Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant get rid of Trojan Agents in MBAM Log


  • This topic is locked This topic is locked
41 replies to this topic

#1 babysox

babysox

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 07 September 2010 - 04:47 PM

After following many steps learned from bleeping computer forums I discovered I had the TDSS rootkit and I thought I had battled it away. I am continuing to run regular MBAM scans and detecting infections. Hjack This and MBAM logs below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:37:28 PM, on 9/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Daniel .DANIEL\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-682003330-764733703-1343024091-1009\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138134768969
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://viper/DetermineOS/webinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: windows xp - Conexant Systems, Inc. - (no file)
O23 - Service: windows.net - Conexant Systems, Inc. - (no file)

--
End of file - 11715 bytes



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4558

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/7/2010 5:50:44 PM
mbam-log-2010-09-07 (17-50-44).txt

Scan type: Full scan (C:\|O:\|)
Objects scanned: 375226
Time elapsed: 10 hour(s), 32 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 150

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_XP (Worm.AutoRun) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\EventSystem.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB890046.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB891781.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB893756.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB894391.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB896358.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB899587.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB899589.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB899591.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB900485.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB901017.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB901214.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB905749.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB908531.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB911280.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB911565.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB911927.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB912919.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB914388.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB917159.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB917734.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB918899.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB919007.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB920670.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB922616.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB923689.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB923980.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB924270.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB924496.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB925398.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB925902.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB929338.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB929969.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB936782.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB937894.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB942763.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB943460.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB946026.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB954154.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB954459.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB954600.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB955839.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB956390.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB958215.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB961118.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB961371.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB969898.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB971633.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB973346.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB973507.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\KB973525.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\Wdf01005Inst.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\1394.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\61883.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\atiixpaa.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\atimpab.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\communic.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\dgasync.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\divasrv.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\epcfw2k.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\epsnmfp.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\eqnport.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\fp40ext.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\fxsocm.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\games.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\GEARAspiWDM.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\hal.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\hdaudbus.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\i740nt5.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\i81xnt5.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\ibmvcap.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\icam3.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\icam4usb.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\icam5usb.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\ie.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\image.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\ims.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\kdk2x0.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\kscaptur.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdm5674a.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmaiwa3.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmaiwa5.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmarch.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmatt.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmaus.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmboca.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmbsb.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmbw561.INF (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmcrtix.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmdgitn.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmgcs.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmhandy.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmke.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmlasat.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmmc288.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmmcd.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmmoto1.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmmotou.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\Mdmnis1u.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\Mdmnis3t.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmnova.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmolic.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmrisa.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmsgsmu.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmsupra.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmtdkj6.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mdmwhql0.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mfcem28.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mfsocket.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mmopt.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\monitor8.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mtxvideo.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\mwremove.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\net21x4.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netamd2.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netana.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netirda.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netnb.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netnwcli.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netrass.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netrtsnt.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netsap.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netsis.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\netupnp.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\nvct.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\nvts.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\oem12.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\oem16.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\ovsound.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\perm2.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\scsidev.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\sonypvu1.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\sr.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\usb.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\viafir2k.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\VIAMACH.INF (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\volsnap.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wab50.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wbemsnmp.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wdma_azt.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wdma_cwr.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wdma_ens.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wdma_ess.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wdma_neo.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wdma_sis.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wmp11.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wpd10.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wpdmtp.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\wsh.inf (Trojan.Agent) -> No action taken.
C:\WINDOWS\inf\xact2_3_x86.inf (Trojan.Agent) -> No action taken.

Edited by babysox, 08 September 2010 - 11:37 AM.


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 07 September 2010 - 04:57 PM

Greetings babysox and Welcome to the Forums,

The log shows that you took no action. Why? Are you sure you know how to use mbam?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 07 September 2010 - 05:57 PM

I removed the detected items moments later. I was too eager to post my results ;). However, if I re-run the scan tonight several of those items will appear again. Here is the log from the completed scan again with removed items.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4558

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/7/2010 6:58:52 PM
mbam-log-2010-09-07 (18-58-52).txt

Scan type: Full scan (C:\|O:\|)
Objects scanned: 375226
Time elapsed: 10 hour(s), 32 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 150

