Worst Virus i've ever had.

Status
Not open for further replies.
Malwarebytes didn't save a log the first time I ran it, should I run it again to get a log?

Here's the combofix log, it's divided into two posts since it's too long to fit into one.

ComboFix 10-04-26.05 - Kris 04/27/2010 12:00:06.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2057 [GMT -4:00]
Running from: c:\users\Kris\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\recycler\S-1-5-21-1614895754-2077806209-839522115-1004
c:\users\Kris\AppData\Local\Tempals_inst.exe
c:\users\Kris\AppData\Roaming\chrtmp
c:\users\Kris\AppData\Roaming\SQLite3.dll

Infected copy of c:\windows\system32\drivers\ssmdrv.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 15:50 . 2010-04-27 15:52 -------- d-----w- C:\32788R22FWJFW
2010-04-26 23:04 . 2010-04-26 23:04 388096 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-26 23:04 . 2010-04-26 23:04 -------- d-----w- c:\program files\Trend Micro
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes
2010-04-25 18:34 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\programdata\Malwarebytes
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 18:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 22:15 . 2010-04-24 22:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-24 22:15 . 2010-04-24 22:15 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-24 22:15 . 2010-04-24 22:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-24 22:15 . 2010-04-24 22:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-24 22:15 . 2010-04-26 22:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-24 22:15 . 2010-04-24 22:15 -------- d-----w- c:\programdata\avg9
2010-04-24 22:15 . 2010-04-24 22:15 -------- d-----w- c:\program files\AVG
2010-04-24 18:13 . 2010-04-24 18:15 -------- d-----w- c:\windows\BDOSCAN8
2010-04-24 17:50 . 2010-04-24 17:50 -------- d-----w- c:\windows\Sun
2010-04-24 17:43 . 2010-04-24 17:43 152576 ----a-w- c:\windows\Cgysoa.exe
2010-04-24 17:42 . 2010-04-24 17:42 368128 --sha-r- c:\windows\system32\dhcpcorev.dll
2010-04-24 17:42 . 2010-04-24 19:49 -------- d-----w- c:\users\Kris\AppData\Local\HLFFLWMW
2010-04-24 17:14 . 2010-04-24 17:14 -------- d-----w- c:\users\Kris\AppData\Roaming\Ubisoft
2010-04-24 17:14 . 2010-04-24 17:14 -------- d-----w- c:\programdata\Ubisoft
2010-04-22 16:46 . 2010-04-22 16:46 25600 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe
2010-04-22 16:45 . 2010-04-22 16:46 -------- d-----w- C:\Python26
2010-04-19 19:15 . 2010-04-19 19:15 -------- d-----w- c:\windows\system32\Wat
2010-04-16 18:32 . 2010-04-16 18:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-16 18:31 . 2010-04-16 18:31 -------- d-----w- c:\program files\Java
2010-04-16 18:29 . 2010-04-16 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-14 16:37 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:37 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 16:37 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 16:37 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 16:37 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:37 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 16:37 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 16:37 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 18:44 . 2010-04-08 18:44 -------- d-----w- c:\program files\QuickTime
2010-04-08 18:44 . 2010-04-08 18:44 -------- d-----w- c:\programdata\Apple Computer
2010-04-03 21:19 . 2010-04-03 21:19 516480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-03 21:19 . 2010-04-03 21:19 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-03-31 16:31 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 18:03 . 2010-02-02 06:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 07:49 . 2010-02-06 10:42 -------- d-----w- c:\users\Kris\AppData\Roaming\uTorrent
2010-04-23 22:04 . 2010-03-16 04:19 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-23 21:12 . 2010-03-16 04:20 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-16 08:50 . 2010-02-01 00:52 -------- d-----w- c:\program files\Special Forces
2010-04-13 20:00 . 2010-02-02 22:47 -------- d-----w- c:\program files\Cryptic Studios
2010-04-13 19:58 . 2010-02-09 04:27 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-13 19:57 . 2010-02-09 04:27 -------- d-----w- c:\programdata\Media Center Programs
2010-04-07 21:19 . 2010-03-17 21:19 966104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-07 21:19 . 2010-03-17 21:19 1265264 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\AcrobatUpdater.exe
2010-03-24 01:18 . 2010-02-02 06:39 -------- d-----w- c:\programdata\Creative
2010-03-23 20:46 . 2010-03-23 20:46 94208 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\python_icon.exe
2010-03-23 20:20 . 2010-03-21 08:51 -------- d-----w- c:\program files\Bethesda Softworks
2010-03-23 19:38 . 2010-03-23 19:38 -------- d-----w- c:\program files\7-Zip
2010-03-23 06:05 . 2010-03-21 08:39 -------- d-----w- c:\program files\UltraISO
2010-03-23 06:03 . 2010-03-23 06:03 -------- d-----w- c:\programdata\2BrightSparks
2010-03-21 09:52 . 2010-03-21 09:52 -------- d-----w- c:\users\Kris\AppData\Roaming\Scooter Software
2010-03-21 08:32 . 2010-03-21 08:32 -------- d-----w- c:\program files\Conduit
2010-03-21 08:31 . 2010-03-21 08:31 -------- d-----w- c:\program files\Alcohol Soft
