Hello the GMER program ran for almost 24 hours!!!
here are my reports:
ComboFix 10-05-08.02 - viv 09/05/2010 10:31:06.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.167 [GMT 1:00]
Running from: c:\documents and settings\viv\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\viv\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100508-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-04 08:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 08:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 17:54 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-02 17:54 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-02 17:54 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 17:54 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-05-02 17:54 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-02 17:54 . 2009-11-24 22:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-02 17:54 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-02 17:54 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 17:53 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-29 17:05 . 2010-04-29 17:05 -------- d-----w- c:\program files\Free YouTube Downloader Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 17:06 . 2010-04-02 17:06 -------- d-----w- c:\program files\iPod
2010-04-02 17:06 . 2010-04-02 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 16:58 . 2010-04-02 16:58 -------- d-----w- c:\program files\Bonjour
2010-04-02 16:54 . 2010-04-02 16:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-13 17:18 . 2010-03-13 17:18 -------- d-----w- c:\documents and settings\viv\Application Data\InterTrust
2010-03-13 17:14 . 2010-03-13 17:14 -------- d-----w- c:\program files\EPSON
2010-03-10 06:15 . 2004-08-04 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-07-02 18:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-01-18 20:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-03-01 16:57 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-03-01 16:34 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 09:03 . 2010-03-08 17:11 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-04 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
CODE
<pre>
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\QuickTime\qttask .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\PC Tools AntiVirus\pctav .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\IME\PINTLGNT\imscinst .exe
c:\windows\system32\IME\TINTLGNT\tintsetp .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-05-07_08.33.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 09:25 . 2010-05-09 09:25 16384 c:\windows\temp\Perflib_Perfdata_b4.dat
+ 2010-05-09 09:25 . 2010-05-09 09:25 16384 c:\windows\temp\Perflib_Perfdata_554.dat
- 2010-05-07 08:00 . 2010-05-07 08:00 16384 c:\windows\temp\Perflib_Perfdata_554.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [N/A]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SiSPower"="SiSPower.dll" [2005-07-13 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 544768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [N/A]
"Workflow"="E:\Workflow.exe" [N/A]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-12-26 262144]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27017:TCP"= 27017:TCP:BitComet 27017 TCP
"27017:UDP"= 27017:UDP:BitComet 27017 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/05/2010 18:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/05/2010 18:54 20560]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12:29 162176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 18:32 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/01/2010 20:03 36608]
.
Contents of the 'Scheduled Tasks' folder
2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 17:13]
2010-05-08 c:\windows\Tasks\User_Feed_Synchronization-{36E89C61-68E9-4D1C-A0CA-FFFBECE2D6A8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 17:31]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 17:31]
2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-09 10:37
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-09 10:40:29
ComboFix-quarantined-files.txt 2010-05-09 09:40
ComboFix2.txt 2010-05-09 09:12
ComboFix3.txt 2010-05-07 08:36
Pre-Run: 3,531,866,112 bytes free
Post-Run: 3,485,106,176 bytes free
- - End Of File - - 997DC11FA9999EF1C340F9956C919227
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-09 09:39:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\viv\LOCALS~1\Temp\uxdyipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5E086B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB5E08574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5E08A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB5E0814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB5E0864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB5E0808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB5E080F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5E0876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5E0872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5E088AE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
I hope this is right now and this is how you wanted the logs posted

i get so confused with all this stuff.