Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really Slow Browser - Malware?


  • Please log in to reply
34 replies to this topic

#1 Squindar

Squindar

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 02 November 2010 - 06:39 PM

Hi there
My browser is treacle slow, the tech from my isp said I had Malware but declined to help.
Heaps of scans (Mbam, Spybot, Avg, avast also stinger and winsock fix - reinstalled windows (XP sp3) - no difference, Please help

Robert

DDS (Ver_10-11-01.01) - NTFSx86
Run by Compaq_Owner at 23:14:36.51 on 02/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.958.555 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\br9vm8dk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-31 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-11-01 21:57:22 -------- d-----w- c:\docume~1\compaq~1\applic~1\WinBatch
2010-10-31 22:40:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-10-31 22:40:39 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-31 17:55:57 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Mozilla
2010-10-31 15:56:02 -------- dcsh--r- C:\cmdcons
2010-10-31 15:54:28 -------- d-----w- c:\windows\setupupd
2010-10-31 12:30:47 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Identities
2010-10-31 12:24:14 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Adobe
2010-10-31 09:56:46 -------- d-----w- c:\docume~1\compaq~1\applic~1\HPQ
2010-10-31 09:36:45 73728 ----a-r- c:\windows\system32\cnm144.tmp
2010-10-31 09:27:21 87552 ----a-w- c:\windows\system32\CNMLM4b.DLL
2010-10-31 09:27:21 5632 ----a-w- c:\windows\system32\CNMVS4b.DLL
2010-10-31 09:27:21 46080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP4b.DLL
2010-10-31 09:27:21 13824 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD4b.DLL
2010-10-31 09:27:19 73728 ----a-r- c:\windows\system32\CNMCP4b.exe
2010-10-31 09:22:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 09:22:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 09:19:17 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-31 09:15:21 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-31 09:10:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-31 09:09:54 16074 ----a-w- c:\windows\system32\drivers\FA312nd5.sys
2010-10-31 08:07:17 1409 ----a-w- c:\windows\QTFont.for
2010-10-30 16:58:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-10-30 16:53:09 -------- d-----w- c:\program files\Uniblue
2010-10-29 16:47:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-29 15:50:42 -------- dc----w- C:\f3d9eb949c5a7021acd3c8bd
2010-10-29 15:50:37 -------- dc----w- C:\692c20eb37f2dcd683fc
2010-10-29 00:37:07 -------- dc----w- C:\b6d32fdd5115764cc3752340db50b5
2010-10-29 00:36:57 -------- dc----w- C:\3d7ea7118e9a72a1320c09f75b73
2010-10-29 00:11:09 -------- d-----w- c:\program files\Sophos
2010-10-21 17:19:50 -------- dc----w- C:\ERDNT
2010-10-20 23:05:40 -------- d-----w- c:\program files\Yahoo!
2010-10-20 23:05:28 -------- d-----w- c:\program files\CCleaner
2010-10-17 01:22:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2010-10-17 01:22:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Virgin Media
2010-10-16 22:52:47 -------- d-----w- c:\program files\MarkAny
2010-10-12 16:32:36 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-12 16:30:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-12 16:13:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-05 17:28:54 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-05 17:27:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Samsung
2010-10-05 17:25:50 -------- d-----w- c:\program files\Samsung
2010-10-05 17:25:40 -------- d-----w- c:\program files\common files\Samsung

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N/R rev.TM100-24 -> \Device\Ide\IdeDeviceP2T1L0-24

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x8594CAB8]
3 CLASSPNP[0xF75D105B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\0000005e[0x8590C030]
5 ACPI[0xF7447620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Ide\IdeDeviceP2T0L0-1c[0x859904A8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel

Filesystem trace:
called modules: ntkrnlpa.exe hal.dll aswMon2.SYS fltMgr.sys aswFsBlk.SYS sr.sys aswSP.SYS Ntfs.sys
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85786C68]
3 ntkrnlpa[0x805773B7] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x857CEB68]
5 fltMgr[0xF73DDE61] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85949B58]
7 sr[0xF73CD870] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85906020]
9 ntkrnlpa[0x80577AD9] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x857CEB68]
11 fltMgr[0xF73DDB29] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85949B58]
13 sr[0xF73CCBB9] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85906020]
15 ntkrnlpa[0x80577C87] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x857CEB68]
17 fltMgr[0xF73DDB29] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85949B58]
19 sr[0xF73C8453] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x85906020]
21 aswMon2[0xF05699DD] -> ntkrnlpa!IofCallDriver[0x804EDE00]
23 fltMgr[0xF73DDE61] -> ntkrnlpa!IofCallDriver[0x804EDE00]
25 sr[0xF73CD870] -> ntkrnlpa!IofCallDriver[0x804EDE00]
27 ntkrnlpa[0x80573B3D] -> ntkrnlpa!IofCallDriver[0x804EDE00]
29 aswMon2[0xF05699DD] -> ntkrnlpa!IofCallDriver[0x804EDE00]
31 fltMgr[0xF73DDB29] -> ntkrnlpa!IofCallDriver[0x804EDE00]
33 sr[0xF73C8453] -> ntkrnlpa!IofCallDriver[0x804EDE00]

Registry trace:
called modules: ntkrnlpa.exe aswSP.SYS hal.dll

============= FINISH: 23:15:30.43 ===============



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 AM

Posted 09 November 2010 - 06:35 PM

Hello Squindar ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 11 November 2010 - 01:36 PM

Hi There thanks for responding
heres a new dds


DDS (Ver_10-11-01.01) - NTFSx86
Run by Compaq_Owner at 18:30:57.40 on 11/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.555 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TotalRecorderScheduler] c:\program files\highcriteria\totalrecorder\TotRecSched.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\br9vm8dk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-31 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-11-09 01:27:05 1409 ----a-w- c:\windows\QTFont.for
2010-11-08 18:12:47 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-11-08 17:54:05 48640 ----a-w- c:\windows\system32\DrvTrNTm.dll
2010-11-08 17:54:05 106496 ----a-w- c:\windows\system32\DrvTrNTl.dll
2010-11-08 17:46:06 -------- dc----w- C:\tmpDownload
2010-11-05 13:00:27 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-05 13:00:27 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-05 13:00:11 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-05 12:59:43 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 12:59:43 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 12:59:43 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 12:59:42 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 12:57:56 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-05 03:22:17 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-11-05 03:22:04 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-11-05 01:07:52 -------- d-----w- c:\windows\system32\scripting
2010-11-05 01:07:52 -------- d-----w- c:\windows\system32\en
2010-11-05 01:07:52 -------- d-----w- c:\windows\system32\bits
2010-11-04 22:17:05 -------- d-----w- c:\docume~1\compaq~1\applic~1\WinPatrol
2010-11-04 22:17:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2010-11-04 21:37:57 -------- d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
2010-11-04 21:36:39 -------- d-sh--w- c:\documents and settings\compaq_owner\IETldCache
2010-11-04 21:09:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-04 21:09:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-04 21:09:49 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-04 21:09:49 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-04 21:09:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-04 21:09:49 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-04 21:09:49 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-04 18:33:52 33792 ------w- c:\windows\system32\mmcperf.exe
2010-11-04 18:23:31 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-04 18:23:30 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-04 18:22:58 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-04 18:22:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-04 18:22:33 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-04 18:21:58 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-04 18:21:58 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-04 18:21:46 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-11-04 18:21:46 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-11-04 18:21:46 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-11-04 18:21:45 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-11-04 18:21:45 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-04 18:21:45 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-04 18:21:44 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-04 18:21:44 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-11-04 18:21:44 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-11-04 18:20:31 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-04 18:20:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-04 18:18:11 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-04 00:21:36 -------- d-----w- c:\windows\system32\PreInstall
2010-11-01 21:57:22 -------- d-----w- c:\docume~1\compaq~1\applic~1\WinBatch
2010-10-31 22:40:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-10-31 22:40:39 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-31 17:55:57 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Mozilla
2010-10-31 15:56:02 -------- dcsh--r- C:\cmdcons
2010-10-31 15:54:28 -------- d-----w- c:\windows\setupupd
2010-10-31 12:30:47 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Identities
2010-10-31 12:24:14 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Adobe
2010-10-31 09:56:46 -------- d-----w- c:\docume~1\compaq~1\applic~1\HPQ
2010-10-31 09:36:45 73728 ----a-r- c:\windows\system32\cnm144.tmp
2010-10-31 09:27:21 87552 ----a-w- c:\windows\system32\CNMLM4b.DLL
2010-10-31 09:27:21 5632 ----a-w- c:\windows\system32\CNMVS4b.DLL
2010-10-31 09:27:21 46080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP4b.DLL
2010-10-31 09:27:21 13824 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD4b.DLL
2010-10-31 09:27:19 73728 ----a-r- c:\windows\system32\CNMCP4b.exe
2010-10-31 09:22:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 09:22:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 09:19:17 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-31 09:15:21 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-31 09:10:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-31 09:09:54 16074 ----a-w- c:\windows\system32\drivers\FA312nd5.sys
2010-10-30 16:58:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-10-30 16:53:09 -------- d-----w- c:\program files\Uniblue
2010-10-29 16:47:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-29 15:50:42 -------- dc----w- C:\f3d9eb949c5a7021acd3c8bd
2010-10-29 15:50:37 -------- dc----w- C:\692c20eb37f2dcd683fc
2010-10-29 00:37:07 -------- dc----w- C:\b6d32fdd5115764cc3752340db50b5
2010-10-29 00:36:57 -------- dc----w- C:\3d7ea7118e9a72a1320c09f75b73
2010-10-29 00:11:09 -------- d-----w- c:\program files\Sophos
2010-10-21 17:19:50 -------- dc----w- C:\ERDNT
2010-10-20 23:05:28 -------- d-----w- c:\program files\CCleaner
2010-10-17 01:22:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2010-10-17 01:22:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Virgin Media
2010-10-16 22:52:47 -------- d-----w- c:\program files\MarkAny

