Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 shyredone

shyredone

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 03 August 2010 - 08:54 AM

DDS (Ver_10-03-17.01) - NTFSx86
A virus disabled my anit-virus program (avast free version). Computer running slow, freezes and crashes. Tried to start in safe mode, it said windows had closed to protect computer. Am using Microsoft Security, Advanced System Care and IObit Security 360. None of them caught this virus for some reason. Do I keep the "ark" file or paste it here?

Run by debbie at 8:52:01.81 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.193 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\debbie\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: yahoo.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\debbie\applic~1\mozilla\firefox\profiles\dfemhwst.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\debbie\application data\mozilla\firefox\profiles\dfemhwst.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\debbie\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\debbie\application data\mozilla\firefox\profiles\dfemhwst.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\debbie\application data\mozilla\firefox\profiles\dfemhwst.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-23 165456]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-23 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-7-30 312152]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2010-2-18 182101]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2010-2-18 5689]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [2010-2-14 468768]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]

=============== Created Last 30 ================

2010-08-03 13:27:59 0 ----a-w- c:\documents and settings\debbie\defogger_reenable
2010-07-31 15:14:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-31 12:28:25 21 ----a-w- c:\documents and settings\debbie\.gtk-bookmarks
2010-07-31 00:35:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-07-30 12:56:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-30 12:51:38 0 d-----w- c:\docume~1\alluse~1\applic~1\FreeApp
2010-07-30 12:42:34 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-30 08:50:41 7383 ----a-w- c:\documents and settings\debbie\.recently-used.xbel
2010-07-29 22:01:25 0 d-----w- c:\program files\Search Toolbar
2010-07-29 22:01:19 0 d-----w- c:\program files\Miro Video Player
2010-07-29 15:18:58 0 d-----w- c:\docume~1\debbie\applic~1\PCF-VLC
2010-07-29 15:16:33 0 d-----w- c:\docume~1\debbie\applic~1\Participatory Culture Foundation
2010-07-29 14:56:43 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-07-26 17:43:41 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-24 19:22:24 0 d-----w- c:\program files\WOT
2010-07-24 18:21:36 0 dc-h--w- c:\windows\ie8
2010-07-24 17:51:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-07-24 17:51:24 1241088 -c--a-w- c:\windows\system32\dllcache\ieframe.dll.mui
2010-07-24 17:51:23 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-07-24 17:51:21 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-07-24 17:51:19 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2010-07-24 16:46:36 0 d-----w- c:\docume~1\debbie\applic~1\IObit
2010-07-24 16:46:34 0 d-----w- c:\program files\IObit
2010-07-23 15:55:43 0 d-----w- c:\program files\Downloads
2010-07-23 15:55:22 0 d-----w- c:\program files\D
2010-07-23 15:17:47 0 d-----w- c:\docume~1\debbie\applic~1\QuickScan
2010-07-23 14:55:30 0 d-----w- c:\docume~1\debbie\applic~1\Uniblue
2010-07-23 14:40:29 0 d-----w- c:\docume~1\debbie\applic~1\Abine
2010-07-23 00:21:30 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-20 23:14:15 0 d-----w- c:\program files\VS Revo Group
2010-07-20 22:33:29 42 ----a-w- c:\windows\system32\AK083E209605E394C.lie
2010-07-20 22:32:29 0 d-----w- c:\program files\Perfect Uninstaller
2010-07-15 18:37:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-06 02:03:10 3829 -c--a-w- C:\logfile

==================== Find3M ====================

2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-05-29 15:32:15 8231427 ----a-w- c:\program files\frostwire-4.20.6.windows.exe
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 06:32:35 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-05-21 06:31:54 16205198 ----a-w- c:\program files\PhotoScapeSetup_V3.4.exe
2010-05-21 06:29:44 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2010-05-21 01:33:04 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-18 01:54:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010020820100215\index.dat
2010-02-18 01:54:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010021720100218\index.dat

============= FINISH: 8:52:24.18 ===============

The computer crashed while I was trying to paste the DDS results so I hope that didn't affect anything

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 03 August 2010 - 09:18 PM.

Shyredone

BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 11 August 2010 - 02:10 AM

Hello, shyredone.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.
We need to run Defogger
  1. Please download DeFogger to your desktop.
  2. Double click DeFogger to run the tool.
  3. The application window will appear
  4. Click the Disable button to disable your CD Emulation drivers
  5. Click Yes to continue
  6. A 'Finished!' message will appear
  7. Click OK
  8. DeFogger will now ask to reboot the machine - click OK
Note: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until the end of the fix.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run an Anti-Rootkit (ARK) scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

If GMER crashes, hangs or blue-screens, do the following
  1. Please Download Rootkit Unhooker Save it to your desktop.
  2. Now double-click on RKUnhookerLE.exe to run it.
  3. Click the Report tab, then click Scan.
  4. Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  5. Wait till the scanner has finished and then click File, Save Report.
  6. Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note:You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"


In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log/RKUnhooker log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 14 August 2010 - 01:06 AM

Hello shyredone
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 16 August 2010 - 12:48 AM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 19 August 2010 - 11:08 AM

Topic reopened as per user's request.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 shyredone

shyredone
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 20 August 2010 - 08:55 AM

When I ran the defogger it didn't try to reboot so I closed it and rebooted. Here are the logs:

info.txt logfile of random's system information tool 1.08 2010-08-20 09:51:35

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems AC'97 Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Broadcom Gigabit Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CesacchaWmp-->MsiExec.exe /I{0EC13D13-65CE-4742-BD1C-BA907E353E19}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DFX for Windows Media Player-->C:\Program Files\DFX\uninstall_WMP.exe
GIMP 2.6.10-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Integrated Wireless LAN W400-W500 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}\setup.exe" -l0x9
HP PCMCIA Smart Card Reader-->MsiExec.exe /I{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018F0}
Java™ 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ Run Time Lib Setup-->MsiExec.exe /X{AAF4238F-7C29-451D-9925-C753271A5728}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mpeg2Decoder 1.3-->"C:\Program Files\Mpeg2Decoder\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083} /l1033
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Panda Cloud Antivirus-->"C:\Program Files\Panda Security\Panda Cloud Antivirus\Setup.exe" /X{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}
Panda Cloud Antivirus-->MsiExec.exe /X{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB979332)-->"C:\WINDOWS\$NtUninstallKB979332_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Windows Essentials Media Codec Pack 3.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WOT for Internet Explorer-->MsiExec.exe /X{DF5A8D64-0B50-46D7-B85D-E66CE690092C}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YouTube Downloader 2.5.7-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AV: Panda Cloud Antivirus
AV: avast! Antivirus
AV: Microsoft Security Essentials (disabled)

