Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winlogon.exe is infected with Win32:Malware-gen


  • This topic is locked This topic is locked
9 replies to this topic

#1 attcbf

attcbf

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 18 January 2011 - 03:27 AM

I am running Windows XP Pro SP 2 32-bit (build 2600)(ver 5.1). My anti-virus is avast 5 (newly updated) and Malwarebytes' anti-malware. I keep on getting an Avast warning that it is blocking:
(1) win32:malware-gen, found in my c:\windows\systems32\winlogon.exe; and
(2) win32:Patched-UE[Trj] found in c:\windows\explorer.exe.

When I run malwarebytes on the files, it does not identify any infections. But when I run avast on the files, it detects the viruses.

I ran DDS and Gmer and ComboFix. ComboFix detected some problems, but it does not appear to have solved them, as I am still getting the same avast malware warnings as set forth above. Both Mbam and Superantispyware, which were run after Combofix, detected nothing.

I also have noticed in the last day or so that my wireless keyboard and trackball (both logitech devices) now need to be about a foot from the wireless receivers in order to run properly; & I am getting redirected to ad & spam sites from google. I do not know if these are all symptoms of the same infections or if there is something more insidious going on, but help is definitely needed.

Thank you.

DDS files and ComboFix report are below and the Gmer.txt file is attached.

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Craig at 18:24:27.85 on Mon 01/17/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1201 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\comp health\[COMP HEALTH] - Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
D:\COMPHE~1\_COMPH~1\avastUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\RTHDCPL.EXE
D:\[OFFICE]\[OFFICE] - Paperport9\pptd40nt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\[MEDIA]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe
D:\[OFFICE]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\[TOM TOM]\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\ups.exe
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
D:\[INTERNET]\[BROWSER] - Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Craig\Desktop\dds.com

============== Pseudo HJT Report ===============

uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\[comp health]\[comp health] - avg anti-virus\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\craig\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast5] d:\comphe~1\_comph~1\avastUI.exe /nogui
mRun: [DNS7reminder] "d:\[office]\[office] - dragon naturally speaking 10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickFinder Scheduler] "d:\[office]\[office] - wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [PdxRegCl] "d:\[office]\[office] - wordperfect office x3\programs\PdxRegCl.exe" /s /c
mRun: [PaperPort PTD] d:\[office]\[office] - paperport9\pptd40nt.exe
mRun: [Nuance.ctfmngr] d:\_offic~1\_o0930~1\program\ctfmngr.exe /restore
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\[comp health]\[comp health] - malwarebytes\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IndexSearch] d:\[office]\[office] - paperport9\IndexSearch.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "d:\[media]\[media] - divx\divx\divx plus web player\DDmService.exe" start
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Acrobat Speed Launcher] "d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\Acrotray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\[media]\[media] - widcomm\bluetooth software\BTTray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with WordPerfect - d:\[office]\[office] - wordperfect office x3\programs\WPLauncher.hta
IE: Send to &Bluetooth Device... - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: acaptuser32.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\5s8eyo5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: d:\[internet]\[browser] - firefox\components\browserdirprovider.dll
FF - component: d:\[internet]\[browser] - firefox\components\brwsrcmp.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npdeploytk.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npnul32.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\nppdf32.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin2.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin3.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin4.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin5.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin6.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin7.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npdivx32.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npdsplay.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\NPSWF32.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx web player\npdivx32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat 9\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat pro 9 ext\adobe acrobat 9 pro extended\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat pro 9\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - canon pixma mx340\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: d:\[office]\[office] - pdfpro6trial\pdf professional 6\bin\nppdf.dll
FF - plugin: d:\[office]\[office] adobe acrobat 9\acrobat\browser\nppdf32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\[internet]\[browser] - firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - d:\[internet]\[browser] - firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\[internet]\[browser] - firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\[media]\[media] - divx\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - d:\[media]\[media] - divx\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-2 294608]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-2 17744]
R2 avast! Antivirus;avast! Antivirus;d:\comp health\[comp health] - avast5\AvastSvc.exe [2010-1-24 40384]
R2 SITomcat;SI Tomcat;d:\[gm spo]\[gm spo] - service manual '95-'05\esi\apache group\tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]
R2 SITransbase;SI Transbase;d:\[gm spo]\[gm spo] - service manual '95-'05\esi\transbase\tbmux32.exe [2001-11-20 165376]
R2 TomTomHOMEService;TomTomHOMEService;d:\[tom tom]\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbvm305.sys --> c:\windows\system32\drivers\usbVM305.sys [?]

