Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp security virus/maleware


  • This topic is locked This topic is locked
19 replies to this topic

#1 jimmartin

jimmartin

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 04 August 2011 - 04:35 PM

I got hit with xp security virus. I can't run avg, i have run malwarebytes but still i have issues. any help is appreciated.

.
DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by jim at 14:28:08 on 2011-08-04
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1009 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\windows\system32\Check.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{5EA189D2-2BA7-4110-8386-2B3236498DC5} : DhcpNameServer = 68.94.156.1 68.94.157.1
Notify: igfxcui - igfxsrvc.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bbqhpxvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-7-31 30336]
.
=============== Created Last 30 ================
.
2011-08-04 18:35:29 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-08-04 06:23:26 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2011-08-04 06:23:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 06:23:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-04 06:23:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 06:23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-04 05:49:00 -------- d-----w- c:\windows\system32\LogFiles
2011-08-04 03:36:09 -------- d-----w- c:\documents and settings\all users\application data\AVG10(2)
2011-08-04 02:33:59 -------- d-----w- c:\documents and settings\jim\application data\Intel
2011-08-02 23:34:35 -------- d-----w- c:\documents and settings\jim\local settings\application data\Adobe
2011-08-02 20:27:36 -------- d-----w- c:\program files\FreeRIP3
2011-08-02 03:45:16 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-08-01 20:09:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-01 15:40:19 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-01 15:39:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 15:39:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 04:52:41 -------- d-----w- c:\documents and settings\jim\application data\GlarySoft
2011-08-01 04:43:50 -------- d-sh--w- c:\documents and settings\jim\PrivacIE
2011-08-01 04:43:50 -------- d-----w- c:\documents and settings\jim\local settings\application data\Yahoo
2011-08-01 03:58:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 00:21:28 -------- d-----w- c:\program files\uTorrent
2011-07-31 22:40:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-31 22:40:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-31 22:38:29 -------- d-----w- c:\program files\iPod
2011-07-31 22:38:24 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-31 22:36:02 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple
2011-07-31 22:34:57 -------- d-----w- c:\program files\Bonjour
2011-07-31 22:32:31 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple Computer
2011-07-31 21:57:20 -------- d-----w- c:\documents and settings\jim\local settings\application data\Powercinema
2011-07-31 21:51:22 -------- d-sh--w- C:\FOUND.000
2011-07-31 21:42:13 -------- d-----w- c:\documents and settings\jim\application data\uTorrent
2011-07-31 21:18:33 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-31 21:18:09 57344 ----a-w- c:\windows\system32\packet.dll
2011-07-31 21:18:09 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2011-07-31 21:18:09 30336 ----a-w- c:\windows\system32\drivers\npf.sys
2011-07-31 21:18:09 208896 ----a-w- c:\windows\system32\wpcap.dll
2011-07-31 21:18:09 -------- d-----w- c:\program files\WinPCap
2011-07-31 21:17:22 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-07-31 21:17:22 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-07-31 21:17:22 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2011-07-31 21:17:22 -------- d-----w- C:\Acer
2011-07-31 21:17:13 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 21:13:46 -------- d-----w- c:\documents and settings\jim\.tuxguitar-1.2
2011-07-31 21:11:34 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-31 21:11:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-31 21:11:26 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-31 21:11:20 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-31 21:11:14 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-31 21:11:07 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2011-07-31 21:02:32 -------- d-sh--w- c:\documents and settings\jim\IETldCache
2011-07-31 20:59:37 -------- d-----w- c:\program files\Yahoo!
2011-07-31 20:58:34 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-31 20:58:04 -------- d--h--w- c:\windows\ie8
2011-07-31 20:57:48 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-31 20:44:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-31 20:43:17 -------- d-----w- c:\program files\AVG
2011-07-31 20:33:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-31 20:32:01 -------- d-sh--w- c:\documents and settings\jim\UserData
2011-07-31 20:23:35 -------- d-----w- c:\windows\Downloaded Installations
2011-07-31 20:21:39 245760 ----a-w- c:\windows\system32\Check.exe
2011-07-31 20:21:37 -------- d-----w- c:\program files\acer
2011-07-31 20:21:16 -------- d-----w- c:\program files\Launch Manager
2011-07-31 20:21:15 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2011-07-31 20:21:15 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-07-31 20:21:15 147456 ----a-w- c:\windows\UNINST32.EXE
2011-07-31 20:19:02 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2011-07-31 20:19:02 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
==================== Find3M ====================
.
2011-07-31 20:09:12 520 ----a-w- c:\windows\CLEANUP.CMD
2011-07-31 20:09:02 799 ----a-w- c:\windows\HotFix.bat
2011-07-22 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-16 14:17:06 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-06-24 14:44:30 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-24 14:28:22 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-15 15:03:10 3164160 ----a-w- c:\windows\system32\x264vfw.dll
2011-05-09 18:23:34 216064 ----a-w- c:\windows\system32\lagarith.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9808210A rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898764D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8987c7d0]; MOV EAX, [0x8987c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E3D45] -> \Device\Harddisk0\DR0[0x898C0AB8]
3 CLASSPNP[0xF765805B] -> nt!IofCallDriver[0x804E3D45] -> \Device\00000079[0x898F89E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E3D45] -> [0x898F9940]
\Driver\atapi[0x898C02E0] -> IRP_MJ_CREATE -> 0x898764D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8987631B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:28:19.98 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-04 14:33:51
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9808210A rev.3.01
Running: gmer.exe; Driver: C:\DOCUME~1\jim\LOCALS~1\Temp\kwqoyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB7003ABF]
? C:\DOCUME~1\jim\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8987631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 8987631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8987631B

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 10 August 2011 - 02:18 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 10 August 2011 - 05:11 PM

DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by jim at 14:29:29 on 2011-08-10
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.798 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [eRecoveryService] c:\windows\system32\Check.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{5EA189D2-2BA7-4110-8386-2B3236498DC5} : DhcpNameServer = 68.94.156.1 68.94.157.1
Notify: igfxcui - igfxsrvc.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bbqhpxvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-4 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-4 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-4 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-4 42184]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-7 41272]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-7-31 30336]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-8-9 16896]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2003-2-13 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2011-8-9 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2003-2-13 84092]
.
=============== Created Last 30 ================
.
2011-08-10 03:18:49 -------- d-----w- c:\program files\US122_Install
2011-08-10 03:15:20 17263 ----a-w- c:\windows\system32\drivers\US122DL.sys
2011-08-10 03:07:33 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2011-08-10 03:07:33 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2011-08-10 03:07:02 -------- d-----w- c:\windows\RegisteredPackages
2011-08-10 03:06:00 87040 ----a-w- c:\windows\system\Ra32sipr.dll
2011-08-10 03:06:00 85504 ----a-w- c:\windows\system\Encdnet.dll
2011-08-10 03:06:00 81920 ----a-w- c:\windows\system\Ra3214_4.dll
2011-08-10 03:06:00 72704 ----a-w- c:\windows\system\Ra3228_8.dll
2011-08-10 03:06:00 61952 ----a-w- c:\windows\system\Decdnet.dll
2011-08-10 03:06:00 487936 ----a-w- c:\windows\system\Rmbe3260.dll
2011-08-10 03:06:00 352768 ----a-w- c:\windows\system\pngu3263.dll
2011-08-10 03:06:00 273408 ----a-w- c:\windows\system\Pncrt.dll
2011-08-10 03:06:00 21504 ----a-w- c:\windows\system\Ra32dnet.dll
2011-08-10 03:06:00 131072 ----a-w- c:\windows\system\Pneng50.dll
2011-08-10 03:06:00 130560 ----a-w- c:\windows\system\Pnc3250.dll
2011-08-10 03:05:51 -------- d-----w- c:\program files\Steinberg
2011-08-10 02:37:00 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2011-08-10 02:23:29 45056 ----a-w- c:\windows\system32\Synsopos.exe
2011-08-10 02:23:27 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2011-08-10 02:23:27 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2011-08-10 02:23:27 -------- d-----w- c:\program files\Syncrosoft
2011-08-10 01:13:10 -------- d-----w- c:\documents and settings\jim\application data\Steinberg
2011-08-07 17:10:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 17:10:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 17:10:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 16:54:36 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-05 04:42:50 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 04:42:50 -------- d-----w- c:\program files\common files\PC Tools
2011-08-05 04:39:33 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-05 04:20:10 -------- d-----w- c:\documents and settings\all users\application data\FreeRIP
2011-08-05 02:31:18 -------- d-sh--w- c:\documents and settings\jim\IECompatCache
2011-08-05 01:51:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-05 01:51:04 40112 ----a-w- c:\windows\avastSS.scr
2011-08-05 01:50:49 -------- d-----w- c:\program files\AVAST Software
2011-08-05 01:50:49 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-08-04 18:35:29 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-08-04 06:23:26 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2011-08-04 06:23:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-04 05:49:00 -------- d-----w- c:\windows\system32\LogFiles
2011-08-04 03:36:09 -------- d-----w- c:\documents and settings\all users\application data\AVG10(2)
2011-08-04 02:33:59 -------- d-----w- c:\documents and settings\jim\application data\Intel
2011-08-02 23:34:35 -------- d-----w- c:\documents and settings\jim\local settings\application data\Adobe
2011-08-02 20:27:36 -------- d-----w- c:\program files\FreeRIP3
2011-08-02 03:45:16 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-08-01 20:09:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-01 15:40:19 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-01 15:39:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 15:39:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 04:52:41 -------- d-----w- c:\documents and settings\jim\application data\GlarySoft
2011-08-01 04:43:50 -------- d-sh--w- c:\documents and settings\jim\PrivacIE
2011-08-01 04:43:50 -------- d-----w- c:\documents and settings\jim\local settings\application data\Yahoo
2011-08-01 03:58:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 00:21:28 -------- d-----w- c:\program files\uTorrent
2011-07-31 22:40:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-31 22:40:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-31 22:38:29 -------- d-----w- c:\program files\iPod
2011-07-31 22:38:24 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-31 22:36:02 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple
2011-07-31 22:34:57 -------- d-----w- c:\program files\Bonjour
2011-07-31 22:32:31 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple Computer
2011-07-31 21:57:20 -------- d-----w- c:\documents and settings\jim\local settings\application data\Powercinema
2011-07-31 21:51:22 -------- d-sh--w- C:\FOUND.000
2011-07-31 21:42:13 -------- d-----w- c:\documents and settings\jim\application data\uTorrent
2011-07-31 21:18:33 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-31 21:18:09 57344 ----a-w- c:\windows\system32\packet.dll
2011-07-31 21:18:09 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2011-07-31 21:18:09 30336 ----a-w- c:\windows\system32\drivers\npf.sys
2011-07-31 21:18:09 208896 ----a-w- c:\windows\system32\wpcap.dll
2011-07-31 21:18:09 -------- d-----w- c:\program files\WinPCap
2011-07-31 21:17:22 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-07-31 21:17:22 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-07-31 21:17:22 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2011-07-31 21:17:22 -------- d-----w- C:\Acer
2011-07-31 21:17:13 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 21:13:46 -------- d-----w- c:\documents and settings\jim\.tuxguitar-1.2
2011-07-31 21:11:34 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-31 21:11:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-31 21:11:26 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-31 21:11:20 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-31 21:11:14 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-31 21:11:07 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2011-07-31 21:02:32 -------- d-sh--w- c:\documents and settings\jim\IETldCache
2011-07-31 20:59:37 -------- d-----w- c:\program files\Yahoo!
2011-07-31 20:58:34 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-31 20:58:04 -------- d--h--w- c:\windows\ie8
2011-07-31 20:57:48 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-31 20:44:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-31 20:43:17 -------- d-----w- c:\program files\AVG
2011-07-31 20:33:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-31 20:32:01 -------- d-sh--w- c:\documents and settings\jim\UserData
2011-07-31 20:23:35 -------- d-----w- c:\windows\Downloaded Installations
2011-07-31 20:21:39 245760 ----a-w- c:\windows\system32\Check.exe
2011-07-31 20:21:37 -------- d-----w- c:\program files\acer
2011-07-31 20:21:16 -------- d-----w- c:\program files\Launch Manager
2011-07-31 20:21:15 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2011-07-31 20:21:15 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-07-31 20:21:15 147456 ----a-w- c:\windows\UNINST32.EXE
2011-07-31 20:19:02 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2011-07-31 20:19:02 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
==================== Find3M ====================
.
2011-07-31 20:09:12 520 ----a-w- c:\windows\CLEANUP.CMD
2011-07-31 20:09:02 799 ----a-w- c:\windows\HotFix.bat
2011-07-22 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-16 14:17:06 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-06-24 14:44:30 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-24 14:28:22 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-15 15:03:10 3164160 ----a-w- c:\windows\system32\x264vfw.dll
.
============= FINISH: 14:33:02.82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2011 2:15:12 PM
System Uptime: 8/10/2011 9:54:21 AM (5 hours ago)
.
Motherboard: Acer, Inc. | | Crane II
Processor: Intel® Pentium® M processor 1.60GHz | U1 | 1596/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 36 GiB total, 22.027 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 8.96 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 298 GiB total, 67.158 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\SYN1003\4&28561D4B&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\SYN1003\4&28561D4B&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 7/31/2011 2:15:15 PM - System Checkpoint
RP2: 7/31/2011 2:17:22 PM - Installed Acer ePowerManagement
RP3: 7/31/2011 2:18:06 PM - Installed Acer eNetManagement
RP4: 7/31/2011 1:21:39 PM - Installed eRecovery
RP5: 7/31/2011 1:23:42 PM - Installed Acer eManager for Notebook
RP6: 7/31/2011 1:43:10 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP7: 7/31/2011 1:43:16 PM - Installed AVG 2011
RP8: 7/31/2011 1:43:43 PM - Installed AVG 2011
RP9: 7/31/2011 1:58:36 PM - Installed Windows Internet Explorer 8.
RP10: 7/31/2011 3:37:55 PM - Installed iTunes
RP11: 8/1/2011 8:39:16 AM - Installed Java™ 6 Update 26
RP12: 8/2/2011 10:32:50 AM - System Checkpoint
RP13: 8/3/2011 12:45:08 PM - System Checkpoint
RP14: 8/3/2011 8:35:42 PM - Installed AVG 2011
RP15: 8/3/2011 8:37:01 PM - Installed AVG 2011
RP16: 8/3/2011 8:37:05 PM - Removed AVG 2011
RP17: 8/3/2011 8:42:21 PM - Installed AVG 2011
RP18: 8/3/2011 9:01:55 PM - Installed AVG 2011