======System event log======

Computer Name: DEBBIE-2FA32848
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Record Number: 13340
Source Name: Service Control Manager
Time Written: 20100726125528.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 2004
Message: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80070003

Error description: The system cannot find the path specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: 0.0.0.0

Record Number: 13336
Source Name: Microsoft Antimalware
Time Written: 20100726125313.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 2004
Message: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80070003

Error description: The system cannot find the path specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: 0.0.0.0

Record Number: 13330
Source Name: Microsoft Antimalware
Time Written: 20100726125001.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 2004
Message: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: 0.0.0.0

Record Number: 13324
Source Name: Microsoft Antimalware
Time Written: 20100726124519.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 10010
Message: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Record Number: 13236
Source Name: DCOM
Time Written: 20100726121714.000000-300
Event Type: error
User: DEBBIE-2FA32848\debbie

=====Application event log=====

Computer Name: DEBBIE-2FA32848
Event Code: 490
Message: wuauclt (3172) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Record Number: 9977
Source Name: ESENT
Time Written: 20100613111833.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 490
Message: wuauclt (3564) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Record Number: 9976
Source Name: ESENT
Time Written: 20100613111812.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 9973
Source Name: SecurityCenter
Time Written: 20100613110851.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 9967
Source Name: SecurityCenter
Time Written: 20100612165609.000000-300
Event Type: error
User:

Computer Name: DEBBIE-2FA32848
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9965
Source Name: Application Hang
Time Written: 20100611184138.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"windir"=%SystemRoot%

