Protector.lnk]
backup=c:\windows\pss\RealSecure(r) Desktop Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\MAGIX\\mp3_maker_10_deLuxe\\mp3maker.exe "=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe "=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Nortel Networks\\Extranet.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP "= 8085:TCPodmena

R0 stcvsm;stcvsm;c:\windows\SYSTEM32\DRIVERS\stcvsm.sys [5/21/2008 2:09 PM 113904]
R1 sbmount;StorageCraft Image Mount Driver;c:\windows\SYSTEM32\DRIVERS\sbmount.sys [5/21/2008 2:09 PM 79616]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\shadowprotectsvc.exe [5/21/2008 2:09 PM 1990656]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\SYSTEM32\vsnapvss.exe [5/21/2008 2:09 PM 61952]
R2 WDHLLKNL;WDHLLKNL;c:\windows\SYSTEM32\DRIVERS\Wdhllknl.sys [11/26/2002 8:43 PM 4816]
R2 xElevateService;xElevate Service;c:\windows\SYSTEM32\xElevate_d44f.exe [7/27/2005 7:59 AM 65536]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [7/15/2005 5:48 PM 24521]
R3 NUVision;Pinnacle DVC 80 Video;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [12/3/2004 10:10 PM 155264]
S2 BlackICE;BlackICE;c:\program files\Network ICE\BlackICE\blackd.exe [7/26/2005 10:46 PM 847872]
S3 COAX;COAX;c:\windows\SYSTEM32\DRIVERS\coax.sys [11/26/2002 8:52 PM 18424]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [7/15/2005 5:48 PM 155280]
S3 KBEEP;KBEEP;c:\docume~1\ANTOIN~1\LOCALS~1\Temp\KBEEP.SYS [9/5/2004 3:40 PM 17920]
S3 RapFile;RapFile;c:\windows\SYSTEM32\DRIVERS\RapFile.sys [7/26/2005 10:46 PM 36676]
S3 RapNet;RapNet;c:\windows\SYSTEM32\DRIVERS\RapNet.sys [7/26/2005 10:46 PM 24344]
S3 RMBS;RMBS;c:\windows\SYSTEM32\DRIVERS\rmbs.sys [11/26/2002 8:43 PM 17828]
S4 black;black;c:\windows\SYSTEM32\DRIVERS\blackdrv.sys [7/26/2005 10:46 PM 229367]
S4 StorageCraft Image Manager;StorageCraft Image Manager; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1F92EBFD-3382-4747-BF58-B6B1BB2B996C}]
"c:\program files\UninstallScripts\IPSec 06_01.054\Install.wsf" //job:ActiveSetup

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ABFADC09-4F41-4A73-95D3-1C5B4EC23B20}]
c:\program files\NetManage\Setup\Finish_Rumba.vbs
.
Contents of the 'Scheduled Tasks' folder

2004-09-05 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-06-09 00:12]

2009-06-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-01 c:\windows\Tasks\Rescue Reminder for 2HAAC1ZG.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 23:52]

2009-06-15 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 00:41]

2009-05-30 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 00:41]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe
HKLM-Run-Motive SmartBridge - c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-reader_s - c:\documents and settings\Tony\reader_s.exe
HKU-Default-Run-kell - c:\program files\Manson\liser.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=c370872&key=783593795f5245dacc8fb319b4a1bb4b&ts=41490e4f&A=354192770000009&B=1054537200000&C=1054537200000&D=1084690800000&I=6.0B5&N=PL&O=I
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\Office2K\OFFICE11\EXCEL.EXE/3000
Trusted Zone: boeing.com
Trusted Zone: boeing.com\owa.web
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {544E07A8-DFE4-4281-85DC-D54C3DFE398A} - hxxps://encryptemail.web.boeing.com/certweb/CertXCtrl/CertTool.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\netcfgx.dll:Zone.Identifier 49152 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:e2,63,26,f1,3f,c8,ff,68,16,1b,57,23,34,
ee,26,d8,e2,63,26,f1,3f,c8,ff,68,12,38,f9,d5,a5,6e,f0,7a,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:71,3b,04,66,8b,46,0d,96,cd,53,2d,57,fa,
0b,c0,55,6a,9c,d6,61,af,45,84,18,ec,20,0f,07,18,ec,5b,4b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:ff,7c,85,e0,43,d4,0e,fe,f1,e3,dc,17,77,
27,05,6c,ff,7c,85,e0,43,d4,0e,fe,ab,a8,25,a8,c6,c0,39,a6,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:3e,1e,9e,e0,57,5a,93,61,51,5e,23,52,a2,
a0,dc,51,86,8c,21,01,be,91,eb,e7,41,e7,f8,d0,01,d8,ac,8b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:f5,1d,4d,73,a8,13,5c,05,06,cb,64,ef,e3,
ff,18,9c,f5,1d,4d,73,a8,13,5c,05,13,b4,b0,ef,63,81,5c,11,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:df,20,58,62,78,6b,cf,c8,96,c6,27,e8,40,
01,d8,8c,df,20,58,62,78,6b,cf,c8,fc,4d,4e,08,0d,42,ee,eb,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:31,77,e1,ba,b1,f8,68,02,11,dc,d0,92,55,
59,f6,6b,fb,a7,78,e6,12,2f,9a,ea,84,0c,4f,70,84,de,1f,97,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:83,6c,56,8b,a0,85,96,ab,42,44,d8,d8,e9,
6a,9a,13,01,3a,48,fc,e8,04,4a,f1,90,29,f4,fb,36,38,31,7a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,b4,e3,f5,58,35,
88,58,0e,f6,0f,4e,58,98,5b,89,c9,17,4c,69,81,48,31,2b,9e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:37,a4,aa,c3,a6,15,56,0a,b4,06,dc,15,89,
32,bb,ec,3d,ce,ea,26,2d,45,aa,78,39,65,72,14,06,1e,1b,da,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,50,30,1e,6e,8c,
d2,08,6c,2a,b7,cc,b5,b9,7f,41,e7,e9,32,aa,de,0e,4b,5b,8b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\System32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:6c,43,2d,1e,aa,22,2f,9c,08,9f,22,ce,2a,
a8,92,cf,6c,43,2d,1e,aa,22,2f,9c,24,7b,04,f8,23,5b,0f,86,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\windows\SYSTEM32\bgsvcgen.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\UStorSrv.exe
c:\windows\SYSTEM32\vssvc.exe
c:\windows\wanmpsvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\CF26235.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-15 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 02:28

Pre-Run: 20,673,114,112 bytes free
Post-Run: 22,609,207,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

436 --- E O F --- 2009-06-14 05:35

 

bummer...thanks for all the helps, Broni....