Jump to content

Win32: Malware-Gen


tqh

Recommended Posts

Hello and once again thanks for providing this service. Shortly after connecting to a new ISP at another person's house, I received a pop-up notification from AVAST that malware was blocked before this file was opened:

A0031831.dll

Located in: C:\System Volume Information_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP154

The file was moved to the AVAST chest and I scanned it shortly after and the result was "no virus". It is still there and I was given this link on the AVAST forum:

http://http://www.isthisfilesafe.com/sha1/FD574C9B34BE59BCC6646E33759AC36C3C0BCAF0_details.aspx

I searched my computer for "autonomy" and "keyview" and there were no results. It may be a false positive, but I don't know.

Also of note, I have had three blue screen crashes recently. They seem to be related to Steam and are no longer occurring.

So I come to you guys. I have posted the three logs here:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.06.13

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

poi :: FLOYD [administrator]

8/6/2012 8:50:34 PM

mbam-log-2012-08-06 (20-50-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 257002

Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by poi at 0:19:41 on 2012-08-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2358 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\USB TV\EM28XX\BDARemote.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

StartupFolder: c:\docume~1\poi\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\poi\application data\leadertech\powerregister\Seagate NA0LH0SB Product Registration.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: adobe.com\get

Trusted Zone: tamu.edu\voal

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A9B57C27-3A8D-4410-BF03-21FBC3F1992C} : DhcpNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\poi\application data\mozilla\firefox\profiles\wxaz6z55.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\npwmsdrm.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-15 353688]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-15 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-15 44808]

R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-9-25 52800]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-26 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-9 1262400]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-26 44032]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-26 22344]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-7-9 123840]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\fneturpx.sys --> c:\windows\system32\drivers\FNETURPX.SYS [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-27 1684736]

S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677]

.

=============== Created Last 30 ================

.

2012-08-04 04:26:16 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-08-04 04:26:16 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-08-04 04:25:53 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-08-04 04:25:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-07-09 15:30:57 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-07-09 13:58:59 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2012-07-09 13:57:49 1074812 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-07-09 13:57:49 1074812 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-07-09 13:57:49 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-07-09 13:57:17 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll

2012-07-09 13:57:17 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-07-09 13:57:17 123840 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2012-07-09 13:57:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-09 13:56:59 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-07-09 13:56:59 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-07-09 13:56:59 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-07-09 13:56:59 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-07-09 13:56:59 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-07-09 13:56:39 -------- d-----w- c:\program files\NVIDIA Corporation

2012-07-09 13:56:05 -------- d-----w- C:\NVIDIA

.

==================== Find3M ====================

.

2012-08-02 19:12:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-02 19:12:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll

.

============= FINISH: 0:20:13.06 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/11/2007 10:44:00 AM

System Uptime: 8/6/2012 7:04:18 PM (5 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L

Processor: Intel Pentium III Xeon processor | Socket 775 | 2700/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 59.661 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Parallel Device

Device ID: ROOT\LEGACY_HPFECP13\0000

Manufacturer:

Name: Parallel Device

PNP Device ID: ROOT\LEGACY_HPFECP13\0000

Service: HPFECP13

.

==== System Restore Points ===================

.