-----------------EOF-----------------



Logfile of random's system information tool 1.08 (written by random/random)
Run by debbie at 2010-08-20 09:51:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (53%) free of 38 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:30 AM, on 8/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbie\Desktop\RSIT.exe
C:\Program Files\trend micro\debbie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\debbie\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\debbie\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BE0AD44-84C9-4C3F-801D-61300B73739D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBBF6E56-385A-4C7E-A3C8-BAE48E9B6FAF}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7990 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Scan (scan).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\COMODO Registry Cleaner task.job
C:\WINDOWS\tasks\COMODO System Cleaner Update.job
C:\WINDOWS\tasks\Driver Fetch.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Registry Winner Schedule.job
C:\WINDOWS\tasks\Windows Codec Update Service.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2010-02-05 1677472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-02-05 1677472]
{9D425283-D487-4337-BAB6-AB8354A81457}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-04 688218]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-05-14 406848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\System32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\System32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-08-20 09:51:09 ----D---- C:\Program Files\trend micro
2010-08-20 09:51:06 ----DC---- C:\rsit
2010-08-19 12:40:20 ----A---- C:\WINDOWS\PEV.exe
2010-08-19 01:27:55 ----A---- C:\WINDOWS\PEV.exe.nanflmrkxtns
2010-08-18 10:25:51 ----D---- C:\Documents and Settings\debbie\Application Data\Panda Security
2010-08-18 10:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2010-08-18 10:13:21 ----D---- C:\Program Files\Panda Security
2010-08-18 10:13:08 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-08-18 10:13:05 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-08-18 10:12:57 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-08-18 10:12:50 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-08-18 10:12:44 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-08-18 10:12:44 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-08-18 10:12:42 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-08-18 10:09:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-08-15 16:27:58 ----D---- C:\Program Files\CCleaner
2010-08-14 13:43:36 ----D---- C:\Documents and Settings\debbie\Application Data\iWin
2010-08-14 13:40:45 ----D---- C:\Program Files\iWin.com
2010-08-14 13:38:47 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2010-08-14 09:11:18 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-14 09:11:09 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-14 09:11:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-13 09:19:18 ----D---- C:\Program Files\COMODO
2010-08-12 23:03:48 ----DC---- C:\SMCLpav
2010-08-12 22:10:30 ----D---- C:\WINDOWS\Internet Logs
2010-08-12 16:22:36 ----D---- C:\Program Files\Microsoft Security Essentials
2010-08-12 10:21:36 ----D---- C:\Program Files\AVG
2010-08-12 09:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 09:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 09:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 09:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 09:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 09:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 09:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 09:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-11 08:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2010-08-10 16:23:38 ----D---- C:\Documents and Settings\debbie\Application Data\ComodoGroup
2010-08-10 15:38:30 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2010-08-04 07:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-03 07:40:27 ----ASH---- C:\pagefile.sys
2010-08-02 15:12:57 ----D---- C:\Program Files\Common Files\Java
2010-08-02 15:12:39 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-02 15:12:39 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-02 15:12:39 ----A---- C:\WINDOWS\system32\java.exe
2010-07-31 10:28:16 ----D---- C:\Documents and Settings\debbie\Application Data\DivX
2010-07-31 10:14:16 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-07-30 19:35:42 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2010-07-30 15:08:58 ----D---- C:\Documents and Settings\debbie\Application Data\Skype
2010-07-30 13:15:29 ----D---- C:\Documents and Settings\debbie\Application Data\Thunderbird
2010-07-30 08:29:50 ----D---- C:\Documents and Settings\debbie\Application Data\Audacity
2010-07-30 07:56:11 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 07:51:38 ----D---- C:\Documents and Settings\All Users\Application Data\FreeApp
2010-07-30 07:42:34 ----A---- C:\WINDOWS\system32\kbd106.dll
2010-07-29 10:18:58 ----D---- C:\Documents and Settings\debbie\Application Data\PCF-VLC
2010-07-29 10:16:33 ----D---- C:\Documents and Settings\debbie\Application Data\Participatory Culture Foundation
2010-07-29 09:56:43 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-07-24 14:22:24 ----D---- C:\Program Files\WOT
2010-07-24 13:21:36 ----HDC---- C:\WINDOWS\ie8
2010-07-24 12:52:26 ----D---- C:\WINDOWS\ie7updates
2010-07-24 12:47:58 ----HDC---- C:\WINDOWS\ie7
2010-07-24 12:46:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-07-24 12:46:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-07-24 12:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-07-24 11:46:36 ----D---- C:\Documents and Settings\debbie\Application Data\IObit
2010-07-23 10:55:43 ----D---- C:\Program Files\Downloads
2010-07-23 10:55:22 ----D---- C:\Program Files\D
2010-07-23 10:17:47 ----D---- C:\Documents and Settings\debbie\Application Data\QuickScan
2010-07-23 09:55:30 ----D---- C:\Documents and Settings\debbie\Application Data\Uniblue
2010-07-23 09:40:29 ----D---- C:\Documents and Settings\debbie\Application Data\Abine
2010-07-20 17:32:29 ----D---- C:\Program Files\Perfect Uninstaller
2010-07-15 13:37:28 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-07-15 13:12:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-14 08:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-02 01:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-02 01:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-30 18:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-06-27 00:42:03 ----D---- C:\Program Files\GIMP-2.0
2010-06-21 11:19:28 ----D---- C:\WINDOWS\system32\EXP
2010-06-20 17:53:08 ----D---- C:\Documents and Settings\debbie\Application Data\gtk-2.0
2010-06-20 10:44:38 ----D---- C:\Program Files\Yahoo!
2010-06-18 08:53:17 ----D---- C:\Documents and Settings\debbie\Application Data\KodakCredentialStore
2010-06-18 08:46:59 ----D---- C:\Documents and Settings\debbie\Application Data\Skinux
2010-06-18 07:51:50 ----D---- C:\Program Files\Common Files\ArcSoft
2010-06-18 07:51:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-18 07:50:44 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-06-18 07:49:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-06-18 07:49:47 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-06-18 07:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB945060-v3$
2010-06-18 07:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-06-18 07:46:34 ----N---- C:\WINDOWS\system32\imapi2fs.dll
2010-06-18 07:46:34 ----N---- C:\WINDOWS\system32\imapi2.dll
2010-06-18 07:41:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2010-06-17 22:43:45 ----D---- C:\Program Files\Common Files\Nikon
2010-06-17 22:35:35 ----D---- C:\WINDOWS\system32\URTTEMP
2010-06-17 13:39:50 ----D---- C:\WINDOWS\Downloaded Installations
2010-06-16 08:28:04 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-06-16 06:33:42 ----D---- C:\WINDOWS\system32\zh-TW
2010-06-16 06:33:42 ----D---- C:\WINDOWS\system32\zh-HK
2010-06-16 06:33:42 ----D---- C:\WINDOWS\system32\tr-TR
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\sv-SE
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\pt-BR
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\nl-NL
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\nb-NO
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\ko-KR
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\it-IT
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\he-IL
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\fr-FR
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\fi-FI
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\es-ES
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\el-GR
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\de-DE
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\da-DK
2010-06-16 06:33:41 ----D---- C:\WINDOWS\system32\ar-SA
2010-06-14 14:31:47 ----D---- C:\WINDOWS\Prefetch
2010-06-14 14:21:00 ----A---- C:\WINDOWS\000001_.tmp
2010-06-14 13:18:24 ----D---- C:\Documents and Settings\debbie\Application Data\GlarySoft
2010-06-13 22:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-13 22:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-13 22:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-13 22:12:02 ----D---- C:\WINDOWS\ie8updates
2010-06-13 22:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-13 22:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-13 22:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-13 21:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979332_WM9L$
2010-06-11 09:41:13 ----D---- C:\Program Files\Photo Story 3 for Windows
2010-06-10 07:44:43 ----D---- C:\Program Files\Microsoft Office
2010-06-10 07:44:10 ----D---- C:\Program Files\MSECache
2010-06-09 19:10:42 ----D---- C:\Documents and Settings\debbie\Application Data\mail.com Toolbar
2010-06-09 14:30:58 ----D---- C:\Documents and Settings\debbie\Application Data\Facebook
2010-06-07 21:23:39 ----A---- C:\WINDOWS\Uninstall_tkexe.exe
2010-06-07 21:03:31 ----D---- C:\Program Files\JRE
2010-06-07 08:04:27 ----D---- C:\Documents and Settings\debbie\Application Data\Serif
2010-06-06 07:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2010-06-06 07:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-04 09:26:32 ----D---- C:\WINDOWS\system32\windows media
2010-06-04 09:26:23 ----D---- C:\WINDOWS\RegisteredPackages
2010-06-04 09:26:21 ----HD---- C:\WINDOWS\msdownld.tmp
2010-06-04 09:26:16 ----D---- C:\Program Files\Windows Media Components
2010-06-04 09:22:26 ----A---- C:\WINDOWS\system32\dzip32.dll
2010-06-04 09:22:26 ----A---- C:\WINDOWS\system32\dunzip32.dll
2010-06-04 09:22:16 ----D---- C:\Program Files\Windows Media Bonus Pack for Windows XP
2010-06-04 09:17:08 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-06-03 07:43:46 ----A---- C:\WINDOWS\system32\tsccvid.dll
2010-06-03 07:42:28 ----D---- C:\Program Files\Common Files\WORDsearch
2010-06-03 07:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\WORDsearch
2010-05-31 11:53:42 ----D---- C:\Documents and Settings\debbie\Application Data\SmartDraw
2010-05-31 08:54:00 ----D---- C:\Documents and Settings\All Users\Application Data\Visan
2010-05-29 10:41:53 ----D---- C:\Documents and Settings\debbie\Application Data\FrostWire
2010-05-29 10:31:28 ----A---- C:\Program Files\frostwire-4.20.6.windows.exe
2010-05-27 18:39:32 ----A---- C:\WINDOWS\system32\drivers\PSINAflt.sys
2010-05-27 09:07:01 ----D---- C:\Program Files\Incomplete
2010-05-27 08:53:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-27 07:56:06 ----D---- C:\Program Files\LimeWire
2010-05-27 07:21:58 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-05-23 15:16:49 ----D---- C:\Documents and Settings\debbie\Application Data\Absolute Poker
2010-05-23 15:16:42 ----D---- C:\Program Files\_uninstallation_info
2010-05-23 08:55:07 ----D---- C:\WINDOWS\system32\temp
2010-05-21 14:51:45 ----D---- C:\Documents and Settings\All Users\Application Data\Driver Whiz
2010-05-21 11:52:41 ----D---- C:\output
2010-05-21 01:08:21 ----A---- C:\Program Files\wmpfirefoxplugin.exe
2010-05-21 01:04:24 ----A---- C:\Program Files\wmp11-windowsxp-x86-enu.exe