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_XP (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\EventSystem.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB890046.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB891781.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB893756.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB894391.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB896358.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB899587.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB899589.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB899591.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB900485.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB901017.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB901214.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB905749.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB908531.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB911280.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB911565.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB911927.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB912919.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB914388.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB917159.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB917734.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB918899.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB919007.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB920670.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB922616.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB923689.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB923980.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB924270.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB924496.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB925398.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB925902.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB929338.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB929969.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB936782.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB937894.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB942763.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB943460.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB946026.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB954154.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB954459.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB954600.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB955839.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB956390.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB958215.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB961118.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB961371.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB969898.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB971633.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB973346.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB973507.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB973525.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Wdf01005Inst.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\1394.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\61883.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\atiixpaa.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\atimpab.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\communic.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\dgasync.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\divasrv.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\epcfw2k.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\epsnmfp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\eqnport.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\fp40ext.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\fxsocm.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\games.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\GEARAspiWDM.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\hal.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\hdaudbus.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\i740nt5.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\i81xnt5.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ibmvcap.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\icam3.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\icam4usb.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\icam5usb.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ie.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\image.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ims.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\kdk2x0.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\kscaptur.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdm5674a.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmaiwa3.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmaiwa5.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmarch.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmatt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmaus.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmboca.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmbsb.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmbw561.INF (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmcrtix.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmdgitn.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmgcs.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmhandy.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmke.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmlasat.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmmc288.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmmcd.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmmoto1.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmmotou.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\Mdmnis1u.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\Mdmnis3t.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmnova.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmolic.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmrisa.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmsgsmu.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmsupra.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmtdkj6.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmwhql0.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mfcem28.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mfsocket.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mmopt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\monitor8.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mtxvideo.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mwremove.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\net21x4.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netamd2.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netana.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netirda.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netnb.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netnwcli.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netrass.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netrtsnt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netsap.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netsis.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netupnp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\nvct.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\nvts.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\oem12.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\oem16.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ovsound.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\perm2.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\scsidev.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\sonypvu1.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\sr.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\usb.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\viafir2k.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\VIAMACH.INF (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\volsnap.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wab50.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wbemsnmp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_azt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_cwr.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_ens.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_ess.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_neo.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_sis.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wmp11.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wpd10.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wpdmtp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wsh.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\xact2_3_x86.inf (Trojan.Agent) -> Quarantined and deleted successfully.


#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 07 September 2010 - 08:26 PM

OK, let's run a manual update and perform another quick scan (not a full scan as you have done). The current data base version is 4565. Post back THAT log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 08 September 2010 - 07:14 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4567

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2010 7:56:28 AM
mbam-log-2010-09-08 (07-56-28).txt

Scan type: Quick scan
Objects scanned: 261583
Time elapsed: 27 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\inf\1394vdbg.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\acerscan.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\adm_port.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\agtinst.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\atirage3.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\avmisdn.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\bda.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\brmfcmdm.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\brmfcumd.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\camvid20.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ccdecode.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\dfrg.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\digimps.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\digirp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\digirprt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\divac.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\dot4prt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\irdasmc.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\kodak.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmcom1.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmdcm6.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmdgden.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmeric.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmlasno.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmlucnt.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmminij.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmneuhs.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmosi.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmpn1.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmpp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmsier.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmsun1.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmsun2.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmtexas.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mdmusrgl.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mfcem33.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mpe.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\msinfo32.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\msmqocm.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\msmscsi.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\msoe50.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\msports.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\msrio.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mstask.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\mwavmdm1.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\net1394.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\net5515n.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netb57xp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netbrdgs.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netclass.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netdefxa.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netel90b.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netiprip.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netirsir.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netklsi.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\netlpd.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ovcam.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ovcomp.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\parhmse.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\phdsext.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\phildec.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\pmxmcro.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\secdrv.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\tshoot.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_ctl.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdma_ymh.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\wdmjoy.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\xact2_4_x86.inf (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by babysox, 08 September 2010 - 07:16 AM.


#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 08 September 2010 - 08:35 AM

Ok, that's not right. Let's have a deeper look at things...First, please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please perform these steps in order as they appear:

Step 1
Please download the free utility DDS. Double click dds.scr to run the tool
  • When it completes, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Step 2
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to your desktop
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please agree to do so
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that, by default, have already been checked. Please uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (In other words, uncheck anything that is NOT your System drive. Your system drive is where Windows is installed which is typically C:\)
    • Show All <--don't miss this one
  • Then click the Scan button & wait for it to finish
  • Once the scan completes, click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it where you can easily find it, such as your desktop
  • If you have trouble scanning with gmer then try the scan again but this time with everything unchecked except for "sections"
**Caution**
Rootkit scans often produce false positives.
Do NOT take any action on any of these "<--- ROOKIT" entries without proper guidance from an expert user.