RP19: 8/3/2011 9:02:03 PM - Removed AVG 2011
RP20: 8/3/2011 11:15:15 PM - Restore Operation
RP21: 8/4/2011 11:35:02 AM - Installed AVG 2011
RP22: 8/4/2011 11:36:19 AM - Installed AVG 2011
RP23: 8/4/2011 11:36:22 AM - Removed AVG 2011
RP24: 8/4/2011 12:27:32 PM - Restore Operation
RP25: 8/4/2011 12:32:11 PM - Restore Operation
RP26: 8/4/2011 6:50:49 PM - avast! Free Antivirus Setup
RP27: 8/4/2011 9:21:33 PM - Restore Operation
RP28: 8/6/2011 2:22:01 PM - System Checkpoint
RP29: 8/7/2011 9:45:25 PM - System Checkpoint
RP30: 8/9/2011 7:23:26 PM -
RP31: 8/9/2011 7:46:07 PM - Unsigned driver install
RP32: 8/9/2011 7:47:14 PM - Unsigned driver install
RP33: 8/9/2011 8:04:07 PM -
RP34: 8/9/2011 8:07:01 PM - Installed Windows Media Format Runtime
RP35: 8/9/2011 8:11:32 PM - Unsigned driver install
RP36: 8/9/2011 8:15:19 PM - Unsigned driver install
RP37: 8/9/2011 8:19:21 PM - Unsigned driver install
.
==== Installed Programs ======================
.
µTorrent
Acer eManager for Notebook
Acer eNetManagement
Acer ePowerManagement
Acer GridVista
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arcade 3.0
avast! Free Antivirus
Bonjour
Conexant AC-Link Audio
FreeRIP v3.6
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java™ 6 Update 26
K-Lite Mega Codec Pack 7.5.0
Launch Manager
Malwarebytes' Anti-Malware version 1.51.1.1800
mCore
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
Mozilla Firefox 5.0 (x86 en-US)
mPfMgr
mProSafe
mWlsSafe
mXML
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerProducer
QuickTime
SoftV92 Data Fax Modem with SmartCP
Steinberg Cubase SE 3
Synaptics Pointing Device Driver
Syncrosoft's License Control
System Requirements Lab for Intel
Tag&Rename 3.5.7
Texas Instruments PCIxx21/x515 drivers.
TIxx21
US-122
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format Runtime
.
==== Event Viewer Messages From Past Week ========
.
8/9/2011 8:10:11 PM, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the file specified.
8/9/2011 7:45:22 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/9/2011 7:45:09 PM, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the device specified.
8/9/2011 10:25:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
8/7/2011 9:45:32 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
8/7/2011 9:45:32 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Administrator\My Documents\TrendMicro_Downloader(TIMAX)\Agent\MFC80U.DLL. Reference error message: The operation completed successfully. .
8/7/2011 9:45:32 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
8/7/2011 9:39:26 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm
8/7/2011 9:38:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2011 9:37:48 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012F0862B5D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/7/2011 9:25:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
8/7/2011 9:23:51 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0012F0862B5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/7/2011 11:25:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
8/6/2011 4:25:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
8/6/2011 3:25:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
8/6/2011 2:25:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
8/6/2011 12:25:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
8/6/2011 11:25:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
8/6/2011 1:25:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
8/5/2011 9:25:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
8/5/2011 8:56:45 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
8/5/2011 8:25:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
8/5/2011 7:25:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
8/5/2011 6:25:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
8/5/2011 5:25:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
8/5/2011 3:38:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
8/5/2011 3:38:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
8/5/2011 3:38:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/5/2011 12:51:35 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2011 10:29:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
8/5/2011 10:25:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
8/5/2011 1:53:23 PM, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%193" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
8/4/2011 9:22:54 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 10000000, parameter3 80000000, parameter4 00000000.
8/4/2011 6:24:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
8/4/2011 6:24:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG10\Firefox4\components\avgssff5.dll. Reference error message: The operation completed successfully. .
8/4/2011 6:24:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG10\Firefox4\components\avgssff4.dll. Reference error message: The operation completed successfully. .
8/4/2011 6:24:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-10 15:08:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9808210A rev.3.01
Running: gmer.exe; Driver: C:\DOCUME~1\jim\LOCALS~1\Temp\kwqoyfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA057202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA0BDD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA07B6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA0597F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA059848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA05995E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA07B075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA059746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA059898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA05979A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA05990C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA057226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA07BD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA07C03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA059BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA07BBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA07BA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA0BDE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA056FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA05724A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA059D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA057CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA059820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA059870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA059988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA07B3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA059772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA059A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA0598D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA0597C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA059AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA059936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA0BDED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA07B8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA057BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA07B72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA0C610E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA07A6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA05726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA057292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA05704A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA057186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA07BE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA057162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA0571AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA0572B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA0D3398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37F 804E3050 4 Bytes [E8, A6, 07, AA]
PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP AA0D07F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056A5DC 4 Bytes CALL AA058335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP AA0D339C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP AA0CED4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xBABAAABF]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP AA05ACA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP AA05ABAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP AA059F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP AA05AE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP AA05B014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP AA059E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP AA05A03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP AA05AB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP AA05AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP AA05A180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP AA05A326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP AA059E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP AA05AF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP AA05A2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP AA059D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP AA05ABD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP AA059FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP AA05A0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP AA05A0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP AA059EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP AA05A008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP AA05A440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP AA05AECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\jim\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\igfxtray.exe[120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Acer\eManager\anbmServ.exe[264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1856] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\acer\eRecovery\Monitor.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 10 August 2011 - 11:56 PM