======List of files/folders modified in the last 3 months======

2010-08-20 09:51:09 ----RD---- C:\Program Files
2010-08-20 09:49:04 ----D---- C:\WINDOWS\temp
2010-08-20 09:46:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-20 09:46:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-19 15:13:20 ----D---- C:\WINDOWS
2010-08-19 12:40:17 ----D---- C:\WINDOWS\system32\drivers
2010-08-18 11:23:54 ----D---- C:\Config.Msi
2010-08-18 11:23:53 ----D---- C:\WINDOWS\system32
2010-08-18 11:22:20 ----SHD---- C:\WINDOWS\Installer
2010-08-18 10:35:09 ----SD---- C:\Documents and Settings\debbie\Application Data\Microsoft
2010-08-18 10:33:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-08-18 10:19:01 ----D---- C:\WINDOWS\system32\config
2010-08-18 10:11:05 ----D---- C:\WINDOWS\WinSxS
2010-08-18 10:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-08-15 17:19:09 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-15 17:19:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-15 16:30:35 ----D---- C:\Documents and Settings\debbie\Application Data\Media Player Classic
2010-08-15 16:30:28 ----D---- C:\WINDOWS\Minidump
2010-08-15 16:30:28 ----D---- C:\WINDOWS\Debug
2010-08-14 13:43:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-08-14 13:38:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-13 09:26:13 ----SD---- C:\WINDOWS\Tasks
2010-08-12 15:17:52 ----D---- C:\Program Files\Essentials Codec Pack
2010-08-12 10:29:03 ----RSD---- C:\WINDOWS\assembly
2010-08-12 10:27:07 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-12 09:55:04 ----D---- C:\Program Files\Internet Explorer
2010-08-12 09:16:48 ----HD---- C:\WINDOWS\inf
2010-08-12 09:16:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-12 09:16:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 09:11:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-12 09:07:00 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-12 09:04:07 ----D---- C:\Program Files\Movie Maker
2010-08-11 08:49:28 ----D---- C:\Documents and Settings\debbie\Application Data\Yahoo!
2010-08-11 08:47:39 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-08-10 15:09:03 ----D---- C:\downloads
2010-08-03 11:09:32 ----N---- C:\WINDOWS\system32\MRT.exe
2010-08-02 19:33:09 ----D---- C:\WINDOWS\system32\Restore
2010-08-02 15:12:57 ----D---- C:\Program Files\Common Files
2010-08-02 15:12:37 ----D---- C:\Program Files\Java
2010-08-01 13:39:03 ----D---- C:\Program Files\Ahead
2010-08-01 13:24:39 ----D---- C:\Program Files\Common Files\AVSMedia
2010-08-01 13:17:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-01 12:56:03 ----D---- C:\WINDOWS\Help
2010-07-30 23:10:38 ----D---- C:\Documents and Settings\debbie\Application Data\WinRAR
2010-07-30 08:28:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-30 08:01:59 ----D---- C:\Program Files\VideoLAN
2010-07-27 18:50:21 ----D---- C:\Program Files\YouTube Downloader
2010-07-27 01:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 12:43:42 ----D---- C:\WINDOWS\system32\wbem
2010-07-26 12:43:41 ----D---- C:\WINDOWS\Registration
2010-07-24 13:50:30 ----D---- C:\Program Files\Windows Media Player
2010-07-24 13:34:43 ----D---- C:\WINDOWS\system32\en-US
2010-07-24 13:34:41 ----D---- C:\WINDOWS\Media
2010-07-24 12:50:25 ----D---- C:\WINDOWS\WBEM
2010-07-24 12:18:27 ----D---- C:\Program Files\Google
2010-07-24 11:43:17 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-07-24 10:53:43 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 08:38:55 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-24 08:30:21 ----RASHC---- C:\boot.ini
2010-07-23 11:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-07-23 09:29:56 ----D---- C:\Documents and Settings\debbie\Application Data\Macromedia
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-02 12:06:16 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-02 10:46:31 ----D---- C:\Documents and Settings\debbie\Application Data\PC Tools
2010-06-30 07:31:35 ----A---- C:\WINDOWS\system32\schannel.dll
2010-06-25 14:09:54 ----DC---- C:\WINDOWS\$NtUninstallwmp11$(2)
2010-06-24 17:51:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-06-24 07:22:03 ----A---- C:\WINDOWS\system32\wininet.dll
2010-06-24 07:22:02 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-06-24 07:22:01 ----N---- C:\WINDOWS\system32\occache.dll
2010-06-24 07:22:01 ----N---- C:\WINDOWS\system32\mstime.dll
2010-06-24 07:22:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-06-24 07:21:59 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-06-24 07:21:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-06-24 07:21:59 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-06-24 07:21:58 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-06-24 07:21:58 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-06-24 07:21:55 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-06-23 07:08:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-06-20 09:19:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-06-20 09:19:14 ----D---- C:\Program Files\Common Files\Adobe
2010-06-20 09:09:03 ----D---- C:\Documents and Settings\debbie\Application Data\Adobe
2010-06-17 09:03:00 ----A---- C:\WINDOWS\system32\iccvid.dll
2010-06-15 20:04:18 ----RSD---- C:\WINDOWS\Fonts
2010-06-14 21:12:59 ----D---- C:\Program Files\Messenger
2010-06-14 14:22:32 ----D---- C:\WINDOWS\system32\oobe
2010-06-14 14:21:24 ----D---- C:\WINDOWS\security
2010-06-14 14:20:44 ----D---- C:\WINDOWS\ehome
2010-06-14 02:41:45 ----A---- C:\WINDOWS\system32\msxml3.dll
2010-06-07 21:03:28 ----D---- C:\Program Files\OpenOffice.org 3
2010-06-07 12:34:14 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-07 06:14:46 ----D---- C:\Program Files\DFX
2010-06-04 08:00:16 ----D---- C:\DELL
2010-05-30 22:11:59 ----D---- C:\Documents and Settings\debbie\Application Data\AVS4YOU
2010-05-25 17:31:25 ----H---- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
2010-05-21 12:00:58 ----D---- C:\Program Files\PhotoScape
2010-05-21 10:44:42 ----HD---- C:\Program Files\WindowsUpdate
2010-05-21 09:45:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-21 08:03:56 ----D---- C:\Program Files\Common Files\Ahead
2010-05-21 01:31:54 ----A---- C:\Program Files\PhotoScapeSetup_V3.4.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-06-22 28672]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-30 28080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 PSINKNC;PSINKNC; C:\WINDOWS\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R2 PSINAflt;PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
R2 PSINFile;PSINFile; C:\WINDOWS\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
R2 PSINProc;PSINProc; C:\WINDOWS\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
R2 PSINProt;PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-19 1066278]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 182101]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-30 593408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-04 186016]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-15 468768]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-06-22 92672]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-02-17 170880]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\debbie\LOCALS~1\Temp\esihdrv.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-15 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-06-22 1163378]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-10-04 94208]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nosGetPlusHelper;getPlus® Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Shyredone

#7 shyredone

shyredone
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 20 August 2010 - 09:20 AM

This is all that GMER gave me. I didn't see a log and an Info text.Your directions did say to uncheck the C drive, correct?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-20 10:17:24
Windows 5.1.2600 Service Pack 3
Running: 6iw7057j.exe; Driver: C:\DOCUME~1\debbie\LOCALS~1\Temp\uwlyqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xED6DCCD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xED6DCB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xED6DD142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xED6DD06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xED6DC764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xED6DCC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xED6DC6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xED6DC708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xED6DCD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xED6DD210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xED6DCD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xED6DCEC8]
SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xED52E416]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xED6E9B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xED6E99C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xED6E9AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP ED6E6F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP ED6E99C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP ED6E9BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP ED6E55B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP ED6E9AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF83D6320]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[216] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by shyredone, 20 August 2010 - 09:22 AM.