==================== Find3M ====================

2010-11-05 01:10:13 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2010-11-05 01:10:13 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2010-11-05 01:10:13 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2010-11-05 01:10:13 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2010-11-05 01:10:13 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2010-11-05 01:10:13 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2010-11-05 01:10:13 287310 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2010-11-05 01:10:13 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N/R rev.TM100-24 -> \Device\Ide\IdeDeviceP2T1L0-24

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8614CAB8]
3 CLASSPNP[0xF7550FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000005e[0x861521A8]
5 ACPI[0xF73C7620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP2T0L0-1c[0x861E9D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel

Filesystem trace:
called modules: ntkrnlpa.exe hal.dll aswMon2.SYS fltmgr.sys aswFsBlk.SYS sr.sys aswSP.SYS Ntfs.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85EB3C60]
3 ntkrnlpa[0x80578683] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85F066A0]
5 fltmgr[0xF735CE95] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86101DD0]
7 sr[0xF734C870] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86183020]
9 ntkrnlpa[0x80578DA9] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85F066A0]
11 fltmgr[0xF735D098] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86101DD0]
13 sr[0xF734BBB9] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86183020]
15 ntkrnlpa[0x80578F57] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85F066A0]
17 fltmgr[0xF735D098] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86101DD0]
19 sr[0xF7347453] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86183020]
21 aswMon2[0xEFEDB9DD] -> ntkrnlpa!IofCallDriver[0x804EE130]
23 fltmgr[0xF735CE95] -> ntkrnlpa!IofCallDriver[0x804EE130]
25 sr[0xF734C870] -> ntkrnlpa!IofCallDriver[0x804EE130]
27 ntkrnlpa[0x80574DCB] -> ntkrnlpa!IofCallDriver[0x804EE130]
29 aswMon2[0xEFEDB9DD] -> ntkrnlpa!IofCallDriver[0x804EE130]
31 fltmgr[0xF735D098] -> ntkrnlpa!IofCallDriver[0x804EE130]
33 sr[0xF7347453] -> ntkrnlpa!IofCallDriver[0x804EE130]