=============== Created Last 30 ================

2011-01-17 20:23:42 -------- d--h--w- c:\windows\PIF
2011-01-17 19:22:32 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-01-17 19:22:32 -------- d-----w- c:\program files\Belarc
2011-01-15 05:26:41 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-15 05:26:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-15 05:26:15 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-15 05:26:15 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-15 05:26:15 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-15 05:26:15 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-15 05:26:15 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-15 05:26:15 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-15 05:26:15 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-15 05:20:20 -------- d-----w- c:\program files\iYogi Support Dock
2011-01-15 04:21:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-15 04:15:13 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\VS Revo Group
2011-01-15 03:31:14 -------- d-----w- c:\windows\pss
2011-01-15 03:11:37 -------- d-----w- c:\windows\system32\CatRoot2
2011-01-11 23:08:41 -------- d-----w- c:\documents and settings\craig\Bluetooth Software
2011-01-11 23:04:10 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-01-11 23:04:10 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-01-11 23:04:10 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-01-11 23:04:10 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-01-11 23:04:10 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-01-11 23:04:09 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-01-11 23:04:09 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-01-11 23:04:09 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2011-01-02 23:01:51 -------- d-----w- c:\docume~1\craig\applic~1\Local

==================== Find3M ====================

2011-01-18 00:01:18 502272 ----a-w- c:\windows\system32\winlogon.exe
2011-01-18 00:00:23 1033216 ----a-w- c:\windows\explorer.exe
2011-01-17 18:13:42 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

============= FINISH: 18:24:55.64 ===============

Attach.txt

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2009 5:45:54 PM
System Uptime: 1/17/2011 5:09:45 PM (1 hours ago)

Motherboard: MICRO-STAR INTERANTONAL CO.,LTD | | MS-7302
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 71.08 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 73.884 GiB free.
E: is FIXED (NTFS) - 103 GiB total, 100.739 GiB free.
F: is CDROM ()
H: is FIXED (NTFS) - 37 GiB total, 20.535 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


µTorrent
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
AMD Processor Driver
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
avast! Free Antivirus
Belarc Advisor 8.1
Canon MF Toolbox 4.9.1.1.mf08
Canon MF6500 Series
Canon MP Navigator EX 3.1
Canon MX340 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CaseMap 4 - InstallShield Wizard
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dragon NaturallySpeaking 10
E-Transcript Bundle Viewer
EPSON Printer Software
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
ImgBurn
IrfanView (remove only)
Java™ 6 Update 17
Malwarebytes' Anti-Malware
Media Player Classic
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.0.19)
Mozilla Thunderbird (2.0.0.24)
My Bar-Bat Mitzvah Companion 3.0
ObjectDock Plus
Objection Series 3.3
OpenOffice.org 3.1
Opera 9.63
PaperPort 9.0
Paradox
PDFCreator
pdfforge Toolbar v4.1
PFPortChecker 1.0.32
Quick View Plus
QuickTime
Realtek High Definition Audio Driver
Safari
SI Data SIen v2004.19
SI Stand-alone application
SI Tiff Viewer Plugin v4
Software Update for Web Folders
SpaceMonger 2.1.1
TomTom HOME 2.7.2.1825
TomTom HOME Visual Studio Merge Modules
Update Manager
VC80CRTRedist - 8.0.50727.4053
Visual C++ Runtime for Dragon NaturallySpeaking
WIDCOMM Bluetooth Software
Windows Imaging Component
Windows Installer 3.1 (KB893803)
WinRAR archiver
WordPerfect Office X3