2010-03-18 04:09 . 2010-03-02 02:52 -------- d-----w- c:\program files\Mass Effect 2
2010-03-17 22:14 . 2010-03-17 20:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-17 21:19 . 2010-03-17 21:17 -------- d-----w- c:\programdata\Lavasoft
2010-03-17 21:19 . 2010-03-17 21:19 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-17 21:19 . 2010-03-17 21:19 95024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-17 21:19 . 2010-03-17 21:19 598368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-17 21:19 . 2010-03-17 21:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-17 21:19 . 2010-03-17 21:19 566608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-17 21:19 . 2010-03-17 21:19 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-17 21:19 . 2010-03-17 21:19 1230160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-17 21:19 . 2010-03-17 21:19 247120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-17 21:19 . 2010-03-17 21:19 6330848 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-17 21:19 . 2010-03-17 21:19 17480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-17 21:17 . 2010-03-17 21:17 -------- d-----w- c:\program files\Lavasoft
2010-03-17 21:17 . 2010-03-17 21:17 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-17 21:04 . 2010-03-17 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-17 07:15 . 2010-03-17 07:15 -------- d-----w- c:\program files\FLV Player
2010-03-16 15:45 . 2010-02-06 10:42 -------- d-----w- c:\program files\uTorrent
2010-03-16 04:20 . 2010-03-16 04:20 138056 ----a-w- c:\users\Kris\AppData\Roaming\PnkBstrK.sys
2010-03-16 04:20 . 2010-03-16 04:20 138056 ----a-w- c:\users\Kris\AppData\Roaming\PnkBstrK.sys
2010-03-16 04:19 . 2010-03-16 04:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-16 04:19 . 2010-03-16 04:19 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-16 04:06 . 2010-03-16 04:06 -------- d-----w- c:\program files\Electronic Arts
2010-03-02 03:21 . 2010-03-02 03:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-02 03:05 . 2010-03-02 03:05 -------- d--h--r- c:\users\Kris\AppData\Roaming\SecuROM
2010-03-02 03:02 . 2010-03-02 03:02 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-02 03:02 . 2010-03-02 03:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 02:47 . 2010-03-01 19:15 -------- d-----w- c:\users\Kris\AppData\Roaming\DAEMON Tools Lite
2010-03-01 19:16 . 2010-03-01 19:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-01 19:16 . 2010-03-01 19:16 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-01 19:15 . 2010-03-01 19:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-02-24 14:16 . 2010-02-01 01:08 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-04 15:53 . 2010-03-17 21:17 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-03-17 21:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-02 07:45 . 2010-02-23 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 06:39 . 2010-02-02 06:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-02 06:39 . 2010-02-02 06:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-02 04:56 . 2010-02-01 04:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-01 02:13 . 2010-02-01 02:13 23052 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-01 00:51 . 2010-02-01 00:51 57560 ----a-w- c:\users\Kris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-01 00:50 . 2010-02-01 00:50 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-01 00:47 . 2010-02-01 00:47 10134 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{84B587B3-94BA-CAFF-5824-DB8D2E7A72F4}\ARPPRODUCTICON.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 17:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 05:55 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-10-07 03:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-03-16 08:15 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-02 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-01 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-24 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-24 242896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-24 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-24 308064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-07 1265264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\drjn8rbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://rpgcodex.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-418512364-1319887924-767573510-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3c,3e,35,bb,d7,29,1a,8f,3c,ae,b8,18,e9,f1,4d,ce,ea,8d,20,c0,95,47,d1,
8e,86,03,7d,42,e2,80,6d,2b,31,d7,54,e9,ac,e0,4b,e2,d0,e5,22,52,12,75,bd,b2,\
"??"=hex:50,23,60,bb,e4,68,d2,e4,28,a3,52,12,d6,33,14,b8

[HKEY_USERS\S-1-5-21-418512364-1319887924-767573510-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,96,54,c6,9f,d9,73,44,dc,61,b7,12,9f,36,e6,4f,66,f7,2b,86,6d,
21,70,70,a2,24,c3,16,3e,89,9d,fa,92,c2,69,71,78,64,b2,52,d0,ec,f2,81,3f,bc,\
"rkeysecu"=hex:d6,a7,a2,58,72,e1,0f,0b,b2,59,42,db,49,c2,b8,a0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-27 12:07:23
ComboFix-quarantined-files.txt 2010-04-27 16:07

Pre-Run: 352,891,469,824 bytes free
Post-Run: 356,063,055,872 bytes free

- - End Of File - - 824B5A81837D5D74293B74032A98EB7B
 
Alright, keep in mind that Combofix detected rootkit activity and had to restart my pc. Not sure if it says that in the log.