Registry trace:
called modules: ntkrnlpa.exe aswSP.SYS hal.dll

============= FINISH: 18:32:12.07 ===============

#4 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 11 November 2010 - 01:37 PM

Thanks for responding heres the new dds


DDS (Ver_10-11-01.01) - NTFSx86
Run by Compaq_Owner at 18:30:57.40 on 11/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.555 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TotalRecorderScheduler] c:\program files\highcriteria\totalrecorder\TotRecSched.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\br9vm8dk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-31 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-11-09 01:27:05 1409 ----a-w- c:\windows\QTFont.for
2010-11-08 18:12:47 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-11-08 17:54:05 48640 ----a-w- c:\windows\system32\DrvTrNTm.dll
2010-11-08 17:54:05 106496 ----a-w- c:\windows\system32\DrvTrNTl.dll
2010-11-08 17:46:06 -------- dc----w- C:\tmpDownload
2010-11-05 13:00:27 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-05 13:00:27 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-05 13:00:11 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-05 12:59:43 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 12:59:43 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 12:59:43 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 12:59:42 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 12:57:56 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-05 03:22:17 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-11-05 03:22:04 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-11-05 01:07:52 -------- d-----w- c:\windows\system32\scripting
2010-11-05 01:07:52 -------- d-----w- c:\windows\system32\en
2010-11-05 01:07:52 -------- d-----w- c:\windows\system32\bits
2010-11-04 22:17:05 -------- d-----w- c:\docume~1\compaq~1\applic~1\WinPatrol
2010-11-04 22:17:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2010-11-04 21:37:57 -------- d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
2010-11-04 21:36:39 -------- d-sh--w- c:\documents and settings\compaq_owner\IETldCache
2010-11-04 21:09:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-04 21:09:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-04 21:09:49 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-04 21:09:49 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-04 21:09:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-04 21:09:49 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-04 21:09:49 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-04 18:33:52 33792 ------w- c:\windows\system32\mmcperf.exe
2010-11-04 18:23:31 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-04 18:23:30 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-04 18:22:58 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-04 18:22:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-04 18:22:33 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-04 18:21:58 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-04 18:21:58 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-04 18:21:46 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-11-04 18:21:46 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-11-04 18:21:46 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-11-04 18:21:45 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-11-04 18:21:45 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-04 18:21:45 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-04 18:21:44 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-04 18:21:44 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-11-04 18:21:44 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-11-04 18:20:31 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-04 18:20:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-04 18:18:11 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-04 00:21:36 -------- d-----w- c:\windows\system32\PreInstall
2010-11-01 21:57:22 -------- d-----w- c:\docume~1\compaq~1\applic~1\WinBatch
2010-10-31 22:40:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-10-31 22:40:39 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-31 17:55:57 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Mozilla
2010-10-31 15:56:02 -------- dcsh--r- C:\cmdcons
2010-10-31 15:54:28 -------- d-----w- c:\windows\setupupd
2010-10-31 12:30:47 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Identities
2010-10-31 12:24:14 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Adobe
2010-10-31 09:56:46 -------- d-----w- c:\docume~1\compaq~1\applic~1\HPQ
2010-10-31 09:36:45 73728 ----a-r- c:\windows\system32\cnm144.tmp
2010-10-31 09:27:21 87552 ----a-w- c:\windows\system32\CNMLM4b.DLL
2010-10-31 09:27:21 5632 ----a-w- c:\windows\system32\CNMVS4b.DLL
2010-10-31 09:27:21 46080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP4b.DLL
2010-10-31 09:27:21 13824 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD4b.DLL
2010-10-31 09:27:19 73728 ----a-r- c:\windows\system32\CNMCP4b.exe
2010-10-31 09:22:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 09:22:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 09:19:17 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-31 09:15:21 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-31 09:10:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-31 09:09:54 16074 ----a-w- c:\windows\system32\drivers\FA312nd5.sys
2010-10-30 16:58:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-10-30 16:53:09 -------- d-----w- c:\program files\Uniblue
2010-10-29 16:47:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-29 15:50:42 -------- dc----w- C:\f3d9eb949c5a7021acd3c8bd
2010-10-29 15:50:37 -------- dc----w- C:\692c20eb37f2dcd683fc
2010-10-29 00:37:07 -------- dc----w- C:\b6d32fdd5115764cc3752340db50b5
2010-10-29 00:36:57 -------- dc----w- C:\3d7ea7118e9a72a1320c09f75b73
2010-10-29 00:11:09 -------- d-----w- c:\program files\Sophos
2010-10-21 17:19:50 -------- dc----w- C:\ERDNT
2010-10-20 23:05:28 -------- d-----w- c:\program files\CCleaner
2010-10-17 01:22:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2010-10-17 01:22:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Virgin Media
2010-10-16 22:52:47 -------- d-----w- c:\program files\MarkAny