Shyredone

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 20 August 2010 - 06:08 PM

Hello, shyredone.
Logs look fine. Are you getting redirects?

We need to run TDSSKiller
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  3. Double click TDSSKiller.exe
  4. Press Start Scan
  5. If Malicious objects are found then ensure Cure is selected
  6. Click Continue > Reboot now
  7. Copy and paste the log in your next reply
    Note:A copy of the log will be saved automatically to the root of the drive (typically C:\)

In your next reply, please include the following:
  • TDSSKiller.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 shyredone

shyredone
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 21 August 2010 - 08:11 AM

Hello aommaster....not getting any re-directs no. I think the tdsskiller did download to another folder on my desktop. I had to open and then extract the files and then run. It said there was no threat.

2010/08/21 09:08:11.0656 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/21 09:08:11.0656 ================================================================================
2010/08/21 09:08:11.0656 SystemInfo:
2010/08/21 09:08:11.0656
2010/08/21 09:08:11.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/21 09:08:11.0656 Product type: Workstation
2010/08/21 09:08:11.0656 ComputerName: DEBBIE-2FA32848
2010/08/21 09:08:11.0666 UserName: debbie
2010/08/21 09:08:11.0666 Windows directory: C:\WINDOWS
2010/08/21 09:08:11.0666 System windows directory: C:\WINDOWS
2010/08/21 09:08:11.0666 Processor architecture: Intel x86
2010/08/21 09:08:11.0666 Number of processors: 1
2010/08/21 09:08:11.0666 Page size: 0x1000
2010/08/21 09:08:11.0666 Boot type: Normal boot
2010/08/21 09:08:11.0666 ================================================================================
2010/08/21 09:08:13.0068 Initialize success
2010/08/21 09:08:17.0714 ================================================================================
2010/08/21 09:08:17.0714 Scan started
2010/08/21 09:08:17.0714 Mode: Manual;
2010/08/21 09:08:17.0714 ================================================================================
2010/08/21 09:08:21.0169 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/21 09:08:21.0470 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/21 09:08:21.0570 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/21 09:08:21.0730 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/21 09:08:21.0970 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/21 09:08:22.0121 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/21 09:08:22.0361 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/21 09:08:22.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/21 09:08:23.0202 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/21 09:08:23.0402 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/21 09:08:23.0503 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/21 09:08:23.0613 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/21 09:08:23.0733 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/21 09:08:23.0873 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/21 09:08:24.0023 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/21 09:08:24.0264 ati2mtag (83f24e252908e59c4a7ef203bf7f4c02) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/21 09:08:24.0414 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/21 09:08:24.0554 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/21 09:08:24.0724 b57w2k (0e72b88b05a5931c46efa7d511d9aeb9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/08/21 09:08:24.0895 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/21 09:08:25.0005 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/21 09:08:25.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/21 09:08:25.0205 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/21 09:08:25.0405 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/21 09:08:25.0666 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/21 09:08:25.0786 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/21 09:08:25.0966 CONAN (32b0ac2449d9ef70b719bfaf631f998a) C:\WINDOWS\system32\drivers\o2mmb.sys
2010/08/21 09:08:26.0206 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/21 09:08:26.0417 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/21 09:08:26.0547 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/21 09:08:26.0637 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/21 09:08:26.0797 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/21 09:08:26.0978 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/21 09:08:27.0398 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/21 09:08:27.0508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/21 09:08:27.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/21 09:08:27.0669 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/21 09:08:27.0789 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/21 09:08:27.0899 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/21 09:08:27.0969 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/21 09:08:28.0099 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/21 09:08:28.0410 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/21 09:08:28.0620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/21 09:08:28.0740 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/08/21 09:08:28.0840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/21 09:08:28.0970 InCDfs (c0db41c0765ff058cc675f602ab9ae99) C:\WINDOWS\system32\drivers\InCDfs.sys
2010/08/21 09:08:29.0051 InCDPass (c09cd53967dd8a2aaa385651cf57a36a) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/08/21 09:08:29.0181 InCDrec (c6f091de572cb44de907608c58a1de41) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/08/21 09:08:29.0261 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\WINDOWS\system32\drivers\incdrm.sys
2010/08/21 09:08:29.0802 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/21 09:08:30.0092 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/21 09:08:30.0623 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/21 09:08:30.0743 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/21 09:08:30.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/21 09:08:31.0154 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/21 09:08:31.0554 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/21 09:08:31.0734 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/08/21 09:08:32.0065 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/21 09:08:32.0736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/21 09:08:33.0086 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/21 09:08:33.0457 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/21 09:08:33.0707 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/21 09:08:34.0398 MbxStby (4c32b247524f91db486d21dcb84d9c23) C:\WINDOWS\system32\drivers\MbxStby.sys
2010/08/21 09:08:34.0679 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/21 09:08:35.0139 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/21 09:08:35.0370 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/21 09:08:35.0510 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/21 09:08:35.0620 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/08/21 09:08:35.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/21 09:08:35.0900 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/21 09:08:36.0011 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/21 09:08:36.0091 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/21 09:08:36.0181 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/21 09:08:36.0211 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/21 09:08:36.0321 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/21 09:08:36.0431 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/21 09:08:36.0802 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/21 09:08:36.0972 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/21 09:08:37.0232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/21 09:08:37.0433 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/21 09:08:37.0543 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/21 09:08:37.0603 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/21 09:08:37.0863 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/21 09:08:38.0124 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/08/21 09:08:38.0294 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/21 09:08:38.0414 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/21 09:08:38.0574 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/21 09:08:38.0674 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/21 09:08:38.0774 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/21 09:08:38.0915 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/08/21 09:08:39.0035 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/08/21 09:08:39.0095 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/08/21 09:08:39.0225 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/21 09:08:39.0325 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/21 09:08:39.0435 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/21 09:08:39.0536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/21 09:08:39.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/21 09:08:39.0776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/21 09:08:40.0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/21 09:08:40.0277 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/21 09:08:40.0417 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2010/08/21 09:08:40.0537 PSINFile (b573f1ee01046612576907bb08ad8e6f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2010/08/21 09:08:40.0657 PSINKNC (51b0bab73ec899399e5d6034105d6f21) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2010/08/21 09:08:40.0787 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2010/08/21 09:08:40.0928 PSINProt (47345c84b45003d4b5975cda5f026787) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2010/08/21 09:08:41.0068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/21 09:08:41.0368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/21 09:08:41.0458 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/21 09:08:41.0528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/21 09:08:41.0589 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/21 09:08:41.0689 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/21 09:08:41.0739 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/21 09:08:41.0799 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/21 09:08:41.0859 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/21 09:08:41.0979 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/21 09:08:42.0089 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/21 09:08:42.0290 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/21 09:08:42.0440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/21 09:08:42.0560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/21 09:08:42.0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/21 09:08:42.0790 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/08/21 09:08:42.0961 smwdm (3a11abb30c6a64173f99c8c42e76827c) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/21 09:08:43.0121 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/21 09:08:43.0251 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/21 09:08:43.0511 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/21 09:08:43.0662 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/21 09:08:43.0722 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/21 09:08:43.0952 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/21 09:08:44.0042 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/21 09:08:44.0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/21 09:08:44.0282 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/08/21 09:08:44.0433 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/21 09:08:44.0543 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/21 09:08:44.0663 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/21 09:08:44.0893 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/08/21 09:08:44.0983 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/21 09:08:45.0214 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/21 09:08:45.0404 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/21 09:08:45.0544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/21 09:08:45.0614 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/21 09:08:45.0684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/21 09:08:45.0795 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/21 09:08:45.0915 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/21 09:08:46.0045 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/21 09:08:46.0165 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/21 09:08:46.0275 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/21 09:08:46.0405 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/21 09:08:46.0566 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/21 09:08:46.0786 WLAN_400_500_SERVICE (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/08/21 09:08:46.0986 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/21 09:08:47.0167 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/21 09:08:47.0277 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/21 09:08:47.0427 ================================================================================
2010/08/21 09:08:47.0427 Scan finished
2010/08/21 09:08:47.0427 ================================================================================