I'll post after Malwarebytes finishes to see if it found anything.
 
I dont see the rootkit scan section, maybe you missed it or no? Can you run combofix again and post its log to see if there are any changes?
 
Didn't say anything about a rootkit this time, strange.

ComboFix 10-04-26.05 - Kris 04/27/2010 22:11:14.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2460 [GMT -4:00]
Running from: c:\users\Kris\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 02:15 . 2010-04-28 02:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-28 02:15 . 2010-04-28 02:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-28 02:09 . 2010-04-28 02:10 -------- d-----w- C:\32788R22FWJFW
2010-04-27 16:07 . 2010-04-28 02:15 -------- d-----w- c:\users\Kris\AppData\Local\temp
2010-04-26 23:04 . 2010-04-26 23:04 388096 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-26 23:04 . 2010-04-26 23:04 -------- d-----w- c:\program files\Trend Micro
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes
2010-04-25 18:34 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\programdata\Malwarebytes
2010-04-25 18:34 . 2010-04-25 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 18:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 22:15 . 2010-04-24 22:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-24 22:15 . 2010-04-24 22:15 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-24 22:15 . 2010-04-24 22:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-24 22:15 . 2010-04-24 22:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-24 22:15 . 2010-04-27 23:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-24 22:15 . 2010-04-24 22:15 -------- d-----w- c:\programdata\avg9
2010-04-24 22:15 . 2010-04-24 22:15 -------- d-----w- c:\program files\AVG
2010-04-24 18:13 . 2010-04-24 18:15 -------- d-----w- c:\windows\BDOSCAN8
2010-04-24 17:50 . 2010-04-24 17:50 -------- d-----w- c:\windows\Sun
2010-04-24 17:43 . 2010-04-24 17:43 152576 ----a-w- c:\windows\Cgysoa.exe
2010-04-24 17:42 . 2010-04-24 17:42 368128 --sha-r- c:\windows\system32\dhcpcorev.dll
2010-04-24 17:42 . 2010-04-24 19:49 -------- d-----w- c:\users\Kris\AppData\Local\HLFFLWMW
2010-04-24 17:14 . 2010-04-24 17:14 -------- d-----w- c:\users\Kris\AppData\Roaming\Ubisoft
2010-04-24 17:14 . 2010-04-24 17:14 -------- d-----w- c:\programdata\Ubisoft
2010-04-22 16:46 . 2010-04-22 16:46 25600 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe
2010-04-22 16:45 . 2010-04-22 16:46 -------- d-----w- C:\Python26
2010-04-19 19:15 . 2010-04-19 19:15 -------- d-----w- c:\windows\system32\Wat
2010-04-16 18:32 . 2010-04-16 18:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-16 18:31 . 2010-04-16 18:31 -------- d-----w- c:\program files\Java
2010-04-16 18:29 . 2010-04-16 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-14 16:37 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:37 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 16:37 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 16:37 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 16:37 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:37 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 16:37 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 16:37 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 18:44 . 2010-04-08 18:44 -------- d-----w- c:\program files\QuickTime
2010-04-08 18:44 . 2010-04-08 18:44 -------- d-----w- c:\programdata\Apple Computer
2010-04-03 21:19 . 2010-04-03 21:19 516480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-03 21:19 . 2010-04-03 21:19 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-03-31 16:31 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 18:03 . 2010-02-02 06:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 07:49 . 2010-02-06 10:42 -------- d-----w- c:\users\Kris\AppData\Roaming\uTorrent
2010-04-23 22:04 . 2010-03-16 04:19 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-23 21:12 . 2010-03-16 04:20 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-16 08:50 . 2010-02-01 00:52 -------- d-----w- c:\program files\Special Forces
2010-04-13 20:00 . 2010-02-02 22:47 -------- d-----w- c:\program files\Cryptic Studios
2010-04-13 19:58 . 2010-02-09 04:27 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-13 19:57 . 2010-02-09 04:27 -------- d-----w- c:\programdata\Media Center Programs
2010-04-07 21:19 . 2010-03-17 21:19 966104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-07 21:19 . 2010-03-17 21:19 1265264 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\681\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\19765\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17437\AcrobatUpdater.exe
2010-03-24 01:18 . 2010-02-02 06:39 -------- d-----w- c:\programdata\Creative
2010-03-23 20:46 . 2010-03-23 20:46 94208 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\python_icon.exe
2010-03-23 20:20 . 2010-03-21 08:51 -------- d-----w- c:\program files\Bethesda Softworks
2010-03-23 19:38 . 2010-03-23 19:38 -------- d-----w- c:\program files\7-Zip
2010-03-23 06:05 . 2010-03-21 08:39 -------- d-----w- c:\program files\UltraISO
2010-03-23 06:03 . 2010-03-23 06:03 -------- d-----w- c:\programdata\2BrightSparks
2010-03-21 09:52 . 2010-03-21 09:52 -------- d-----w- c:\users\Kris\AppData\Roaming\Scooter Software
2010-03-21 08:32 . 2010-03-21 08:32 -------- d-----w- c:\program files\Conduit
2010-03-21 08:31 . 2010-03-21 08:31 -------- d-----w- c:\program files\Alcohol Soft
2010-03-18 04:09 . 2010-03-02 02:52 -------- d-----w- c:\program files\Mass Effect 2
2010-03-17 22:14 . 2010-03-17 20:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-17 21:19 . 2010-03-17 21:17 -------- d-----w- c:\programdata\Lavasoft
2010-03-17 21:19 . 2010-03-17 21:19 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-17 21:19 . 2010-03-17 21:19 95024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-17 21:19 . 2010-03-17 21:19 598368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-17 21:19 . 2010-03-17 21:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-17 21:19 . 2010-03-17 21:19 566608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-17 21:19 . 2010-03-17 21:19 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-17 21:19 . 2010-03-17 21:19 1230160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-17 21:19 . 2010-03-17 21:19 247120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-17 21:19 . 2010-03-17 21:19 6330848 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-17 21:19 . 2010-03-17 21:19 17480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-17 21:17 . 2010-03-17 21:17 -------- d-----w- c:\program files\Lavasoft
2010-03-17 21:17 . 2010-03-17 21:17 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-17 21:04 . 2010-03-17 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-17 07:15 . 2010-03-17 07:15 -------- d-----w- c:\program files\FLV Player