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


I saw Avast in your installed programs list, but didn't see AVG. Did you recently uninstall AVG?


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



Step # 1 Download and Run CKScanner.exe

Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#5 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 11 August 2011 - 01:01 AM

Okay, as far as AVG I set my computer to factory defaults last Wednesday... on Thursday I installed AVG (everything was fine)...on Friday AVG was missing files and I have not been able to uninstall AVG or do a reinstall. It was on Friday that I got hit with Xp Security and Hello 4.

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.KONAXB
----- EOF -----

#6 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 11 August 2011 - 01:33 PM

on Thursday I installed AVG (everything was fine)...on Friday AVG was missing files and I have not been able to uninstall AVG or do a reinstall.


Try downloading and running AVG Remover from the website below, that should fully get rid of AVG and any of its leftovers:

http://www.avg.com/us-en/utilities


Then, I'd like for you to do the following:


Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#7 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 11 August 2011 - 05:08 PM

I tried the AVG removal app about five days ago, it kept hanging up but after many attempts it did seem to remove it. I'll try ti again and see what happens. Here is the Combofix log.

ComboFix 11-08-11.02 - jim 08/11/2011 14:38:36.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.959 [GMT -7:00]
Running from: c:\documents and settings\jim\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system\Pncrt.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Uninstall.ini
D:\Uninstall.exe
D:\WinRAR.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-10 03:18 . 2011-08-10 03:18 -------- d-----w- c:\program files\US122_Install
2011-08-10 03:15 . 2003-02-13 20:45 17263 ----a-w- c:\windows\system32\drivers\US122DL.sys
2011-08-10 03:07 . 2004-08-11 08:45 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-08-10 03:07 . 2004-08-11 08:45 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-08-10 03:06 . 2004-07-12 23:27 87040 ----a-w- c:\windows\system\Ra32sipr.dll
2011-08-10 03:06 . 2004-07-12 23:27 85504 ----a-w- c:\windows\system\Encdnet.dll
2011-08-10 03:06 . 2004-07-12 23:27 81920 ----a-w- c:\windows\system\Ra3214_4.dll
2011-08-10 03:06 . 2004-07-12 23:27 72704 ----a-w- c:\windows\system\Ra3228_8.dll
2011-08-10 03:06 . 2004-07-12 23:27 61952 ----a-w- c:\windows\system\Decdnet.dll
2011-08-10 03:06 . 2004-07-12 23:27 487936 ----a-w- c:\windows\system\Rmbe3260.dll
2011-08-10 03:06 . 2004-07-12 23:27 352768 ----a-w- c:\windows\system\pngu3263.dll
2011-08-10 03:06 . 2004-07-12 23:27 21504 ----a-w- c:\windows\system\Ra32dnet.dll
2011-08-10 03:06 . 2004-07-12 23:27 131072 ----a-w- c:\windows\system\Pneng50.dll
2011-08-10 03:06 . 2004-07-12 23:27 130560 ----a-w- c:\windows\system\Pnc3250.dll
2011-08-10 03:05 . 2011-08-10 03:05 -------- d-----w- c:\program files\Steinberg
2011-08-10 02:37 . 2002-11-25 12:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2011-08-10 02:23 . 2002-11-25 15:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2011-08-10 02:23 . 2011-08-10 02:23 -------- d-----w- c:\program files\Syncrosoft
2011-08-10 02:23 . 2005-07-06 01:25 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2011-08-10 02:23 . 2004-05-10 22:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2011-08-07 17:10 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 17:10 . 2011-08-07 17:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 17:10 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 16:54 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-07 16:37 . 2011-08-07 16:37 -------- d-----w- c:\documents and settings\Administrator
2011-08-05 04:42 . 2011-08-05 04:42 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 04:42 . 2011-08-05 04:42 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-05 04:42 . 2011-08-05 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-05 04:39 . 2011-08-05 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-05 04:20 . 2011-08-05 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP
2011-08-05 01:51 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-05 01:51 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-05 01:51 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-05 01:51 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-05 01:51 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-05 01:51 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswMon2.SYS
2011-08-05 01:51 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-05 01:51 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-05 01:51 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-05 01:51 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\program files\AVAST Software
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-04 18:35 . 2011-08-04 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-04 06:23 . 2011-08-04 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-04 06:17 . 2011-08-04 06:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-04 06:01 . 2011-08-04 06:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-04 05:49 . 2011-08-04 05:49 -------- d-----w- c:\windows\system32\LogFiles
2011-08-02 23:34 . 2011-08-02 23:34 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-02 20:27 . 2011-08-02 20:27 -------- d-----w- c:\program files\FreeRIP3
2011-08-02 03:45 . 2011-08-02 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-08-01 20:09 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-01 15:40 . 2011-08-01 15:40 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-01 15:40 . 2011-08-01 15:40 -------- d-----w- c:\windows\Sun
2011-08-01 15:39 . 2011-08-01 15:39 -------- d-----w- c:\program files\Common Files\Java
2011-08-01 15:39 . 2011-08-01 15:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 15:39 . 2011-08-01 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 03:58 . 2011-08-11 02:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 00:21 . 2011-08-01 00:21 -------- d-----w- c:\program files\uTorrent
2011-07-31 22:40 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-31 22:40 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-31 22:38 . 2011-07-31 22:38 -------- d-----w- c:\program files\iPod
2011-07-31 22:38 . 2011-07-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-07-31 22:36 . 2011-07-31 22:36 -------- d-----w- c:\program files\QuickTime
2011-07-31 22:36 . 2011-07-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-31 22:35 . 2011-07-31 22:35 -------- d-----w- c:\program files\Apple Software Update
2011-07-31 22:35 . 2011-07-31 22:35 -------- d-----w- c:\windows\system32\DRVSTORE
2011-07-31 22:34 . 2011-07-31 22:34 -------- d-----w- c:\program files\Bonjour
2011-07-31 22:34 . 2011-07-31 22:34 -------- d-----w- c:\program files\Common Files\Apple
2011-07-31 22:34 . 2011-07-31 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-31 21:51 . 2011-07-31 21:51 -------- d-----w- C:\FOUND.000
2011-07-31 21:18 . 2011-07-31 21:18 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-31 21:18 . 2011-07-31 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2011-07-31 21:17 . 2011-07-31 21:17 -------- d-----w- C:\Acer
2011-07-31 21:17 . 2005-03-24 23:54 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-07-31 21:17 . 2004-09-02 06:57 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2011-07-31 21:17 . 2004-07-19 20:10 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-07-31 21:17 . 2005-02-08 17:31 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 21:16 . 2011-07-31 21:16 -------- d-----w- c:\documents and settings\jim
2011-07-31 21:11 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-31 21:11 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-31 21:11 . 2004-08-04 12:00 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-31 21:11 . 2004-08-04 12:00 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-31 21:11 . 2004-08-04 12:00 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-31 21:11 . 2004-10-15 02:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2011-07-31 21:03 . 2011-07-31 21:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-31 20:59 . 2011-07-31 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-31 20:59 . 2011-07-31 20:59 -------- d-----w- c:\program files\Yahoo!
2011-07-31 20:58 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-31 20:58 . 2011-07-31 20:58 -------- d--h--w- c:\windows\ie8
2011-07-31 20:57 . 2011-07-31 20:57 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-31 20:44 . 2011-07-31 20:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-31 20:43 . 2011-07-31 20:43 -------- d-----w- c:\program files\AVG
2011-07-31 20:33 . 2011-07-31 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-31 20:23 . 2011-07-31 20:23 -------- d-----w- c:\windows\Downloaded Installations
2011-07-31 20:21 . 2005-03-23 17:01 245760 ----a-w- c:\windows\system32\Check.exe
2011-07-31 20:21 . 2011-07-31 20:21 -------- d-----w- c:\program files\acer
2011-07-31 20:21 . 2011-07-31 20:21 -------- d-----w- c:\program files\Launch Manager
2011-07-31 20:21 . 2004-12-10 18:49 147456 ----a-w- c:\windows\UNINST32.EXE
2011-07-31 20:21 . 2004-12-08 21:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-07-31 20:21 . 2002-12-19 22:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2011-07-31 20:19 . 2004-10-30 01:48 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2011-07-31 20:19 . 2004-10-15 17:20 458752 ----a-w- c:\windows\system32\w29NCPA.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 20:09 . 1980-01-01 07:00 520 ----a-w- c:\windows\CLEANUP.CMD
2011-07-31 20:09 . 1980-01-01 07:00 799 ----a-w- c:\windows\HotFix.bat
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-16 04:17 . 2011-07-31 20:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Synaptics\SynTP\SynTPLpr .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Arcade\PCMService .exe
c:\program files\Launch Manager\QtZgAcer .exe
c:\program files\QuickTime\qttask  .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [N/A]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/4/2011 6:51 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/4/2011 6:51 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/4/2011 6:51 PM 19544]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/7/2011 10:10 AM 41272]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [8/9/2011 7:37 PM 16896]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2/13/2003 1:40 PM 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [8/9/2011 8:15 PM 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2/13/2003 1:40 PM 84092]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\bbqhpxvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 14:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3984)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\acer\eRecovery\Monitor.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-08-11 14:58:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-11 21:58
.
Pre-Run: 23,456,448,512 bytes free
Post-Run: 24,095,391,744 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 30D032FD708D604773F29B3CF782F3E0