==================== Find3M ====================

2010-11-05 01:10:13 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2010-11-05 01:10:13 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2010-11-05 01:10:13 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2010-11-05 01:10:13 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2010-11-05 01:10:13 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2010-11-05 01:10:13 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2010-11-05 01:10:13 287310 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2010-11-05 01:10:13 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N/R rev.TM100-24 -> \Device\Ide\IdeDeviceP2T1L0-24

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8614CAB8]
3 CLASSPNP[0xF7550FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000005e[0x861521A8]
5 ACPI[0xF73C7620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP2T0L0-1c[0x861E9D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel

Filesystem trace:
called modules: ntkrnlpa.exe hal.dll aswMon2.SYS fltmgr.sys aswFsBlk.SYS sr.sys aswSP.SYS Ntfs.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85EB3C60]
3 ntkrnlpa[0x80578683] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85F066A0]
5 fltmgr[0xF735CE95] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86101DD0]
7 sr[0xF734C870] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86183020]
9 ntkrnlpa[0x80578DA9] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85F066A0]
11 fltmgr[0xF735D098] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86101DD0]
13 sr[0xF734BBB9] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86183020]
15 ntkrnlpa[0x80578F57] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85F066A0]
17 fltmgr[0xF735D098] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86101DD0]
19 sr[0xF7347453] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86183020]
21 aswMon2[0xEFEDB9DD] -> ntkrnlpa!IofCallDriver[0x804EE130]
23 fltmgr[0xF735CE95] -> ntkrnlpa!IofCallDriver[0x804EE130]
25 sr[0xF734C870] -> ntkrnlpa!IofCallDriver[0x804EE130]
27 ntkrnlpa[0x80574DCB] -> ntkrnlpa!IofCallDriver[0x804EE130]
29 aswMon2[0xEFEDB9DD] -> ntkrnlpa!IofCallDriver[0x804EE130]
31 fltmgr[0xF735D098] -> ntkrnlpa!IofCallDriver[0x804EE130]
33 sr[0xF7347453] -> ntkrnlpa!IofCallDriver[0x804EE130]

Registry trace:
called modules: ntkrnlpa.exe aswSP.SYS hal.dll

============= FINISH: 18:32:12.07 ===============

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 AM

Posted 11 November 2010 - 01:45 PM

Hello,

You're welcome. :) Let's get rid of your rootkit....you must be so frustrated by now!

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 13 November 2010 - 02:04 PM

Hi There it says nothing was found

S.