2010-03-16 15:45 . 2010-02-06 10:42 -------- d-----w- c:\program files\uTorrent
2010-03-16 04:20 . 2010-03-16 04:20 138056 ----a-w- c:\users\Kris\AppData\Roaming\PnkBstrK.sys
2010-03-16 04:20 . 2010-03-16 04:20 138056 ----a-w- c:\users\Kris\AppData\Roaming\PnkBstrK.sys
2010-03-16 04:19 . 2010-03-16 04:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-16 04:19 . 2010-03-16 04:19 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-16 04:06 . 2010-03-16 04:06 -------- d-----w- c:\program files\Electronic Arts
2010-03-02 03:21 . 2010-03-02 03:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-02 03:05 . 2010-03-02 03:05 -------- d--h--r- c:\users\Kris\AppData\Roaming\SecuROM
2010-03-02 03:02 . 2010-03-02 03:02 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-02 03:02 . 2010-03-02 03:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 02:47 . 2010-03-01 19:15 -------- d-----w- c:\users\Kris\AppData\Roaming\DAEMON Tools Lite
2010-03-01 19:16 . 2010-03-01 19:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-01 19:16 . 2010-03-01 19:16 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-01 19:15 . 2010-03-01 19:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-02-24 14:16 . 2010-02-01 01:08 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-04 15:53 . 2010-03-17 21:17 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-03-17 21:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-02 07:45 . 2010-02-23 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 06:39 . 2010-02-02 06:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-02 06:39 . 2010-02-02 06:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-02 04:56 . 2010-02-01 04:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-01 02:13 . 2010-02-01 02:13 23052 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-01 00:51 . 2010-02-01 00:51 57560 ----a-w- c:\users\Kris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-01 00:50 . 2010-02-01 00:50 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-01 00:47 . 2010-02-01 00:47 10134 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{84B587B3-94BA-CAFF-5824-DB8D2E7A72F4}\ARPPRODUCTICON.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-27_16.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:11 . 2009-07-14 01:16 15360 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\sspisrv.dll
+ 2009-07-13 23:12 . 2009-07-14 01:16 99840 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\sspicli.dll
+ 2009-07-13 23:33 . 2009-07-14 01:16 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\secur32.dll
+ 2009-07-13 23:11 . 2009-07-14 01:14 22528 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
+ 2009-07-13 23:11 . 2009-07-14 01:20 67664 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\ksecdd.sys
+ 2009-07-13 23:11 . 2009-07-14 01:16 15360 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\sspisrv.dll
+ 2009-07-13 23:12 . 2009-07-14 01:16 99840 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\sspicli.dll
+ 2009-07-13 23:33 . 2009-07-14 01:16 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\secur32.dll
+ 2009-07-13 23:11 . 2009-07-14 01:14 22528 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
+ 2009-07-13 23:11 . 2009-07-14 01:20 67664 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\ksecdd.sys
+ 2010-02-01 16:28 . 2010-04-27 23:08 28040 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-27 23:08 40396 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-01 01:58 . 2010-04-27 15:58 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-01 01:58 . 2010-04-27 23:09 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2010-04-27 15:58 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-27 23:09 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-01 00:51 . 2010-04-27 23:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 00:51 . 2010-04-27 16:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 00:51 . 2010-04-27 16:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 00:51 . 2010-04-27 23:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-01 00:51 . 2010-04-27 16:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-01 00:51 . 2010-04-27 23:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-01 00:51 . 2010-04-27 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-01 00:51 . 2010-04-27 23:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 03:13 . 2010-04-27 16:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 03:13 . 2010-04-28 02:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 03:13 . 2010-04-28 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-01 03:13 . 2010-04-27 16:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-01 03:13 . 2010-04-28 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-01 03:13 . 2010-04-27 16:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-01 00:51 . 2010-04-27 16:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 00:51 . 2010-04-28 02:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-01 00:51 . 2010-04-27 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-01 00:51 . 2010-04-27 23:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-01 00:52 . 2010-04-27 23:08 9374 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-418512364-1319887924-767573510-1001_UserData.bin
- 2010-04-27 15:58 . 2010-04-27 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-27 23:06 . 2010-04-27 23:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-27 23:06 . 2010-04-27 23:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-27 15:58 . 2010-04-27 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:32 . 2009-07-14 01:17 369568 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\cng.sys
+ 2009-07-13 23:32 . 2009-07-14 01:17 369568 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\cng.sys
+ 2010-02-01 20:04 . 2010-04-28 02:02 228962 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:05 . 2010-04-27 23:13 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-04-27 16:05 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-04-27 16:05 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-04-27 23:13 103496 c:\windows\System32\perfc009.dat
+ 2010-02-01 00:42 . 2010-04-27 23:06 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-02-01 00:42 . 2010-04-27 15:58 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-01 01:58 . 2010-04-27 23:09 475136 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-01 01:58 . 2010-04-27 15:58 475136 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-04-26 22:45 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-04-27 23:17 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 07:18 . 2010-04-27 23:11 17832485 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
.
 