#8 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 12 August 2011 - 01:38 AM

Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    KILLALL::
    
    
    Folder::
    
    c:\documents and settings\All Users\Application Data\AVG10
    c:\program files\uTorrent
    c:\program files\AVG
    
    
    Registry::
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    
    
    SecCenter::
    
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    
    
    RenV::
    
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\Synaptics\SynTP\SynTPLpr .exe
    c:\program files\Synaptics\SynTP\SynTPEnh .exe
    c:\program files\Arcade\PCMService .exe
    c:\program files\Launch Manager\QtZgAcer .exe
    c:\program files\QuickTime\qttask  .exe
    c:\windows\ime\imjp8_1\IMJPMIG .exe

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Posted Image


    Note: This CFScript is for use on jimmartin's computer only! Do not use it on your computer.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#9 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 August 2011 - 12:45 PM

ComboFix 11-08-12.01 - jim 08/12/2011 10:19:24.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1104 [GMT -7:00]
Running from: c:\documents and settings\jim\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\jim\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgchjw.log
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgldr.log
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgldr.log.lock
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgrs.log
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgrs.log.lock
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgtdi.log
c:\documents and settings\All Users\Application Data\AVG10\LOG\avgtdi.log.lock
c:\program files\AVG
c:\program files\AVG\AVG10\Chrome\safesearch.crx
c:\program files\AVG\AVG10\Firefox4\chrome.manifest
c:\program files\AVG\AVG10\Firefox4\Chrome\searchshield.jar
c:\program files\AVG\AVG10\Firefox4\Components\avgssff4.dll
c:\program files\AVG\AVG10\Firefox4\Components\avgssff5.dll
c:\program files\AVG\AVG10\Firefox4\Components\ISearchShield4.xpt
c:\program files\AVG\AVG10\Firefox4\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-10 03:18 . 2011-08-10 03:18 -------- d-----w- c:\program files\US122_Install
2011-08-10 03:15 . 2003-02-13 20:45 17263 ----a-w- c:\windows\system32\drivers\US122DL.sys
2011-08-10 03:07 . 2004-08-11 08:45 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-08-10 03:07 . 2004-08-11 08:45 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-08-10 03:06 . 2004-07-12 23:27 87040 ----a-w- c:\windows\system\Ra32sipr.dll
2011-08-10 03:06 . 2004-07-12 23:27 85504 ----a-w- c:\windows\system\Encdnet.dll
2011-08-10 03:06 . 2004-07-12 23:27 81920 ----a-w- c:\windows\system\Ra3214_4.dll
2011-08-10 03:06 . 2004-07-12 23:27 72704 ----a-w- c:\windows\system\Ra3228_8.dll
2011-08-10 03:06 . 2004-07-12 23:27 61952 ----a-w- c:\windows\system\Decdnet.dll
2011-08-10 03:06 . 2004-07-12 23:27 487936 ----a-w- c:\windows\system\Rmbe3260.dll
2011-08-10 03:06 . 2004-07-12 23:27 352768 ----a-w- c:\windows\system\pngu3263.dll
2011-08-10 03:06 . 2004-07-12 23:27 21504 ----a-w- c:\windows\system\Ra32dnet.dll
2011-08-10 03:06 . 2004-07-12 23:27 131072 ----a-w- c:\windows\system\Pneng50.dll
2011-08-10 03:06 . 2004-07-12 23:27 130560 ----a-w- c:\windows\system\Pnc3250.dll
2011-08-10 03:05 . 2011-08-10 03:05 -------- d-----w- c:\program files\Steinberg
2011-08-10 02:37 . 2002-11-25 12:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2011-08-10 02:23 . 2002-11-25 15:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2011-08-10 02:23 . 2011-08-10 02:23 -------- d-----w- c:\program files\Syncrosoft
2011-08-10 02:23 . 2005-07-06 01:25 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2011-08-10 02:23 . 2004-05-10 22:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2011-08-07 17:10 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 17:10 . 2011-08-07 17:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 17:10 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 16:54 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-07 16:37 . 2011-08-07 16:37 -------- d-----w- c:\documents and settings\Administrator
2011-08-05 04:42 . 2011-08-05 04:42 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 04:42 . 2011-08-05 04:42 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-05 04:42 . 2011-08-05 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-05 04:39 . 2011-08-05 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-05 04:20 . 2011-08-05 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP
2011-08-05 01:51 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-05 01:51 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-05 01:51 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-05 01:51 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-05 01:51 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-05 01:51 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswMon2.SYS
2011-08-05 01:51 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-05 01:51 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-05 01:51 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-05 01:51 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\program files\AVAST Software
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-04 06:23 . 2011-08-04 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-04 06:17 . 2011-08-04 06:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-04 06:01 . 2011-08-04 06:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-04 05:49 . 2011-08-04 05:49 -------- d-----w- c:\windows\system32\LogFiles
2011-08-04 03:36 . 2011-08-04 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10(2)
2011-08-02 23:34 . 2011-08-02 23:34 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-02 20:27 . 2011-08-02 20:27 -------- d-----w- c:\program files\FreeRIP3