==== Event Viewer Messages From Past Week ========

1/17/2011 10:36:22 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service dmadmin with arguments "/com" in order to run the server: {4FB6BB00-3347-11D0-B40A-00AA005FF586}
1/17/2011 10:05:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
1/15/2011 6:40:00 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
1/14/2011 9:22:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/14/2011 7:12:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/14/2011 7:10:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/14/2011 6:56:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
1/14/2011 6:56:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/14/2011 6:43:49 PM, error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
1/14/2011 6:43:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn Rescue (ee49ea17-a882-475e-a36c-2b1209ea7b1a) service to connect.
1/14/2011 6:43:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.
1/14/2011 6:43:49 PM, error: Service Control Manager [7000] - The LogMeIn Rescue (ee49ea17-a882-475e-a36c-2b1209ea7b1a) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2011 6:43:49 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2011 5:57:58 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


ComboFix 11-01-17.03 - Craig 01/17/2011 21:29:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1585 [GMT -8:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Craig\Application Data\Local
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Craig\g2mdlhlpx.exe
c:\documents and settings\Craig\My Documents\Iyogi.reg
c:\program files\pdfforge Toolbar\IE\4.1\pdFForgetoolbarie.dll

c:\windows\regedit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP2\A0000040.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP2\A0000428.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-17 20:23 . 2011-01-17 20:23 -------- d--h--w- c:\windows\PIF
2011-01-17 19:22 . 2011-01-17 19:22 -------- d-----w- c:\program files\Belarc
2011-01-17 19:22 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\program files\MSBuild
2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\program files\Reference Assemblies
2011-01-15 05:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-15 05:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-15 05:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-15 05:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-15 05:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-15 05:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-15 05:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-15 05:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-15 05:20 . 2011-01-15 14:32 -------- d-----w- c:\program files\iYogi Support Dock
2011-01-15 04:15 . 2011-01-15 04:15 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\VS Revo Group
2011-01-15 03:11 . 2011-01-18 05:28 -------- d-----w- c:\windows\system32\CatRoot2
2011-01-15 02:33 . 2011-01-15 02:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-01-11 23:08 . 2011-01-11 23:08 -------- d-----w- c:\documents and settings\Craig\Bluetooth Software
2011-01-11 23:04 . 2009-06-21 16:56 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-01-11 23:04 . 2009-05-11 21:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-01-11 23:04 . 2008-09-26 15:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-01-11 23:04 . 2008-07-25 00:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-01-11 23:04 . 2007-09-20 18:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-01-11 23:04 . 2009-08-17 21:00 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-01-11 23:04 . 2009-07-09 19:45 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-01-11 23:04 . 2008-02-05 00:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-18 00:01 . 2004-08-03 23:56 502272 ----a-w- c:\windows\system32\winlogon.exe
2011-01-18 00:00 . 2007-02-18 21:37 1033216 ----a-w- c:\windows\explorer.exe
2011-01-13 08:47 . 2010-07-05 00:59 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-12-02 18:38 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-12-02 18:39 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-12-02 18:39 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-12-02 18:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-12-02 18:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-12-02 18:39 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-12-02 18:39 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-12-02 18:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.

------- Sigcheck -------

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-02-18 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
[-] 2007-02-18 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\dllcache\browser.dll

[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2007-02-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2007-02-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll

[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2007-02-18 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
[-] 2007-02-18 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe

[-] 2007-02-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2007-02-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2011-01-18 . 06E9698963CCDB85FAE513801F7AF6B5 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2007-02-18 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2007-02-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2007-02-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2007-02-18 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
[-] 2007-02-18 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2007-02-18 21:37 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
[-] 2007-02-18 21:37 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\dllcache\es.dll

[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2007-02-18 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\system32\kernel32.dll
[-] 2007-02-18 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2007-02-18 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
[-] 2007-02-18 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2007-02-18 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\system32\mshtml.dll
[-] 2007-02-18 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2007-02-18 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2007-02-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2007-02-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2007-02-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
[-] 2007-02-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll

[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2007-02-18 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\system32\wininet.dll
[-] 2007-02-18 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2011-01-18 . 375F1144332062F5C72F7B94BF4E4192 . 1033216 . . [6.00.2900.2894] . . c:\windows\explorer.exe