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 17:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 05:55 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-10-07 03:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-03-16 08:15 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-02 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-01 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-24 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-24 242896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-24 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-24 308064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-07 1265264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\drjn8rbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://rpgcodex.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-418512364-1319887924-767573510-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3c,3e,35,bb,d7,29,1a,8f,3c,ae,b8,18,e9,f1,4d,ce,ea,8d,20,c0,95,47,d1,
8e,86,03,7d,42,e2,80,6d,2b,31,d7,54,e9,ac,e0,4b,e2,d0,e5,22,52,12,75,bd,b2,\
"??"=hex:50,23,60,bb,e4,68,d2,e4,28,a3,52,12,d6,33,14,b8

[HKEY_USERS\S-1-5-21-418512364-1319887924-767573510-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,96,54,c6,9f,d9,73,44,dc,61,b7,12,9f,36,e6,4f,66,f7,2b,86,6d,
21,70,70,a2,24,c3,16,3e,89,9d,fa,92,c2,69,71,78,64,b2,52,d0,ec,f2,81,3f,bc,\
"rkeysecu"=hex:d6,a7,a2,58,72,e1,0f,0b,b2,59,42,db,49,c2,b8,a0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-27 22:17:20
ComboFix-quarantined-files.txt 2010-04-28 02:17
ComboFix2.txt 2010-04-27 16:07

Pre-Run: 355,642,888,192 bytes free
Post-Run: 355,577,167,872 bytes free

- - End Of File - - 779773C1470CF8D31089CDE215473252
 
It was probably this entry

Infected copy of c:\windows\system32\drivers\ssmdrv.sys was found and disinfected
Restored copy from - Kitty had a snack
 
What does "Restored copy from - Kitty had a snack" mean?

Also, does this mean my computer is clean?
 
Status
Not open for further replies.
Back
Top Bottom