Shyredone

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 21 August 2010 - 10:31 AM

Hello, shyredone.
Okay, let's see if this can help your PC crashing.
We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 shyredone

shyredone
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 21 August 2010 - 05:06 PM

Still taking forever to connect to the internet or open any of my programs. Also is it ok to run Panda Cloud Anti-virus with Avast? I don't see anyway to disable the Panda Cloud. Also have Malwarebytes Anit-malware, is that ok or is there something better?

ComboFix 10-08-21.01 - debbie 08/21/2010 17:15:27.4.1 - x86
Running from: c:\documents and settings\debbie\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\debbie\LOCALS~1\Temp\51.tmp
c:\documents and settings\debbie\Local Settings\temp\51.tmp
c:\documents and settings\debbie\System\win_qs8.jqx

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-20 14:51 . 2010-08-20 14:51 -------- d-----w- c:\program files\trend micro
2010-08-20 14:51 . 2010-08-20 14:51 -------- dc----w- C:\rsit
2010-08-18 16:21 . 2010-08-18 16:21 323824 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-08-18 15:25 . 2010-08-18 15:25 -------- d-----w- c:\documents and settings\debbie\Application Data\Panda Security
2010-08-18 15:19 . 2010-08-18 15:19 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-08-14 18:43 . 2010-08-14 18:43 -------- d-----w- c:\documents and settings\debbie\Application Data\iWin
2010-08-14 18:40 . 2010-08-14 18:57 -------- d-----w- c:\program files\iWin.com
2010-08-14 18:38 . 2010-08-14 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-08-14 14:11 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 14:11 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 14:11 . 2010-08-14 14:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 14:20 . 2010-08-13 14:20 -------- d-----w- c:\documents and settings\debbie\Application DataComodoGroup
2010-08-13 14:19 . 2010-08-18 16:23 -------- d-----w- c:\program files\COMODO
2010-08-13 04:03 . 2010-08-13 04:12 -------- dc----w- C:\SMCLpav
2010-08-13 03:56 . 2010-08-13 04:01 177930 -c--a-w- C:\BdUninstallTool2010.08.12-10.56.17.reg
2010-08-13 03:10 . 2010-08-13 03:10 -------- d-----w- c:\windows\Internet Logs
2010-08-12 21:22 . 2010-08-13 13:35 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-12 15:21 . 2010-08-12 15:21 -------- d-----w- c:\program files\AVG
2010-08-11 13:49 . 2010-08-11 14:52 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Yahoo
2010-08-11 13:36 . 2010-08-15 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-11 13:32 . 2010-04-20 21:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-08-10 21:23 . 2010-08-10 21:23 -------- d-----w- c:\documents and settings\debbie\Application Data\ComodoGroup
2010-08-10 20:38 . 2010-08-13 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-08-09 13:32 . 2010-08-09 13:32 503808 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1fb82236-n\msvcp71.dll
2010-08-09 13:32 . 2010-08-09 13:32 499712 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1fb82236-n\jmc.dll
2010-08-09 13:32 . 2010-08-09 13:32 348160 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1fb82236-n\msvcr71.dll
2010-08-09 13:32 . 2010-08-09 13:32 12800 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2be528a3-n\decora-d3d.dll
2010-08-09 13:32 . 2010-08-09 13:32 61440 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2be528a3-n\decora-sse.dll
2010-08-02 20:12 . 2010-08-02 20:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-31 15:29 . 2010-08-01 17:49 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-31 15:28 . 2010-07-31 16:56 -------- d-----w- c:\documents and settings\debbie\Application Data\DivX
2010-07-31 15:14 . 2010-08-01 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-31 00:35 . 2010-07-31 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-07-30 20:08 . 2010-08-01 17:27 -------- d-----w- c:\documents and settings\debbie\Application Data\Skype
2010-07-30 18:15 . 2010-07-30 18:15 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Thunderbird
2010-07-30 18:15 . 2010-07-30 18:15 -------- d-----w- c:\documents and settings\debbie\Application Data\Thunderbird
2010-07-30 13:29 . 2010-07-30 13:30 -------- d-----w- c:\documents and settings\debbie\Application Data\Audacity
2010-07-30 12:56 . 2010-07-30 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 12:51 . 2010-07-30 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeApp
2010-07-30 12:42 . 2008-04-14 10:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-29 15:18 . 2010-08-02 20:16 -------- d-----w- c:\documents and settings\debbie\Application Data\PCF-VLC
2010-07-29 15:16 . 2010-07-29 15:16 -------- d-----w- c:\documents and settings\debbie\Application Data\Participatory Culture Foundation
2010-07-29 14:56 . 2010-07-31 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-07-26 17:43 . 2010-07-26 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-24 19:22 . 2010-07-24 19:22 -------- d-----w- c:\program files\WOT
2010-07-24 19:05 . 2010-07-24 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-24 18:21 . 2010-07-24 18:26 -------- dc-h--w- c:\windows\ie8
2010-07-24 17:51 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-07-24 17:51 . 2009-03-08 09:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-07-24 17:51 . 2009-02-07 02:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-07-24 17:51 . 2009-03-08 09:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2010-07-24 16:46 . 2010-07-31 12:56 -------- d-----w- c:\documents and settings\debbie\Application Data\IObit
2010-07-23 15:55 . 2010-08-13 03:51 -------- d-----w- c:\program files\Downloads
2010-07-23 15:55 . 2010-07-23 15:55 -------- d-----w- c:\program files\D
2010-07-23 15:17 . 2010-07-23 16:02 -------- d-----w- c:\documents and settings\debbie\Application Data\QuickScan
2010-07-23 14:55 . 2010-07-23 14:55 -------- d-----w- c:\documents and settings\debbie\Application Data\Uniblue
2010-07-23 14:40 . 2010-07-23 15:50 -------- d-----w- c:\documents and settings\debbie\Application Data\Abine
2010-07-23 14:39 . 2010-06-18 21:48 535176 ----a-w- c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
2010-07-23 14:39 . 2010-06-08 01:25 702120 ----a-w- c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-23 14:39 . 2010-06-08 01:25 868456 ----a-w- c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 14:27 . 2010-02-16 03:09 1 ----a-w- c:\documents and settings\debbie\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-18 15:33 . 2010-02-15 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 15:13 . 2010-08-14 23:45 0 ----a-w- c:\documents and settings\debbie\Local Settings\Application Data\prvlcl.dat