RP114: 5/9/2012 4:05:44 PM - System Checkpoint

RP115: 5/9/2012 11:32:21 PM - Installed DirectX

RP116: 5/15/2012 7:11:03 PM - System Checkpoint

RP117: 5/16/2012 2:59:36 AM - Installed DirectX

RP118: 5/16/2012 4:29:43 AM - Installed DirectX

RP119: 5/16/2012 11:44:57 PM - Installed DirectX

RP120: 5/20/2012 11:05:48 PM - System Checkpoint

RP121: 5/25/2012 12:55:43 PM - System Checkpoint

RP122: 5/29/2012 2:26:10 PM - System Checkpoint

RP123: 5/30/2012 2:47:43 PM - System Checkpoint

RP124: 5/31/2012 3:33:23 PM - System Checkpoint

RP125: 6/2/2012 7:12:43 PM - System Checkpoint

RP126: 6/3/2012 8:03:13 PM - System Checkpoint

RP127: 6/7/2012 2:05:29 PM - System Checkpoint

RP128: 6/19/2012 11:19:26 PM - System Checkpoint

RP129: 6/20/2012 12:04:45 AM - Removed Java 6 Update 31

RP130: 6/20/2012 12:05:12 AM - Installed Java 7 Update 5

RP131: 6/20/2012 12:05:48 AM - Installed JavaFX 2.1.1

RP132: 6/21/2012 4:10:12 PM - System Checkpoint

RP133: 6/22/2012 8:19:02 PM - System Checkpoint

RP134: 6/23/2012 8:22:08 PM - System Checkpoint

RP135: 6/26/2012 5:25:53 PM - System Checkpoint

RP136: 6/30/2012 12:55:07 PM - System Checkpoint

RP137: 7/1/2012 8:02:48 PM - System Checkpoint

RP138: 7/5/2012 4:19:17 AM - Installed DirectX

RP139: 7/7/2012 12:37:15 AM - Installed DirectX

RP140: 7/7/2012 5:17:05 PM - Installed DirectX

RP141: 7/8/2012 5:49:49 PM - System Checkpoint

RP142: 7/9/2012 7:01:11 AM - Installed DirectX

RP143: 7/9/2012 10:42:59 AM - Removed ATI Catalyst Control Center

RP144: 7/10/2012 10:39:23 PM - System Checkpoint

RP145: 7/17/2012 9:20:58 AM - System Checkpoint

RP146: 7/21/2012 6:26:32 PM - System Checkpoint

RP147: 7/22/2012 6:59:39 PM - System Checkpoint

RP148: 7/23/2012 7:29:45 PM - System Checkpoint

RP149: 7/24/2012 10:15:13 PM - System Checkpoint

RP150: 7/25/2012 10:33:56 PM - System Checkpoint

RP151: 7/27/2012 7:44:12 PM - System Checkpoint

RP152: 7/28/2012 8:41:00 PM - System Checkpoint

RP153: 7/29/2012 9:41:00 PM - System Checkpoint

RP154: 7/31/2012 11:26:17 AM - System Checkpoint

RP155: 8/2/2012 8:59:14 AM - System Checkpoint

RP156: 8/3/2012 9:24:03 AM - System Checkpoint

RP157: 8/4/2012 9:28:00 AM - System Checkpoint

RP158: 2/19/2009 12:47:32 PM - Installed HLM 7 for Windows (X86 Student).

RP159: 8/6/2012 7:59:30 PM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Action Replay XBOX 1.31

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader X (10.1.3)

Alarm Clock v1.0

ATI AVIVO Codecs

avast! Free Antivirus

Belkin 54g USB Network Adapter

Command & Conquer Tiberian Sun

Coupon Printer for Windows

Deus Ex

Deus Ex - Invisible War

Deus Ex: Human Revolution

Deus Ex: Human Revolution - The Missing Link

DVD Flick

DVD X Rescue

DVDXCopy Platinum 3.2.1

ffdshow [rev 3200] [2010-01-12]

High Definition Audio Driver Package - KB888111

HLM 7 for Windows (X86 Student)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP DeskJet 710C Series (Remove only)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MyProfessionalBusinessCards

NTI Backup NOW! 3

NTI DriveBackup! 3

NTI DVD-Maker

NTI DVD-Maker Gold

NTI DVD Player

NTI HomeVideo-Maker

NVIDIA Control Panel 301.42

NVIDIA Drivers

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA nForce Drivers

NVIDIA nView 136.27

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Update 1.8.15

NVIDIA Update Components

QFolder

Realtek AC'97 Audio

REALTEK Gigabit and Fast Ethernet NIC Driver

Realtek High Definition Audio Driver

Return to Castle Wolfenstein

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SiSoftware Sandra 2002 Professional

Steam

SUPERAntiSpyware

System Requirements Lab

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB980182)

USB Video Driver

VLC media player 1.0.1

WebFldrs XP

Westwood Shared Internet Components

WinASO Registry Optimizer 3.2

Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)

Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

8/1/2012 12:43:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FNETURPX

8/1/2012 12:37:36 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 b70eceb8, parameter3 b27515e8, parameter4 b27512e4.