Please include the following logs in your next reply, Thanks!:
  • DDS.txt
  • Attach.txt
  • ark.txt

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 08 September 2010 - 08:21 PM

Thanks alot for your help. Requested logs follow.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Daniel at 12:18:24.25 on Wed 09/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1252 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Daniel name.DANIEL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138134768969
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://viper/DetermineOS/webinst.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daniel~1.dan\applic~1\mozilla\firefox\profiles\1mgjp5kw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-5 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-7-1 532224]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-4-8 239216]
S2 windows xp;windows xp; [x]
S2 windows.net;windows.net; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-13 430152]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys --> c:\windows\system32\drivers\iteio.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
S3 usbmouseb;usbmouseb;\??\c:\windows\system32\drivers\window.sys --> c:\windows\system32\drivers\window.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-15 85504]

=============== Created Last 30 ================

2010-09-01 01:33:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 01:33:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-01 01:33:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 00:11:33 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Hitman Pro
2010-09-01 00:11:30 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-31 15:40:19 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-08-31 15:40:18 0 d-----w- c:\docume~1\daniel~1.dan\applic~1\SUPERAntiSpyware.com
2010-08-31 15:38:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 15:23:13 20 ----a-w- c:\documents and settings\daniel name.daniel\defogger_reenable
2010-08-31 04:01:10 0 d-----w- c:\docume~1\daniel~1.dan\applic~1\Malwarebytes
2010-08-31 03:32:13 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-08-31 23:34:07 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-07-16 20:43:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 20:43:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 20:41:33 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 01:05:58 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 12:20:29.73 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2002 12:45:41 AM
System Uptime: 9/8/2010 8:00:49 AM (4 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon™ XP 2200+ | Socket A | 1797/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 48.579 GiB free.
D: is CDROM ()
E: is CDROM ()
I: is Removable
O: is FIXED (NTFS) - 149 GiB total, 102.064 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&3B1D9AB8&0&4040
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter #2
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&3B1D9AB8&0&4040
Service: RT61

==== System Restore Points ===================

RP199: 9/7/2010 7:00:15 PM - System Checkpoint
RP200: 9/7/2010 7:04:23 PM - Software Distribution Service 3.0
RP201: 9/7/2010 7:30:06 PM - Software Distribution Service 3.0

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Age of Empires III
Age of Empires III - The WarChiefs
AIM 6
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
AutoHotkey 1.0.48.05
AVG Free 9.0
BlackBerry Desktop Software 4.3
Bonjour
BufferChm
C-Media WDM Audio Driver
C5200
C5200_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX User Guide
DivX Version Checker
DocProc
DocProcQFolder
eSupportQFolder
ExtractNow
Fax
FLV Player 2.0 (build 25)
Full Tilt Poker
GPBaseService
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 17
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Samples
Musicnotes Player
Musicnotes Software Suite 1.0
Nero 7 Ultra Edition
neroxml
NVIDIA nForce Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
Paint Shop Pro 7 Evaluation
PanoStandAlone
PC Pitstop Driver Alert2 2.0.0.0
PeerGuardian 2.0
Platform
PokerStars
PokerStove version 1.23
PostgreSQL 8.3
PostgreSQL 8.4
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
Rhapsody Player Engine
S500/S600 USB Driver
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SIW version 2010.03.10
Skins
SmartWeb Parent Web Center (SwPRMS)
SmartWebPrintingOC
SolutionCenter
Sportsbook.com Poker
Spybot - Search & Destroy 1.5.2.20
Status
SUPERAntiSpyware
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Video Driver
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VIA Audio Driver Setup Program
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VideoToolkit01
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WebFldrs XP
WebReg
WinASO Registry Optimizer 4.5.2
WinASO Registry Optimizer 4.5.3
WinASO Registry Optimizer 4.5.5
Windows 7 Upgrade Advisor
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
WinUHA 2.0 RC1 (2005.02.27)
ZoneAlarm