2010/11/13 18:58:54.0937 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 18:58:54.0937 ================================================================================
2010/11/13 18:58:54.0937 SystemInfo:
2010/11/13 18:58:54.0937
2010/11/13 18:58:54.0937 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 18:58:54.0937 Product type: Workstation
2010/11/13 18:58:54.0937 ComputerName: ROBERTSCOMPUTER
2010/11/13 18:58:54.0937 UserName: Compaq_Owner
2010/11/13 18:58:54.0937 Windows directory: C:\WINDOWS
2010/11/13 18:58:54.0937 System windows directory: C:\WINDOWS
2010/11/13 18:58:54.0937 Processor architecture: Intel x86
2010/11/13 18:58:54.0937 Number of processors: 1
2010/11/13 18:58:54.0937 Page size: 0x1000
2010/11/13 18:58:54.0937 Boot type: Normal boot
2010/11/13 18:58:54.0937 ================================================================================
2010/11/13 18:58:55.0281 Initialize success
2010/11/13 18:58:57.0984 ================================================================================
2010/11/13 18:58:57.0984 Scan started
2010/11/13 18:58:57.0984 Mode: Manual;
2010/11/13 18:58:57.0984 ================================================================================
2010/11/13 18:59:01.0000 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/13 18:59:04.0218 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 18:59:05.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/13 18:59:07.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 18:59:08.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 18:59:09.0656 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/13 18:59:14.0015 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/13 18:59:16.0203 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/11/13 18:59:18.0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/13 18:59:22.0656 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/13 18:59:23.0765 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/13 18:59:24.0843 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/13 18:59:25.0921 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/13 18:59:27.0015 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/13 18:59:28.0109 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 18:59:29.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 18:59:31.0421 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/13 18:59:32.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 18:59:33.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 18:59:34.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 18:59:35.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 18:59:38.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 18:59:39.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 18:59:40.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 18:59:47.0000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 18:59:48.0109 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 18:59:49.0203 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 18:59:50.0234 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 18:59:51.0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 18:59:53.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 18:59:54.0531 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
2010/11/13 18:59:55.0609 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 18:59:56.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/13 18:59:57.0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 18:59:58.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/13 19:00:00.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/13 19:00:01.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 19:00:02.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 19:00:03.0250 GEARAspiWDM (6f55305289a0765bd8ae8e8d32f17117) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/13 19:00:04.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 19:00:05.0453 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 19:00:07.0750 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 19:00:11.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 19:00:12.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 19:00:14.0359 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/13 19:00:15.0484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/13 19:00:16.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/13 19:00:17.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 19:00:18.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 19:00:20.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 19:00:21.0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 19:00:22.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 19:00:23.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 19:00:24.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 19:00:25.0750 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/13 19:00:26.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 19:00:28.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 19:00:30.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 19:00:31.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 19:00:32.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 19:00:33.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 19:00:34.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 19:00:36.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 19:00:38.0093 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 19:00:39.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 19:00:40.0281 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 19:00:41.0359 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 19:00:42.0406 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 19:00:43.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 19:00:44.0515 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 19:00:45.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 19:00:46.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 19:00:47.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 19:00:48.0812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 19:00:49.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 19:00:50.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 19:00:52.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 19:00:53.0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 19:00:54.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 19:00:55.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 19:00:56.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 19:00:57.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 19:00:58.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 19:00:59.0546 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 19:01:00.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/13 19:01:01.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 19:01:02.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 19:01:03.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 19:01:05.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 19:01:07.0078 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/13 19:01:14.0515 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 19:01:15.0593 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/13 19:01:16.0671 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
2010/11/13 19:01:17.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 19:01:18.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 19:01:19.0906 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/13 19:01:26.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 19:01:27.0312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 19:01:28.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 19:01:29.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 19:01:30.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 19:01:31.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 19:01:32.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 19:01:33.0921 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 19:01:35.0015 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/11/13 19:01:36.0093 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/13 19:01:37.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 19:01:38.0281 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/13 19:01:39.0359 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/13 19:01:40.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 19:01:43.0593 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 19:01:44.0718 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 19:01:45.0828 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 19:01:46.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 19:01:48.0031 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 19:01:53.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 19:01:54.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 19:01:55.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 19:01:56.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 19:01:57.0703 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 19:01:59.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 19:02:02.0015 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 19:02:03.0125 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 19:02:04.0203 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 19:02:05.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 19:02:06.0734 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/13 19:02:07.0812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/13 19:02:08.0859 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 19:02:09.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 19:02:11.0000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 19:02:12.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/13 19:02:13.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 19:02:14.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 19:02:16.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 19:02:16.0656 ================================================================================
2010/11/13 19:02:16.0656 Scan finished
2010/11/13 19:02:16.0656 ================================================================================

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 AM

Posted 14 November 2010 - 01:03 PM

Hello there,

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to Squindar.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 14 November 2010 - 02:51 PM

Heres the combofix log

s.