2010-08-18 15:13 . 2010-08-18 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-08-18 15:13 . 2010-08-18 15:13 -------- d-----w- c:\program files\Panda Security
2010-08-18 15:08 . 2010-02-23 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-15 22:19 . 2010-02-16 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-15 21:30 . 2010-02-19 01:26 -------- d-----w- c:\documents and settings\debbie\Application Data\Media Player Classic
2010-08-15 21:28 . 2010-08-15 21:27 -------- d-----w- c:\program files\CCleaner
2010-08-15 21:24 . 2010-05-27 12:56 -------- d-----w- c:\program files\LimeWire
2010-08-15 21:13 . 2010-05-29 15:41 -------- d-----w- c:\documents and settings\debbie\Application Data\FrostWire
2010-08-15 16:32 . 2010-05-27 14:07 -------- d-----w- c:\program files\Incomplete
2010-08-15 01:00 . 2010-04-21 21:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-14 18:43 . 2010-02-14 21:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-12 20:17 . 2010-02-19 01:43 -------- d-----w- c:\program files\Essentials Codec Pack
2010-08-12 15:17 . 2010-02-24 20:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-11 13:49 . 2010-02-24 18:01 -------- d-----w- c:\documents and settings\debbie\Application Data\Yahoo!
2010-08-11 13:47 . 2010-02-24 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-11 13:36 . 2010-06-20 15:44 -------- d-----w- c:\program files\Yahoo!
2010-08-02 20:12 . 2010-02-15 17:45 -------- d-----w- c:\program files\Java
2010-08-01 18:39 . 2010-02-17 02:49 -------- d-----w- c:\program files\Ahead
2010-08-01 18:24 . 2010-02-17 21:46 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-01 18:17 . 1980-01-11 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 17:56 . 2010-06-18 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-07-31 13:04 . 2010-07-20 22:32 -------- d-----w- c:\program files\Perfect Uninstaller
2010-07-31 12:28 . 2010-06-20 22:53 -------- d-----w- c:\documents and settings\debbie\Application Data\gtk-2.0
2010-07-30 13:19 . 2010-06-27 05:42 -------- d-----w- c:\program files\GIMP-2.0
2010-07-30 13:01 . 2010-02-16 21:22 -------- d-----w- c:\program files\VideoLAN
2010-07-27 23:50 . 1980-01-08 18:28 -------- d-----w- c:\program files\YouTube Downloader
2010-07-24 17:18 . 2010-02-14 21:44 -------- d-----w- c:\program files\Google
2010-07-24 17:15 . 2010-06-10 00:10 -------- d-----w- c:\documents and settings\debbie\Application Data\mail.com Toolbar
2010-07-24 16:43 . 1980-01-07 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-23 16:54 . 2010-06-14 18:18 -------- d-----w- c:\documents and settings\debbie\Application Data\GlarySoft
2010-07-23 00:23 . 2010-07-15 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-17 10:00 . 2010-05-20 13:26 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 18:37 . 2010-07-15 18:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 17:06 . 1980-01-07 05:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-02 15:46 . 1980-01-07 07:33 -------- d-----w- c:\documents and settings\debbie\Application Data\PC Tools
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-08-18 15:09 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-08-18 15:09 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-08-18 15:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-08-18 15:13 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-08-18 15:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-08-18 15:12 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-08-18 15:12 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-08-18 15:13 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-08-18 15:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 12:17 . 2010-06-25 12:17 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb436.tmp.exe
2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 03:44 . 2010-06-18 03:44 129 ----a-w- c:\documents and settings\debbie\Local Settings\Application Data\fusioncache.dat
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 13:28 . 2010-02-14 21:51 80160 ----a-w- c:\documents and settings\debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 19:31 . 2010-06-09 19:31 50354 ----a-w- c:\documents and settings\debbie\Application Data\Facebook\uninstall.exe
2010-05-29 16:21 . 2010-05-29 16:21 0 ----a-w- c:\documents and settings\debbie\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-29 15:32 . 2010-05-29 15:31 8231427 ----a-w- c:\program files\frostwire-4.20.6.windows.exe
2010-05-27 23:39 . 2010-05-27 23:39 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-05-24 12:00 . 2010-05-24 12:00 503808 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13cf6216-n\msvcp71.dll
2010-05-24 12:00 . 2010-05-24 12:00 499712 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13cf6216-n\jmc.dll
2010-05-24 12:00 . 2010-05-24 12:00 348160 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13cf6216-n\msvcr71.dll
2010-05-24 12:00 . 2010-05-24 12:00 61440 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f6f45b6-n\decora-sse.dll
2010-05-24 12:00 . 2010-05-24 12:00 12800 ----a-w- c:\documents and settings\debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f6f45b6-n\decora-d3d.dll
2010-05-21 06:32 . 2010-05-21 06:04 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-05-21 06:31 . 2010-05-21 03:06 16205198 ----a-w- c:\program files\PhotoScapeSetup_V3.4.exe
2010-05-21 06:29 . 2010-05-21 06:08 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2010-05-21 01:33 . 2010-05-21 01:31 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain]
2010-05-14 20:06 406848 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4812:TCP"= 4812:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/18/2010 10:13 AM 165456]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/18/2010 10:13 AM 17744]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2/18/2010 5:32 PM 182101]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 4:26 PM 35968]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2/18/2010 5:32 PM 5689]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [2/14/2010 4:31 AM 468768]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 4:45 PM 135664]
S3 esihdrv;esihdrv;\??\c:\docume~1\debbie\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\debbie\LOCALS~1\Temp\esihdrv.sys [?]
S3 nosGetPlusHelper;getPlusŪ Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 7:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:45]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:45]