[-] 2007-02-18 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
[-] 2007-02-18 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\ole32.dll

[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll

[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2007-02-18 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2007-02-18 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2007-02-18 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2007-02-18 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll

[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2005-05-28 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2005-05-28 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2007-02-18 21:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2007-02-18 21:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2007-02-18 21:40 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\mspmsnsv.dll
[-] 2007-02-18 21:40 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2007-02-18 . 1F9DD693DF8F6A1841E57EC62D22CC1C . 2017280 . . [5.1.2600.3023] . . c:\windows\system32\ntkrnlpa.exe

[-] 2004-08-03 23:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 23:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2004-08-03 23:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-03 23:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll

[-] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe

[-] 2007-02-18 . 0C58CB9E8C2163F290FCDDCC75D9BEFA . 2137600 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe

[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll

[-] 2007-02-18 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
[-] 2007-02-18 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="d:\comphe~1\_COMPH~1\avastUI.exe" [2011-01-13 3396624]
"DNS7reminder"="d:\[office]\[OFFICE] - Dragon Naturally Speaking 10\Ereg\Ereg.exe" [2007-04-16 14:33 259624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-23 524288]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"QuickFinder Scheduler"="d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 04:21 83568]
"PdxRegCl"="d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\PdxRegCl.exe" [2004-06-14 23:57 49152]
"PaperPort PTD"="d:\[office]\[OFFICE] - Paperport9\pptd40nt.exe" [2003-02-27 10:12 57393]
"Nuance.ctfmngr"="d:\_offic~1\_O0930~1\Program\ctfmngr.exe" [2009-04-10 50536]
"Malwarebytes Anti-Malware (reboot)"="d:\[comp health]\[COMP HEALTH] - Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 18:53 1312080]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"IndexSearch"="d:\[office]\[OFFICE] - Paperport9\IndexSearch.exe" [2003-02-27 10:40 40960]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 21:15 63360]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"Adobe Acrobat Speed Launcher"="d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrobat_sl.exe" [2008-06-12 10:25 37232]
"Acrobat Assistant 8.0"="d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe" [2008-06-12 06:43 640376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="d:\[tom tom]\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus C86 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB003" /M "Stylus C86"
"BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\[INTERNET]\\[TORRENT] - uTorrent\\uTorrent.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/2/2009 10:39 AM 294608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [10/22/2010 4:38 PM 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/2/2009 10:39 AM 17744]
R2 SITomcat;SI Tomcat;d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe [10/27/2003 3:33 AM 65536]
R2 SITransbase;SI Transbase;d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe [11/20/2001 5:37 AM 165376]
R2 TomTomHOMEService;TomTomHOMEService;d:\[tom tom]\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 7:05 AM 92008]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with WordPerfect - d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\WPLauncher.hta
IE: Send to &Bluetooth Device... - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\5s8eyo5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\[internet]\[BROWSER] - Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - d:\[internet]\[BROWSER] - Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\[internet]\[BROWSER] - Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\[media]\[MEDIA] - DivX\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 21:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"d:\comp health\
[COMP HEALTH] - Avast5\AvastSvc.exe\""

--
"ImagePath"="D:\
[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe"

--
"ImagePath"="\"D:\
[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe\""

"ImagePath"="\"D:\
[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe\""

--
"ImagePath"="D:\
[TOM TOM]\TomTom HOME 2\TomTomHOMEService.exe"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus]
"ImagePath"="\"d:\comp health\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwdins]
"ImagePath"="D:\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SITomcat]
"ImagePath"="\"D:\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SITransbase]
"ImagePath"="\"D:\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TomTomHOMEService]
"ImagePath"="D:\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\comp health\[COMP HEALTH] - Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\[office]\[OFFICE] - Paperport9\pptd40nt.exe
c:\windows\system32\PSIService.exe
d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe
d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrobat_sl.exe
d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe
d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\[tom tom]\TomTom HOME 2\TomTomHOMEService.exe
d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
.
**************************************************************************
.
Completion time: 2011-01-17 21:36:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 05:36