ComboFix 10-11-13.01 - Compaq_Owner 14/11/2010 19:37:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.556 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-08 18:12 . 2010-11-08 18:12 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-11-08 17:54 . 2002-07-13 11:02 106496 ----a-w- c:\windows\system32\DrvTrNTl.dll
2010-11-08 17:54 . 2002-07-13 11:01 48640 ----a-w- c:\windows\system32\DrvTrNTm.dll
2010-11-08 17:46 . 2010-11-08 17:46 -------- dc----w- C:\tmpDownload
2010-11-05 13:00 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-05 13:00 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-05 13:00 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-05 12:59 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 12:59 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 12:59 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 12:59 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 12:57 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-05 03:22 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-11-05 03:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-11-05 03:17 . 2010-11-05 03:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-11-05 01:07 . 2010-11-05 01:07 -------- d-----w- c:\windows\system32\scripting
2010-11-05 01:07 . 2010-11-05 01:07 -------- d-----w- c:\windows\system32\en
2010-11-05 01:07 . 2010-11-05 01:07 -------- d-----w- c:\windows\system32\bits
2010-11-04 22:17 . 2010-11-04 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2010-11-04 21:09 . 2010-09-10 05:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-04 21:09 . 2010-09-10 05:58 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-04 21:09 . 2010-09-10 05:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-04 21:09 . 2010-09-10 05:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-04 21:09 . 2010-09-10 05:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-04 21:09 . 2010-09-10 05:58 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-04 21:09 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-04 18:33 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2010-11-04 18:23 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-04 18:23 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-04 18:22 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-04 18:22 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-04 18:22 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-04 18:21 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-04 18:21 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-04 18:21 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-11-04 18:21 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-11-04 18:21 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-11-04 18:21 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-11-04 18:21 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-04 18:21 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-04 18:21 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-04 18:21 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-11-04 18:21 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-11-04 18:20 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-04 18:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-04 18:18 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-02 22:50 . 2010-11-02 22:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-10-31 22:40 . 2010-10-31 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-10-31 22:40 . 2010-11-02 22:49 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-31 16:08 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-31 16:08 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-31 16:08 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-31 16:08 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-31 16:08 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-31 16:08 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-31 16:08 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-31 16:07 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-31 09:36 . 2002-07-29 17:59 73728 ----a-r- c:\windows\system32\cnm144.tmp
2010-10-31 09:27 . 2002-09-05 05:00 87552 ----a-w- c:\windows\system32\CNMLM4b.DLL
2010-10-31 09:27 . 2002-09-05 05:00 5632 ----a-w- c:\windows\system32\CNMVS4b.DLL
2010-10-31 09:27 . 2002-09-05 05:00 46080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP4b.DLL
2010-10-31 09:27 . 2002-09-05 05:00 13824 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD4b.DLL
2010-10-31 09:27 . 2002-07-29 17:59 73728 ----a-r- c:\windows\system32\CNMCP4b.exe
2010-10-31 09:22 . 2010-10-31 09:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 09:22 . 2010-10-31 09:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 09:19 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-31 09:17 . 2010-11-12 01:26 -------- d-----w- c:\documents and settings\Compaq_Owner
2010-10-31 09:16 . 2005-11-09 22:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-10-31 09:16 . 2005-11-09 22:32 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-10-31 09:16 . 2005-11-09 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-10-31 09:16 . 2005-11-09 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-10-31 09:10 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-31 09:09 . 2001-08-17 12:12 16074 ----a-w- c:\windows\system32\drivers\FA312nd5.sys
2010-10-30 16:58 . 2010-10-30 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-30 16:53 . 2010-10-30 16:53 -------- d-----w- c:\program files\Uniblue
2010-10-29 16:47 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-29 15:50 . 2010-10-30 16:55 -------- dc----w- C:\f3d9eb949c5a7021acd3c8bd
2010-10-29 15:50 . 2010-10-30 16:55 -------- dc----w- C:\692c20eb37f2dcd683fc
2010-10-29 00:37 . 2010-10-30 16:55 -------- dc----w- C:\b6d32fdd5115764cc3752340db50b5
2010-10-29 00:36 . 2010-10-30 16:55 -------- dc----w- C:\3d7ea7118e9a72a1320c09f75b73
2010-10-29 00:11 . 2010-10-29 00:11 -------- d-----w- c:\program files\Sophos
2010-10-21 17:19 . 2010-10-30 16:52 -------- dc----w- C:\ERDNT
2010-10-20 23:05 . 2010-10-20 23:05 -------- d-----w- c:\program files\CCleaner
2010-10-19 16:23 . 2010-10-19 16:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-17 01:22 . 2010-10-17 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-10-17 01:22 . 2010-10-30 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Media
2010-10-16 22:53 . 2010-10-16 22:53 -------- d-----w- c:\program files\DIFX
2010-10-16 22:52 . 2010-10-16 22:52 -------- d-----w- c:\program files\MarkAny