2010-08-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: yahoo.com\www
TCP: {7BE0AD44-84C9-4C3F-801D-61300B73739D} = 156.154.70.22,156.154.71.22
TCP: {EBBF6E56-385A-4C7E-A3C8-BAE48E9B6FAF} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\debbie\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\debbie\Application Data\Mozilla\Firefox\Profiles\dfemhwst.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 17:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\System32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
.
**************************************************************************
.
Completion time: 2010-08-21 17:40:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 22:40

Pre-Run: 21,417,041,920 bytes free
Post-Run: 21,343,305,728 bytes free

- - End Of File - - 4EC24F39640F5C7DD6DA6182B8DEDA05

[/font][/size]


[font="Arial Black"]aommaster I am including the Panda Cloud Antivirus scan results. Avast didn't pick up anything.
[size="5"]

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan 8/22/2010 3:36:56 AM Finished Scanning: All My Computer
Suspicious file detected 8/22/2010 3:26:34 AM Neutralized. Location: C:\WINDOWS\PEV.exe
Suspicious file detected 8/22/2010 3:26:02 AM Neutralized. Location: C:\System Volume Information\_restore{5E8F5646-3FE3-49D9-9352-1011D0F77F36}\RP170\A0104761.exe
Suspicious file detected 8/22/2010 3:26:01 AM Neutralized. Location: C:\System Volume Information\_restore{5E8F5646-3FE3-49D9-9352-1011D0F77F36}\RP170\A0104705.exe
Suspicious file detected 8/22/2010 3:26:01 AM Neutralized. Location: C:\System Volume Information\_restore{5E8F5646-3FE3-49D9-9352-1011D0F77F36}\RP170\A0104677.exe
Scan 8/22/2010 1:37:05 AM Started Scanning: All My Computer
Suspicious file detected 8/21/2010 5:33:39 PM Neutralized. Location: C:\ComboFix\pev.exe
Suspicious file detected ...\8/21/2010 1 Neutralized. Location: C:\System Volume Information\_restore{5E8F5646-3FE3-49D9-9352-1011D0F77F36}\RP168\A0104450.exe
Scan 8/19/2010 1:42:46 AM Finished Scanning: All My Computer
Suspicious file detected 8/19/2010 1:27:57 AM Neutralized. Location: C:\WINDOWS\PEV.exe
Scan 8/18/2010 9:41:35 PM Finished Optimized scan
Scan 8/18/2010 9:14:58 PM Started Scanning: All My Computer
Scan 8/18/2010 9:14:47 PM Started Optimized scan
Computer vaccinated ...\8/18/2010 1 Vaccinated. Your computer has been vaccinated.

Edited by shyredone, 22 August 2010 - 03:21 AM.

Shyredone

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 22 August 2010 - 11:23 AM

Hello, shyredone.
QUOTE
Also is it ok to run Panda Cloud Anti-virus with Avast?

To be honest, I have not had any experience with this AV program. Does it offer a real-time protection feature? Or is it just an on-demand scanner? If it is the latter, then it's fine to have. Just make sure you don't have two real-time protection programs as antivirus programs smile.gif

QUOTE
Also have Malwarebytes Anit-malware, is that ok or is there something better?

MalwareBytes is a really good program and I highly recommend you keep it.

It appears that you ran Panda Cloud scan, and it detected some of Combofix's internal programs as malicious and deleted them. You may need to redownload combofix to proceed with the fix, since the files that have been found are false positives.

Also, I can't see anything that could be slowing down your system. It is generally a side-effect after a virus infection and reformatting is the best way to go. However, I'd like to take a look at the hardware present on your system.

Backdoor warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?


Again, if you would like me to attempt to clean it, I will be happy to do so. But if you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Should you have any questions, please feel free to ask.

Please let me know what you decide to do. If you decide to continue with the fix, please proceed with the steps below.




We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    Driver::
    cerc6

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

NEXT:

We need to run HardwareInfo
  1. Please download Aommaster's HardwareInfo to your desktop.
  2. Double click HardwareInfo
  3. Press the Run Scan button to start scanning.
  4. It shall produce a HardwareInfo.txt on your desktop.
  5. Please copy and paste the log in your next reply.

In your next reply, please include the following:
  • ComboFix.txt
  • HardwareInfo.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 shyredone

shyredone
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 24 August 2010 - 05:02 PM

I am afraid I don't understand what it is you are telling me to do. I no longer have the Combo Fix on my desktop. Do I need to download it and run it again. I am sorry but I am really over my head here. I don't have any choice but to let you do what you can. I bought the laptop used and it already had the Windows Xp Professional on it so I don't have a CD to re-install it and don't have the money to buy it. Oh dear, this is such a mess. I don't do any financial stuff or anything personal like that on my computer so that isn't a concern. I really appreciate your help. If you could tell me step by step how to do this? I did do search on the start menu and it couldn't find file you said to save it to.


We need to run a Combofix script1.Close any open browsers.
2.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3.Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
CODE
Driver::
cerc6

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]4.Save this as CFScript.txt, in the same location as ComboFix.exe
5.Now, drag and drop CFScript into ComboFix.exe
6.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I am sorry to be so much trouble!
Shyredone

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:17 AM

Posted 24 August 2010 - 05:58 PM

Hi!

No need to apologize smile.gif

First, please make sure you have combofix on your desktop. If you don't, please redownload it. As for the script, you'll have to make it yourself by opening notepad and copy and pasting the text in the code-box.

If you're still unsure, please don't hesitate to ask smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 shyredone

shyredone
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:03:17 PM

Posted 25 August 2010 - 12:35 AM

Ok I'm sorry I just don't understand.

First, please make sure you have combofix on your desktop. If you don't, please redownload it. As for the script, you'll have to make it yourself by opening notepad and copy and pasting the text in the code-box.

I downloaded Combofix again onto the desktop. And I understand how to copy and past the text.

This is the part I don't understand:

4. Save this as CFScript.txt, in the same location as ComboFix.exe
5. Now, drag and drop CFScript into ComboFix.exe
6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

On #4 Do I save it to where ComboFix is on the desktop? And how do I drag & drop it there?

I am sorry if I am making this more difficult than it is, but to me it is...

Edited by shyredone, 25 August 2010 - 04:32 PM.

Shyredone




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users