8/1/2012 12:32:23 AM, error: System Error [1003] - Error code 000000de, parameter1 00000002, parameter2 e14e29e0, parameter3 e3e3a5c8, parameter4 84b7b8c0.

8/1/2012 12:27:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

7/31/2012 11:10:30 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 6CF0495DADFF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

Hello tqh,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Thanks for your help! Everything seemed to work correctly with a few exceptions. First, I received an error message when I ran RSIT.

I tried to include a print screen at the bottom but it didn't work. The error box read:

Please help us improve HijackThis by reporting this error

Click "Yes" to submit

Error details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)

Error #5 - Invlaid procedure call or argument

Windows version:Windows NT 5.01.2600

MSIE version: 8.0.6001.18702

HijackThis version: 2.0.4

It seemed to run, but I was unable to see "info.txt" after I saved it. I had to run a search on my computer and access it through the results of the search. Here are the two log files:

Logfile of random's system information tool 1.09 (written by random/random)

Run by poi at 2012-08-08 16:14:54

Microsoft Windows XP Professional Service Pack 3

System drive C: has 61 GB (53%) free of 114 GB

Total RAM: 3070 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:16:12 PM, on 8/8/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\USB TV\EM28XX\BDARemote.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\poi\Desktop\RSIT.exe

C:\Program Files\trend micro\poi.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=34506

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Startup: Seagate NA0LH0SB Product Registration.lnk = C:\Documents and Settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BDARemote.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://get.adobe.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 7017 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\avast! Emergency Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default

prefs.js - "browser.startup.homepage" - "about:blank"

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0, avg@igeared:6.103.018.001, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.270 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]

"Description"=

"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

npCouponPrinter.xpt

C:\Program Files\Mozilla Firefox\plugins\

npCouponPrinter.dll

npMozCouponPrinter.dll

nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

answers.xml

avg_igeared.xml

bing.xml

creativecommons.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\extensions\

donottrackplus@abine.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-06-25 17887232]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-20 134656]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-20 166912]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192]

"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []

"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\poi\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

Seagate NA0LH0SB Product Registration.lnk - C:\Documents and Settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2009-01-20 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Quake 3 Arena\quake3.exe"="C:\Quake 3 Arena\quake3.exe:*:Disabled:quake3"

"C:\Program Files\SPSS\spsssrvr.exe"="C:\Program Files\SPSS\spsssrvr.exe:*:Enabled:SPSS Manager"

"C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.exe:*:Disabled:SiSoftware Sandra Fat Client."

"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

"C:\Program Files\Steam\SteamApps\common\dxhrml\dxhrml.exe"="C:\Program Files\Steam\SteamApps\common\dxhrml\dxhrml.exe:*:Enabled:Deus Ex: Human Revolution - The Missing Link"

"C:\Program Files\Steam\SteamApps\common\deus ex - human revolution\dxhr.exe"="C:\Program Files\Steam\SteamApps\common\deus ex - human revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution"

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm

"VIDC.MPG4"=mpg4c32.dll

"VIDC.MP42"=mpg4c32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"msacm.voxacm160"=vct3216.acm

"msacm.scg726"=scg726.acm

"msacm.alf2cd"=alf2cd.acm

"msacm.ac3acm"=AC3ACM.acm

"vidc.dvsd"=mcdvd_32.dll

"vidc.xvid"=xvidvfw.dll

"vidc.DIVX"=DivX.dll

"vidc.mp43"=mpg4c32.dll

"VIDC.FFDS"=ff_vfw.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-08 16:14:54 ----D---- C:\rsit

2012-08-08 16:14:54 ----D---- C:\Program Files\trend micro

2012-08-07 12:11:16 ----D---- C:\Program Files\ERUNT

2012-08-03 23:26:16 ----A---- C:\WINDOWS\system32\hidserv.dll

2012-08-03 23:25:53 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys

2012-07-09 10:42:45 ----A---- C:\WINDOWS\WININIT.INI

2012-07-09 10:30:57 ----A---- C:\WINDOWS\system32\nvhdagenco3220103.dll

2012-07-09 08:58:59 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2012-07-09 08:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA

2012-07-09 08:57:17 ----A---- C:\WINDOWS\system32\nvhdap32.dll

2012-07-09 08:57:17 ----A---- C:\WINDOWS\system32\nvhdagenco322040.dll

2012-07-09 08:57:17 ----A---- C:\WINDOWS\system32\drivers\nvhda32.sys

2012-07-09 08:57:00 ----A---- C:\WINDOWS\system32\OpenCL.dll

2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvgenco32.dll

2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvdispco32.dll

2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvcuvid.dll

2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvcuvenc.dll

2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvcompiler.dll

2012-07-09 08:56:39 ----D---- C:\Program Files\NVIDIA Corporation

2012-07-09 08:56:05 ----D---- C:\NVIDIA

======List of files/folders modified in the last 1 month======

2012-08-08 16:15:07 ----D---- C:\WINDOWS\Prefetch

2012-08-08 16:14:54 ----RD---- C:\Program Files

2012-08-08 15:53:29 ----D---- C:\WINDOWS\ERDNT

2012-08-08 15:53:23 ----D---- C:\WINDOWS\temp

2012-08-08 15:49:24 ----D---- C:\WINDOWS\system32

2012-08-08 15:49:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-08-07 12:56:28 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-08-06 21:25:37 ----D---- C:\WINDOWS\system32\drivers

2012-08-06 16:56:26 ----SD---- C:\WINDOWS\Tasks

2012-08-06 10:27:50 ----D---- C:\Files from J

2012-08-04 19:37:31 ----D---- C:\WINDOWS\system32\CatRoot2

2012-08-04 10:10:23 ----D---- C:\Program Files\Steam

2012-08-03 23:26:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-08-02 14:12:32 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-08-02 07:19:09 ----D---- C:\WINDOWS

2012-08-01 00:42:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-08-01 00:35:21 ----D---- C:\WINDOWS\Minidump

2012-07-30 10:17:33 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-07-27 15:55:58 ----D---- C:\Program Files\Mozilla Firefox

2012-07-11 18:00:29 ----HD---- C:\WINDOWS\inf

2012-07-09 10:43:33 ----RSD---- C:\WINDOWS\assembly

2012-07-09 10:43:30 ----D---- C:\WINDOWS\WinSxS

2012-07-09 10:33:58 ----D---- C:\WINDOWS\system32\ReinstallBackups

2012-07-09 08:58:59 ----D---- C:\WINDOWS\Help

2012-07-09 08:58:19 ----D---- C:\Documents and Settings

2012-07-09 07:01:11 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2003-05-27 21120]

R0 nvatabus;nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [2003-06-18 54656]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43528]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-08-15 716272]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256]

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-07-03 35928]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-09-11 20747]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608]

R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []

R2 HPFECP13;HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-09-25 52800]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-25 5095936]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]

R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2007-09-11 6912]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2012-04-18 123840]

R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-09-11 33376]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 FNETURPX;FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS []

S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-06-25 1684736]

S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 FNETTBOH;FNETTBOH; C:\WINDOWS\System32\drivers\FNETTBOH.SYS []

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-05-14 51056]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-05-14 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-05-14 21488]

S3 hSONYPVh;hSONYPVh; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\hSONYPVh.sys []

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-20 6278560]

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-06-25 1389056]

S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-05-27 97280]

S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\System32\DRIVERS\rt73.sys [2005-08-02 232192]

S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]

S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys); C:\WINDOWS\System32\Drivers\xbreader.sys [2001-01-03 19677]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]

R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-27 113120]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-05-14 65795]

S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-09-10 411432]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-08-08 16:16:14

======Uninstall list======

-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Action Replay XBOX 1.31-->"C:\Program Files\Datel\Action Replay XBOX\unins000.exe"

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -maintain plugin

Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Alarm Clock v1.0-->"C:\Program Files\Alarm Clock\unins000.exe"

ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9

Command & Conquer Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE

Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"

Deus Ex - Invisible War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47BE1E5F-8978-484B-BE86-B616C00EA75A}\Setup.exe" -l0x9

Deus Ex: Human Revolution - The Missing Link-->"C:\Program Files\Steam\steam.exe" steam://uninstall/201280