==== Event Viewer Messages From Past Week ========

9/7/2010 7:15:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office OneNote 2007 (KB980729).
9/7/2010 3:45:07 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
9/7/2010 11:32:15 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/6/2010 5:15:38 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
9/6/2010 5:14:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Network Proxy service to connect.
9/6/2010 5:14:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IS Service service to connect.
9/6/2010 5:14:18 PM, error: Service Control Manager [7000] - The windows.net service failed to start due to the following error: The system cannot find the path specified.
9/6/2010 5:14:18 PM, error: Service Control Manager [7000] - The windows xp service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 21:25:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DANIEL~1.DAN\LOCALS~1\Temp\fxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA873B534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA8735782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA87546DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA873BCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA874EEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA874F2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA8758916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA873BDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA8736398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA8755FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA875593C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA874DDF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA875693C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA8756B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA8735FAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA87511CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA8750DF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA87578D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA8757208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA873B0F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA87582A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA873B7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA873675C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA8757E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA87550C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA874FF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA874FC86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [C0, BC, 73, A8, B4, EE, 74, ...]
? stujnl.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF758C81E]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CEA000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3192] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3724] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC6 0x1F 0xD4 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3D 0x3A 0xC4 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x58 0x56 0x1D 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0x03 0x88 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xD8 0x8A 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x61 0x40 0x07 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4F 0xCB 0x72 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF5 0xBA 0x38 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0x03 0x88 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xD8 0x8A 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x61 0x40 0x07 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4F 0xCB 0x72 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF5 0xBA 0x38 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0x03 0x88 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xD8 0x8A 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x61 0x40 0x07 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4F 0xCB 0x72 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF5 0xBA 0x38 0xF6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0x03 0x88 0x49 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xD8 0x8A 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x61 0x40 0x07 0x68 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4F 0xCB 0x72 0xB6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF5 0xBA 0x38 0xF6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC6 0x1F 0xD4 0x46 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3D 0x3A 0xC4 0x5F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x58 0x56 0x1D 0xA8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0x03 0x88 0x49 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xD8 0x8A 0x0A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x61 0x40 0x07 0x68 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4F 0xCB 0x72 0xB6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF5 0xBA 0x38 0xF6 ...

---- EOF - GMER 1.0.15 ----


#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 08 September 2010 - 09:10 PM

OK, great! Let's start by uninstalling these:
J2SE Runtime Environment 5.0 Update 10 <--These first 8 entries are all out dated and exploited versions of Java. You only need the latest version. You can update to the latest version from within the control panel.
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
LiveUpdate 2.6 (Symantec Corporation)
<--This should have been uninstalled when you removed your Symantec product
PeerGuardian 2.0 <--Please don't use file sharing programs. This open source product is unsupported anyway
Viewpoint Manager (Remove Only) <--These next two entries are both Foistware
Viewpoint Media Player

...when you've finished uninstalling, please reboot the computer.

I should mention one other item of note...your adobe product has an out dated version of their PDF reader. Please run a manual update to get adobe's most recent patches.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
[i]Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 September 2010 - 07:04 AM

I deleted the listed programs/applications, restarted and then ran combofix. Combofix ran through all 50 stages and then restarted my computer. On the restart it said it was creating a log and then abruptly shut down and I never saw a log. Is the log file stored in some folder other than my desktop (combofix is loaded on desktop). Should I run combofix again?

#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 09 September 2010 - 09:43 AM

Look for the log at the root of the drive. Open "MyComputer" and click on your local drive C:\
...there you should see a text file named combofix.txt. Open it and copy it's contents. Post that back here on your next reply. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 September 2010 - 04:33 PM

There is no file named combofix.txt located in the c:\ directory.

#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 09 September 2010 - 07:17 PM

Please copy and paste the follow bold text into a blank notepad:

@echo off
dir "c:\qoobox" >> look.txt
notepad look.txt
exit


Save this as showme.bat. Change the "save as type" to all files and save it to your Desktop.
Next, please double-click the showme.bat file.

Please copy and paste the contents of the text file that pops open back here in your next reply.
Thanks.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 September 2010 - 09:07 PM

Volume in drive C has no label.
Volume Serial Number is 84A1-290C

Directory of c:\qoobox

09/08/2010 11:30 PM <DIR> .
09/08/2010 11:30 PM <DIR> ..
09/08/2010 11:02 PM <DIR> BackEnv
09/08/2010 11:28 PM <DIR> LastRun
09/08/2010 11:03 PM <DIR> Quarantine
09/08/2010 11:19 PM <DIR> Test
09/08/2010 10:57 PM <DIR> TestC
0 File(s) 0 bytes
7 Dir(s) 53,230,288,896 bytes free


#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:15 PM

Posted 10 September 2010 - 03:11 AM

OK, open the quarantine folder and copy it's contents. It will just be text so no worries. Post back the contents of that text file. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 babysox

babysox
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 10 September 2010 - 07:20 AM

Volume in drive C has no label.
Volume Serial Number is 84A1-290C

Directory of c:\qoobox\Quarantine

09/08/2010 11:03 PM <DIR> .
09/08/2010 11:03 PM <DIR> ..
09/08/2010 11:22 PM <DIR> C
09/08/2010 10:57 PM 51 catchme.log
09/08/2010 11:19 PM <DIR> Registry_backups
1 File(s) 51 bytes
4 Dir(s) 53,219,958,784 bytes free





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users