Pre-Run: 77,326,409,728 bytes free
Post-Run: 77,430,202,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 37C5C113B80F1E7EC887F854ADCAA8EB

EDIT: Please be patient. There are over 150 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Edited by Budapest, 18 January 2011 - 06:18 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:56 AM

Posted 19 January 2011 - 09:05 PM

Hello attcbf ,

Posted Image

Please update to SP3, then have another run with ComboFix and post the report. That should fix the biggest problem. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 attcbf

attcbf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 20 January 2011 - 04:56 PM

Hi tea, I installed SP3 and re-ran combofix. Attached is the report. I tried to post it but received error message that the post was too long. I don't know how to read it, so please let me know what it states. Thank you.

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:56 AM

Posted 21 January 2011 - 12:32 PM

Hello,

Looks better.....how is it running now please? :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 attcbf

attcbf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 24 January 2011 - 05:18 AM

I have re-booted a number of times and no malware warnings are pooping up, so I think the sp3 install did the trick. Not sure how I got the virus in the first place, as I had spybot and avast running the whole time before avast warned me it was blocking the malware from executing. Thank you for your help.

#6 attcbf

attcbf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 January 2011 - 05:22 PM

Before I am sure this virus is eradicated, I am scanning my c drive with panda online scan. I will post the log once it completes its task. I must say, it does its job sloooowly. It has been running for 2 hours and the graphic shows it is only 19% completed. The graphic also states that it has found 3 infected files so far.

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:56 AM

Posted 25 January 2011 - 07:08 PM

Hello there :)

You're welcome. :)

Eh, Panda isn't the best out there for this, so I'm going to bet that what it finds is either benign or false positives.....but please do post the report when you're ready.

Also, Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 attcbf

attcbf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 January 2011 - 10:00 PM

Panda has proven to be a pain in my panda$$. It runs super slow and then hangs in mid-scan after a couple of hours. Can you suggest an online scanner that I can use to make sure I computer is clean? Thanks.

#9 attcbf

attcbf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 26 January 2011 - 05:27 AM

I gave up on Panda. I uninstalled Panda and combofix. I also did an avast scan which stated it found 5 infected files and moved them to the chest. So, I am not sure if I am good to go or not. The avast report is below.
*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Select folder to scan
* Started on: Wednesday, January 26, 2011 12:18:09 AM
* VPS: 110125-1, 01/25/2011
*

C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\obcvsjtw.default\parent.lock [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Craig\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Craig\ntuser.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\LocalService\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\LocalService\ntuser.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\NetworkService\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\NetworkService\ntuser.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\System Volume Information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP7\A0005630.exe [L] Win32:Patched-UE [Trj] (0)
C:\System Volume Information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP7\A0006872.exe [L] Win32:WinPatch (0)
C:\System Volume Information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP7\A0007082.exe [L] Win32:WinPatch (0)
C:\WINDOWS\system32\CatRoot2\edb.log [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\CatRoot2\tmp.edb [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\system [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\system.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\temp\hsperfdata_SYSTEM\2224 [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\temp\Perflib_Perfdata_74c.dat [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\temp\_avast5_\Webshlock.txt [E] The process cannot access the file because it is being used by another process (32)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>empty.cat [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>spmsg.dll [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>spuninst.exe [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>portcls.sys [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>sysaudio.sys [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>update\kb818801.cat [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>update\spcustom.dll [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>update\update.exe [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>update\update.inf [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>update\eula.txt [E] CAB archive is corrupted. (42127)
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe|>[Emul]|>update\update.ver [E] CAB archive is corrupted. (42127)
E:\WinXP_SP3UninstallBackup\$ntservicepackuninstall$\explorer.exe [L] Win32:WinPatch (0)
E:\WinXP_SP3UninstallBackup\$ntservicepackuninstall$\winlogon.exe [L] Win32:WinPatch (0)
Infected files: 5
Total files: 100785
Total folders: 10797
Total size: 68.7 GB

*
* Scan stopped: Wednesday, January 26, 2011 12:45:02 AM
* Run-time was 26 minute(s), 53 second(s)
*

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:56 AM

Posted 12 February 2011 - 03:09 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users