Deus Ex: Human Revolution-->"C:\Program Files\Steam\steam.exe" steam://uninstall/28050

Deus Ex-->C:\DeusEx\System\Setup.exe uninstall "Deus Ex"

DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"

DVD X Rescue-->C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG"

DVDXCopy Platinum 3.2.1-->"C:\Program Files\321Studios\Platinum\uninstall.exe"

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ffdshow [rev 3200] [2010-01-12]-->"C:\Program Files\ffdshow\unins000.exe"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HLM 7 for Windows (X86 Student)-->MsiExec.exe /I{1D85FF63-55A4-4891-8372-CD891FCA4EDE}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP DeskJet 710C Series (Remove only)-->C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

Java 7 Update 5-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217005FF}

JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}

Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

MyProfessionalBusinessCards-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}\setup.exe" -l0x9 UNINSTALL

NTI Backup NOW! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText

NTI DriveBackup! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FDD2A92-9F75-4706-B8C2-08499A9863E6} /l1033 DIBText

NTI DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\Setup.exe" -l0x9

NTI DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText

NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7C2B282-DC3C-4837-9DFC-9E3D90DB2C44}\Setup.exe" -l0x9

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA Graphics Driver 301.42-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA HD Audio Driver 1.3.16.0-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage HDAudio.Driver

NVIDIA nForce Drivers-->C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers

NVIDIA nView 136.27-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.NView

NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall

NVIDIA PhysX System Software 9.12.0213-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

NVIDIA Update 1.8.15-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Update

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Return to Castle Wolfenstein-->C:\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\RETURN~1\Uninstall\Install.log

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""

Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

SiSoftware Sandra 2002 Professional-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\Uninst.isu"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"

USB Video Driver-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0009 -removeonly

VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Westwood Shared Internet Components-->C:\Westwood\Internetiii\UnstllAP.EXE

WinASO Registry Optimizer 3.2-->"C:\Program Files\WinASO\Registry Optimizer 3.2\unins000.exe"

Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\embda.inf

Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_754491038463AF55DC013DBF40581C2B1BFEE429\emaudio.inf

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free Edition 2011 (disabled)

AV: avast! Antivirus

======System event log======

Computer Name: FLOYD

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

FNETURPX

Record Number: 41791

Source Name: Service Control Manager

Time Written: 20120704215511.000000-300

Event Type: error

User:

Computer Name: FLOYD

Event Code: 1003

Message: Error code 00000019, parameter1 00000020, parameter2 e1603b68, parameter3 e1603b68, parameter4 0c000006.

Record Number: 41776

Source Name: System Error

Time Written: 20120701194018.000000-300

Event Type: error

User:

Computer Name: FLOYD

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

FNETURPX

Record Number: 41759

Source Name: Service Control Manager

Time Written: 20120701193904.000000-300

Event Type: error

User:

Computer Name: FLOYD

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

FNETURPX

Record Number: 41735

Source Name: Service Control Manager

Time Written: 20120701193101.000000-300

Event Type: error

User:

Computer Name: FLOYD

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 41734

Source Name: Tcpip

Time Written: 20120701193046.000000-300

Event Type: warning

User:

=====Application event log=====

Computer Name: FLOYD

Event Code: 11706

Message: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Record Number: 46

Source Name: MsiInstaller

Time Written: 20120603013832.000000-300

Event Type: error

User: FLOYD\poi

Computer Name: FLOYD

Event Code: 1001

Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles' failed during request for component '{C950EAC9-7056-4F89-9C7B-458959F26AF8}'

Record Number: 45

Source Name: MsiInstaller

Time Written: 20120603013821.000000-300

Event Type: warning

User: FLOYD\poi

Computer Name: FLOYD

Event Code: 1004

Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles', component '{209D419E-D59A-4292-BC10-F079C7B85CF5}' failed. The resource 'C:\Program Files\Microsoft Office\Office10\1033\ID_028.DPC' does not exist.

Record Number: 44

Source Name: MsiInstaller

Time Written: 20120603013821.000000-300

Event Type: warning

User: FLOYD\poi

Computer Name: FLOYD

Event Code: 11706

Message: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see .