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 01:10 . 2010-11-05 01:10 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-11-05 01:10 . 2010-11-05 01:10 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-11-05 01:10 . 2010-11-05 01:10 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-11-05 01:10 . 2010-11-05 01:10 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-11-05 01:10 . 2010-11-05 01:10 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-11-05 01:10 . 2010-11-05 01:10 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-11-05 01:10 . 2010-11-05 01:10 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-11-05 01:10 . 2010-11-05 01:10 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-09-18 12:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-05-07 01:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-29 329096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-09 98304]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-07-13 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/10/2010 16:08 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/10/2010 16:08 17744]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-12 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\br9vm8dk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N/R rev.TM100-24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-24

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8614CAB8]
3 CLASSPNP[0xF7550FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000005e[0x861521A8]
5 ACPI[0xF73C7620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP2T0L0-1c[0x861E9D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-14 19:48:41
ComboFix-quarantined-files.txt 2010-11-14 19:48

Pre-Run: 72,842,366,976 bytes free
Post-Run: 75,815,890,944 bytes free

- - End Of File - - 4ED635DD2057D50D9321302FA99051D7

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 AM

Posted 14 November 2010 - 02:59 PM

Hello Robert,

How is it running please?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 14 November 2010 - 04:41 PM

Still frustratingly slow Im afraid

s.

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 AM

Posted 14 November 2010 - 05:28 PM

Hello Robert,

In your initial post you said you reinstalled XP, SP3. Your log says you only have SP2 and IE6....has this changed?

Have you run MBAM again? If so, was it clean?

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link
  • Close all open browsers before using, especially FireFox. <-Important!!!
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Notes: On Vista, "Windows Temp" is disabled. To empty Temp, ATF-Cleaner must be Run As Administrator.
The Prefetch cleaning feature has been disabled for Vista Users. Tabs for applications that are not installed are grayed out.


tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 14 November 2010 - 07:42 PM

Yes Reinstalled xp and it quickly updated to sp3 and ie8

Done the clen now

still slow

s.

have not run mbam yet will do so now
s.

#13 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 15 November 2010 - 12:36 PM

mbam reports no malicious items

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 AM

Posted 16 November 2010 - 06:22 PM

Hi Robert,

No ignoring you....looking for something to help you! Tell you what, I'd like to see a HijackThis log....this will allow us to easily look for slow downs in both processes and services. This is often a big problem, programs that don't play well together and cause problems.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Squindar

Squindar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 17 November 2010 - 01:03 PM

Here they are
s

Logfile of random's system information tool 1.08 (written by random/random)
Run by Compaq_Owner at 2010-11-17 17:58:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 73 GB (50%) free of 145 GB
Total RAM: 958 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:30, on 17/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expr




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users