2011-08-02 03:45 . 2011-08-02 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-08-01 20:09 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-01 15:40 . 2011-08-01 15:40 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-01 15:40 . 2011-08-01 15:40 -------- d-----w- c:\windows\Sun
2011-08-01 15:39 . 2011-08-01 15:39 -------- d-----w- c:\program files\Common Files\Java
2011-08-01 15:39 . 2011-08-01 15:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 15:39 . 2011-08-01 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 03:58 . 2011-08-11 02:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 22:40 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-31 22:40 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-31 22:38 . 2011-07-31 22:38 -------- d-----w- c:\program files\iPod
2011-07-31 22:38 . 2011-07-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-07-31 22:37 . 2011-07-31 22:37 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-07-31 22:36 . 2011-07-31 22:36 -------- d-----w- c:\program files\QuickTime
2011-07-31 22:36 . 2011-07-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-31 22:35 . 2011-07-31 22:35 -------- d-----w- c:\program files\Apple Software Update
2011-07-31 22:35 . 2011-07-31 22:35 -------- d-----w- c:\windows\system32\DRVSTORE
2011-07-31 22:34 . 2011-07-31 22:34 -------- d-----w- c:\program files\Bonjour
2011-07-31 22:34 . 2011-07-31 22:34 -------- d-----w- c:\program files\Common Files\Apple
2011-07-31 22:34 . 2011-07-31 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-31 21:51 . 2011-07-31 21:51 -------- d-----w- C:\FOUND.000
2011-07-31 21:18 . 2011-07-31 21:18 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-31 21:18 . 2011-07-31 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2011-07-31 21:17 . 2011-07-31 21:17 -------- d-----w- C:\Acer
2011-07-31 21:17 . 2005-03-24 23:54 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-07-31 21:17 . 2004-09-02 06:57 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2011-07-31 21:17 . 2004-07-19 20:10 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-07-31 21:17 . 2005-02-08 17:31 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 21:16 . 2011-07-31 21:16 -------- d-----w- c:\documents and settings\jim
2011-07-31 21:11 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-31 21:11 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-31 21:11 . 2004-08-04 12:00 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-31 21:11 . 2004-08-04 12:00 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-31 21:11 . 2004-08-04 12:00 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-31 21:11 . 2004-10-15 02:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2011-07-31 21:03 . 2011-07-31 21:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-31 20:59 . 2011-07-31 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-31 20:59 . 2011-07-31 20:59 -------- d-----w- c:\program files\Yahoo!
2011-07-31 20:58 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-31 20:58 . 2011-07-31 20:58 -------- d--h--w- c:\windows\ie8
2011-07-31 20:57 . 2011-07-31 20:57 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-31 20:44 . 2011-07-31 20:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-31 20:33 . 2011-07-31 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-31 20:23 . 2011-07-31 20:23 -------- d-----w- c:\windows\Downloaded Installations
2011-07-31 20:21 . 2005-03-23 17:01 245760 ----a-w- c:\windows\system32\Check.exe
2011-07-31 20:21 . 2011-07-31 20:21 -------- d-----w- c:\program files\acer
2011-07-31 20:21 . 2011-07-31 20:21 -------- d-----w- c:\program files\Launch Manager
2011-07-31 20:21 . 2004-12-10 18:49 147456 ----a-w- c:\windows\UNINST32.EXE
2011-07-31 20:21 . 2004-12-08 21:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-07-31 20:21 . 2002-12-19 22:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2011-07-31 20:19 . 2004-10-30 01:48 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2011-07-31 20:19 . 2004-10-15 17:20 458752 ----a-w- c:\windows\system32\w29NCPA.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 20:09 . 1980-01-01 07:00 520 ----a-w- c:\windows\CLEANUP.CMD
2011-07-31 20:09 . 1980-01-01 07:00 799 ----a-w- c:\windows\HotFix.bat
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-16 04:17 . 2011-07-31 20:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-11_21.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-12 17:28 . 2011-08-12 17:28 16384 c:\windows\temp\Perflib_Perfdata_30c.dat
+ 2009-08-07 02:24 . 2009-08-07 02:24 44768 c:\windows\system32\wups2.dll
+ 2005-03-30 18:52 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
+ 2011-08-11 21:50 . 2009-08-07 02:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2005-03-30 18:52 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/4/2011 6:51 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/4/2011 6:51 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/4/2011 6:51 PM 19544]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/7/2011 10:10 AM 41272]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [8/9/2011 7:37 PM 16896]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2/13/2003 1:40 PM 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [8/9/2011 8:15 PM 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2/13/2003 1:40 PM 84092]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\bbqhpxvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-EPM-DM - c:\acer\epm\epm-dm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 10:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\acer\eRecovery\Monitor.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-08-12 10:36:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-12 17:36
ComboFix2.txt 2011-08-12 17:11
ComboFix3.txt 2011-08-11 21:58
.
Pre-Run: 24,684,036,096 bytes free
Post-Run: 24,657,231,872 bytes free
.
- - End Of File - - BAC14FCA969B958BC2C0069D7756B8CB


DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by jim at 10:40:40 on 2011-08-12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1030 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [eRecoveryService] c:\windows\system32\Check.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{5EA189D2-2BA7-4110-8386-2B3236498DC5} : DhcpNameServer = 68.94.156.1 68.94.157.1
Notify: igfxcui - igfxsrvc.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bbqhpxvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-4 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-4 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-4 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-4 42184]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-7 41272]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-8-9 16896]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2003-2-13 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2011-8-9 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2003-2-13 84092]
UnknownUnknown vkquwexg;vkquwexg; [x]
.
=============== Created Last 30 ================
.
2011-08-11 21:50:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-08-11 21:36:57 -------- d-sha-r- C:\cmdcons
2011-08-11 21:26:15 98816 ----a-w- c:\windows\sed.exe
2011-08-11 21:26:15 518144 ----a-w- c:\windows\SWREG.exe
2011-08-11 21:26:15 256000 ----a-w- c:\windows\PEV.exe
2011-08-11 21:26:15 208896 ----a-w- c:\windows\MBR.exe
2011-08-10 03:18:49 -------- d-----w- c:\program files\US122_Install
2011-08-10 03:15:20 17263 ----a-w- c:\windows\system32\drivers\US122DL.sys
2011-08-10 03:07:33 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2011-08-10 03:07:33 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2011-08-10 03:07:02 -------- d-----w- c:\windows\RegisteredPackages
2011-08-10 03:06:00 87040 ----a-w- c:\windows\system\Ra32sipr.dll
2011-08-10 03:06:00 85504 ----a-w- c:\windows\system\Encdnet.dll
2011-08-10 03:06:00 81920 ----a-w- c:\windows\system\Ra3214_4.dll
2011-08-10 03:06:00 72704 ----a-w- c:\windows\system\Ra3228_8.dll
2011-08-10 03:06:00 61952 ----a-w- c:\windows\system\Decdnet.dll
2011-08-10 03:06:00 487936 ----a-w- c:\windows\system\Rmbe3260.dll
2011-08-10 03:06:00 352768 ----a-w- c:\windows\system\pngu3263.dll
2011-08-10 03:06:00 21504 ----a-w- c:\windows\system\Ra32dnet.dll
2011-08-10 03:06:00 131072 ----a-w- c:\windows\system\Pneng50.dll
2011-08-10 03:06:00 130560 ----a-w- c:\windows\system\Pnc3250.dll
2011-08-10 03:05:51 -------- d-----w- c:\program files\Steinberg
2011-08-10 02:37:00 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2011-08-10 02:23:29 45056 ----a-w- c:\windows\system32\Synsopos.exe
2011-08-10 02:23:27 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2011-08-10 02:23:27 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2011-08-10 02:23:27 -------- d-----w- c:\program files\Syncrosoft
2011-08-10 01:13:10 -------- d-----w- c:\documents and settings\jim\application data\Steinberg
2011-08-07 17:10:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 17:10:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 17:10:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 16:54:36 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-05 04:42:50 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 04:42:50 -------- d-----w- c:\program files\common files\PC Tools
2011-08-05 04:39:33 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-05 04:20:10 -------- d-----w- c:\documents and settings\all users\application data\FreeRIP
2011-08-05 02:31:18 -------- d-sh--w- c:\documents and settings\jim\IECompatCache
2011-08-05 01:51:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-05 01:51:04 40112 ----a-w- c:\windows\avastSS.scr
2011-08-05 01:50:49 -------- d-----w- c:\program files\AVAST Software
2011-08-05 01:50:49 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-08-04 06:23:26 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2011-08-04 06:23:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-04 05:49:00 -------- d-----w- c:\windows\system32\LogFiles
2011-08-04 03:36:09 -------- d-----w- c:\documents and settings\all users\application data\AVG10(2)
2011-08-04 02:33:59 -------- d-----w- c:\documents and settings\jim\application data\Intel
2011-08-02 23:34:35 -------- d-----w- c:\documents and settings\jim\local settings\application data\Adobe
2011-08-02 20:27:36 -------- d-----w- c:\program files\FreeRIP3
2011-08-02 03:45:16 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-08-01 20:09:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-01 15:40:19 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-01 15:39:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 15:39:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 04:52:41 -------- d-----w- c:\documents and settings\jim\application data\GlarySoft
2011-08-01 04:43:50 -------- d-sh--w- c:\documents and settings\jim\PrivacIE
2011-08-01 04:43:50 -------- d-----w- c:\documents and settings\jim\local settings\application data\Yahoo
2011-08-01 03:58:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 22:40:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-31 22:40:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-31 22:38:29 -------- d-----w- c:\program files\iPod
2011-07-31 22:38:24 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-31 22:36:02 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple
2011-07-31 22:34:57 -------- d-----w- c:\program files\Bonjour
2011-07-31 22:32:31 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple Computer
2011-07-31 21:57:20 -------- d-----w- c:\documents and settings\jim\local settings\application data\Powercinema
2011-07-31 21:51:22 -------- d-----w- C:\FOUND.000
2011-07-31 21:18:33 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-31 21:17:22 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-07-31 21:17:22 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-07-31 21:17:22 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2011-07-31 21:17:22 -------- d-----w- C:\Acer
2011-07-31 21:17:13 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 21:13:46 -------- d-----w- c:\documents and settings\jim\.tuxguitar-1.2
2011-07-31 21:11:34 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-31 21:11:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-31 21:11:26 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-31 21:11:20 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-31 21:11:14 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-31 21:11:07 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2011-07-31 21:02:32 -------- d-sh--w- c:\documents and settings\jim\IETldCache
2011-07-31 20:59:37 -------- d-----w- c:\program files\Yahoo!
2011-07-31 20:58:34 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-31 20:58:04 -------- d--h--w- c:\windows\ie8
2011-07-31 20:57:48 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-31 20:44:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-31 20:33:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-31 20:32:01 -------- d-sh--w- c:\documents and settings\jim\UserData
2011-07-31 20:23:35 -------- d-----w- c:\windows\Downloaded Installations
2011-07-31 20:21:39 245760 ----a-w- c:\windows\system32\Check.exe
2011-07-31 20:21:37 -------- d-----w- c:\program files\acer
2011-07-31 20:21:16 -------- d-----w- c:\program files\Launch Manager
2011-07-31 20:21:15 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2011-07-31 20:21:15 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-07-31 20:21:15 147456 ----a-w- c:\windows\UNINST32.EXE
2011-07-31 20:19:02 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2011-07-31 20:19:02 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
.
==================== Find3M ====================
.
2011-07-31 20:09:12 520 ----a-w- c:\windows\CLEANUP.CMD
2011-07-31 20:09:02 799 ----a-w- c:\windows\HotFix.bat
2011-07-22 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-16 14:17:06 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-24 14:44:30 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-24 14:28:22 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-15 15:03:10 3164160 ----a-w- c:\windows\system32\x264vfw.dll
.
============= FINISH: 10:43:57.76 ===============

#10 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 12 August 2011 - 01:18 PM

Step # 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 2 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#11 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 August 2011 - 02:36 PM

alwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7449

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/12/2011 12:35:28 PM
mbam-log-2011-08-12 (12-35-28).txt

Scan type: Quick scan
Objects scanned: 160990
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 13 August 2011 - 01:03 AM

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 6.0.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe Reader X (10.1.0) is a large program and if you prefer a smaller program you can get Foxit 5.0.2 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 5.0.2 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay




ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



In your next post/reply, I need to see the following:

1. ESET Log
2. A fresh DDS Log
3. How is your computer doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#13 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 13 August 2011 - 02:09 PM

How is my computer running? Well I believe I removed xp security on 8/07/11 and hello4 the following day, all things seem to be okay. I will attach the scans you requested.


DDS (Ver_2011-06-23.01) - FAT32x86
C:\Documents and Settings\jim\My Documents\Downloads\freeripmp3-setup.exe Win32/Toolbar.Zugo application
D:\My Documents\Downloads\frostwire-4.21.6.windows.exe Win32/OpenCandy application
D:\My Documents\tabs\Downloads\freeripmp3-setup.exe Win32/Toolbar.Zugo application


Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by jim at 12:01:34 on 2011-08-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.456 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [eRecoveryService] c:\windows\system32\Check.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{5EA189D2-2BA7-4110-8386-2B3236498DC5} : DhcpNameServer = 68.94.156.1 68.94.157.1
Notify: igfxcui - igfxsrvc.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bbqhpxvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-4 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-4 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-4 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-4 42184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-13 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-13 136176]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-8-9 16896]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2003-2-13 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2011-8-9 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2003-2-13 84092]
.
=============== Created Last 30 ================
.
2011-08-13 16:37:34 -------- d-----w- c:\program files\ESET
2011-08-13 16:27:22 -------- d-----w- c:\documents and settings\jim\local settings\application data\Google
2011-08-12 18:14:09 -------- d-sh--w- C:\Recycled
2011-08-11 21:50:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-08-11 21:36:57 -------- d-sha-r- C:\cmdcons
2011-08-11 21:26:15 98816 ----a-w- c:\windows\sed.exe
2011-08-11 21:26:15 518144 ----a-w- c:\windows\SWREG.exe
2011-08-11 21:26:15 256000 ----a-w- c:\windows\PEV.exe
2011-08-11 21:26:15 208896 ----a-w- c:\windows\MBR.exe
2011-08-10 03:18:49 -------- d-----w- c:\program files\US122_Install
2011-08-10 03:15:20 17263 ----a-w- c:\windows\system32\drivers\US122DL.sys
2011-08-10 03:07:33 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2011-08-10 03:07:33 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2011-08-10 03:07:02 -------- d-----w- c:\windows\RegisteredPackages
2011-08-10 03:06:00 87040 ----a-w- c:\windows\system\Ra32sipr.dll
2011-08-10 03:06:00 85504 ----a-w- c:\windows\system\Encdnet.dll
2011-08-10 03:06:00 81920 ----a-w- c:\windows\system\Ra3214_4.dll
2011-08-10 03:06:00 72704 ----a-w- c:\windows\system\Ra3228_8.dll
2011-08-10 03:06:00 61952 ----a-w- c:\windows\system\Decdnet.dll
2011-08-10 03:06:00 487936 ----a-w- c:\windows\system\Rmbe3260.dll
2011-08-10 03:06:00 352768 ----a-w- c:\windows\system\pngu3263.dll
2011-08-10 03:06:00 21504 ----a-w- c:\windows\system\Ra32dnet.dll
2011-08-10 03:06:00 131072 ----a-w- c:\windows\system\Pneng50.dll
2011-08-10 03:06:00 130560 ----a-w- c:\windows\system\Pnc3250.dll
2011-08-10 03:05:51 -------- d-----w- c:\program files\Steinberg
2011-08-10 02:37:00 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2011-08-10 02:23:29 45056 ----a-w- c:\windows\system32\Synsopos.exe
2011-08-10 02:23:27 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2011-08-10 02:23:27 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2011-08-10 02:23:27 -------- d-----w- c:\program files\Syncrosoft
2011-08-10 01:13:10 -------- d-----w- c:\documents and settings\jim\application data\Steinberg
2011-08-07 17:10:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 17:10:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 17:10:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 16:54:36 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-05 04:42:50 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 04:42:50 -------- d-----w- c:\program files\common files\PC Tools
2011-08-05 04:39:33 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-05 04:20:10 -------- d-----w- c:\documents and settings\all users\application data\FreeRIP
2011-08-05 02:31:18 -------- d-sh--w- c:\documents and settings\jim\IECompatCache
2011-08-05 01:51:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-05 01:51:04 40112 ----a-w- c:\windows\avastSS.scr
2011-08-05 01:50:49 -------- d-----w- c:\program files\AVAST Software
2011-08-05 01:50:49 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-08-04 06:23:26 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2011-08-04 06:23:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-04 06:17:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-04 05:49:00 -------- d-----w- c:\windows\system32\LogFiles
2011-08-04 03:36:09 -------- d-----w- c:\documents and settings\all users\application data\AVG10(2)
2011-08-04 02:33:59 -------- d-----w- c:\documents and settings\jim\application data\Intel
2011-08-02 23:34:35 -------- d-----w- c:\documents and settings\jim\local settings\application data\Adobe
2011-08-02 20:27:36 -------- d-----w- c:\program files\FreeRIP3
2011-08-02 03:45:16 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-08-01 20:09:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-01 15:40:19 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-01 15:39:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 15:39:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 04:52:41 -------- d-----w- c:\documents and settings\jim\application data\GlarySoft
2011-08-01 04:43:50 -------- d-sh--w- c:\documents and settings\jim\PrivacIE
2011-08-01 04:43:50 -------- d-----w- c:\documents and settings\jim\local settings\application data\Yahoo
2011-08-01 03:58:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 22:40:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-31 22:40:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-31 22:38:29 -------- d-----w- c:\program files\iPod
2011-07-31 22:38:24 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-31 22:37:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-31 22:36:02 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple
2011-07-31 22:34:57 -------- d-----w- c:\program files\Bonjour
2011-07-31 22:32:31 -------- d-----w- c:\documents and settings\jim\local settings\application data\Apple Computer
2011-07-31 21:57:20 -------- d-----w- c:\documents and settings\jim\local settings\application data\Powercinema
2011-07-31 21:51:22 -------- d-----w- C:\FOUND.000
2011-07-31 21:18:33 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-31 21:17:22 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-07-31 21:17:22 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-07-31 21:17:22 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2011-07-31 21:17:22 -------- d-----w- C:\Acer
2011-07-31 21:17:13 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 21:13:46 -------- d-----w- c:\documents and settings\jim\.tuxguitar-1.2
2011-07-31 21:11:34 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-31 21:11:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-31 21:11:26 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-31 21:11:20 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-31 21:11:14 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-31 21:11:07 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2011-07-31 21:02:32 -------- d-sh--w- c:\documents and settings\jim\IETldCache
2011-07-31 20:59:37 -------- d-----w- c:\program files\Yahoo!
2011-07-31 20:58:34 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-31 20:58:04 -------- d--h--w- c:\windows\ie8
2011-07-31 20:57:48 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-31 20:44:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-31 20:33:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-31 20:32:01 -------- d-sh--w- c:\documents and settings\jim\UserData
2011-07-31 20:23:35 -------- d-----w- c:\windows\Downloaded Installations
2011-07-31 20:21:39 245760 ----a-w- c:\windows\system32\Check.exe
2011-07-31 20:21:37 -------- d-----w- c:\program files\acer
2011-07-31 20:21:16 -------- d-----w- c:\program files\Launch Manager
2011-07-31 20:21:15 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2011-07-31 20:21:15 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-07-31 20:21:15 147456 ----a-w- c:\windows\UNINST32.EXE
2011-07-31 20:19:02 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2011-07-31 20:19:02 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
.
==================== Find3M ====================
.
2011-07-31 20:09:12 520 ----a-w- c:\windows\CLEANUP.CMD
2011-07-31 20:09:02 799 ----a-w- c:\windows\HotFix.bat
2011-07-22 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-16 14:17:06 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-24 14:44:30 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-24 14:28:22 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-15 15:03:10 3164160 ----a-w- c:\windows\system32\x264vfw.dll
.
============= FINISH: 12:04:27.17 ===============

#14 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 14 August 2011 - 12:33 AM

Good to hear that your computer is running okay. :thumbup2:



Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.

Be sure to re-hide your files once you are finished cleaning your computer.



Step # 1: Deleting Files

I need you to delete the files I have marked in bold(if found):


C:\Documents and Settings\jim\My Documents\Downloads\freeripmp3-setup.exe
D:\My Documents\Downloads\frostwire-4.21.6.windows.exe
D:\My Documents\tabs\Downloads\freeripmp3-setup.exe

Let me know if you have any problems deleting those files.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#15 jimmartin

jimmartin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 August 2011 - 12:58 AM

Okay I have deleted the files




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users