Record Number: 43

Source Name: MsiInstaller

Time Written: 20120603013443.000000-300

Event Type: error

User: FLOYD\poi

Computer Name: FLOYD

Event Code: 1517

Message: Windows saved user FLOYD\JH registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 42

Source Name: Userenv

Time Written: 20120603012502.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Results of screen317's Security Check version 0.99.43

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2011

avast! Antivirus

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 7 Update 5

Adobe Flash Player 11.3.300.270

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 18% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Bitdefender did not create a log file. No infection was found.

RogueKiller

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: poi [Admin rights]

Mode: Scan -- Date: 08/08/2012 17:11:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[sUSP PATH] Seagate NA0LH0SB Product Registration.lnk @poi : C:\Documents and Settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120814A +++++

--- User ---

[MBR] d383a812ca530f3d451f72142fcc07e1

[bSP] 7f3a7c1c600a426261a9231ecbe99a9f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Finally, I still have remnants of AVG on this computer. One of the other helpers tried to help me get rid of it but you can see in the log files that it is showing up. Any ideas on how to get rid of it. I've tried the AVG removal tool.

How do you include a print screen in a post?

Should I undo the changes made in your 2nd step you posted?

Link to post
Share on other sites

Download, and SAVE, then run AVG 2012 Remover Tool 32-bit

http://download.avg....6_2012_2125.exe

After that finishes, logoff and Restart the system, fresh.

NO, do not undo the changes I had you do in step 2. We need to keep those settings for the duration.

If you took a screen capture (but please it must be helpful to both of us.... I don't know which you took or what purpose) you can attach it, after you press the More Reply options button.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the contents of the MBAM scan log in a reply.

Link to post
Share on other sites

Thanks again. MBAM did not find anything (log posted below). I do have the file in the AVAST virus chest.

I ran the AVG remover and it did not prompt me for a restart. I restarted anyways.

In regards to the capture screen I mentioned. I was going to capture the error message I received when running rsit. I wrote what the error message stated, so I guess that is good enough.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

poi :: FLOYD [administrator]

8/9/2012 8:27:02 AM

mbam-log-2012-08-09 (08-27-02).txt

Scan type: Full scan (A:\|C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 318156

Time elapsed: 40 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Most excellent result from MBAM scan.

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy & Paste the C:\Combofix.txt log and tell me, How is the system now :excl:

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

DDS and CF still detects AVG as a disabled anti-virus, so that removal tool did not get rid of it completely. Do you know why this is the case? I have the same problem with my laptop.

Thanks!

Here is the ComboFix Log:

ComboFix 12-08-09.01 - poi 08/09/2012 11:34:01.8.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2472 [GMT -5:00]

Running from: c:\documents and settings\poi\Desktop\Combo-Fix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\calc.exe

C:\install.exe

c:\windows\help\wmplayer.bak

c:\windows\system32\SET274.tmp

c:\windows\system32\SET27F.tmp

c:\windows\system32\SET284.tmp

c:\windows\system32\SET28B.tmp

c:\windows\system32\SET294.tmp

c:\windows\system32\SET296.tmp

c:\windows\system32\SET297.tmp

c:\windows\system32\SET299.tmp

c:\windows\system32\SET29C.tmp

c:\windows\system32\SET29E.tmp

c:\windows\system32\SET2AD.tmp

c:\windows\system32\SET2F.tmp

c:\windows\system32\SET34.tmp

c:\windows\system32\SET4D.tmp

c:\windows\system32\SET52.tmp

c:\windows\system32\SET59.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))

.

.

2012-08-08 22:04 . 2012-08-08 22:09 -------- d-----w- c:\documents and settings\poi\Application Data\QuickScan

2012-08-08 21:14 . 2012-08-08 22:15 -------- d-----w- C:\rsit

2012-08-08 21:14 . 2012-08-08 21:16 -------- d-----w- c:\program files\trend micro

2012-08-07 17:11 . 2012-08-07 17:11 -------- d-----w- c:\program files\ERUNT

2012-08-04 04:26 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-08-04 04:26 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-08-04 04:25 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-08-04 04:25 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-07-26 15:45 . 2012-07-26 15:45 -------- d-----w- c:\documents and settings\JH\Local Settings\Application Data\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 19:12 . 2012-04-10 22:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 19:12 . 2011-08-17 01:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 18:46 . 2010-05-26 19:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2011-07-16 04:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2011-07-16 04:53 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2011-07-16 04:53 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2011-07-16 04:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2011-07-16 04:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2011-07-16 04:53 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2011-07-16 04:53 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2011-07-16 04:53 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2011-07-16 04:52 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2011-07-16 04:52 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-02 20:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2009-06-27 21:38 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2009-06-27 21:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2009-06-27 21:38 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2010-03-28 17:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2009-06-27 21:38 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2008-08-14 05:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2008-08-14 05:10 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2009-06-27 21:38 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2008-08-14 05:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-15 10:18 . 2012-07-09 13:57 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:18 . 2012-07-09 13:56 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:18 . 2012-07-09 13:56 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:18 . 2012-07-09 13:56 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:18 . 2012-07-09 13:56 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:18 . 2012-07-09 13:56 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 10:18 . 2008-10-07 05:33 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18 . 2008-10-07 05:33 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18 . 2008-10-07 05:33 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18 . 2008-08-14 05:10 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18 . 2008-08-14 05:10 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 09:40 . 2008-10-07 05:33 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40 . 2008-10-07 05:33 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40 . 2008-10-07 05:33 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40 . 2008-10-07 05:33 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40 . 2008-10-07 05:33 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-07-27 20:55 . 2011-04-05 05:02 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]

"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]

.

c:\documents and settings\poi\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

Seagate NA0LH0SB Product Registration.lnk - c:\documents and settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe [2012-3-19 1731736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-11 113664]

BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-5-26 81997]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Quake 3 Arena\\quake3.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra 2002 Professional\\sandra.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\dxhrml\\dxhrml.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\deus ex - human revolution\\dxhr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2008 6:05 PM 716272]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/15/2011 11:53 PM 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/15/2011 11:53 PM 353688]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/15/2011 11:53 PM 21256]

R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 3:55 AM 52800]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/26/2010 2:27 PM 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [7/9/2012 10:33 AM 1262400]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/26/2010 2:23 PM 44032]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/26/2010 2:27 PM 22344]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/9/2012 8:57 AM 123840]

R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [9/11/2007 11:27 AM 33376]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 5:12 PM 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/27/2010 3:11 AM 1684736]

S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS --> c:\windows\system32\drivers\FNETTBOH.SYS [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 3:29 PM 113120]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:12]

.

2012-08-09 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-05 16:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: adobe.com\get

Trusted Zone: tamu.edu\voal

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:blank

.

- - - - ORPHANS REMOVED - - - -

.

Notify-AtiExtEvent - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-09 11:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2012-08-09 11:40:18

ComboFix-quarantined-files.txt 2012-08-09 16:40

.

Pre-Run: 64,046,522,368 bytes free

Post-Run: 64,044,441,600 bytes free

.

- - End Of File - - 8FB5521CF12384967C40B10517A4650B

Link to post
Share on other sites

Combofix result looks good.

As to AVG, could not tell you why remnants are still around.

Optional steps to use for AVG removal

Please download and install Revo Uninstaller Free

Double click Revo Uninstaller to run it.

From the list of programs double click on AVG

When prompted if you want to uninstall click Yes.

Be sure the Moderate option is selected then click Next.

The program will run, If prompted again click Yes

when the built-in uninstaller is finished click on Next.

Once the program has searched for leftovers click Next.

Check/tick the bolded items only on the list then click Delete

when prompted click on Yes and then on next.

put a check on any folders that are found and select delete

when prompted select yes then on next

Once done click Finish.

Now, back to our main goal, the system appears good to go.

How is your system now as compared to your initial issue ?

Do not go away, as we still have a final cleanup procedure before we end this.

Link to post
Share on other sites

I can't tell a difference as my system wasn't really behaving poorly/badly. I just got the notification from AVAST. My computer took 47 seconds from when I turned it on to the login screen (XP). I then let it sit for 7 seconds. It then took about 2 min. 10 sec. to where all items where loaded in the task bar. This seems about the same as before. Maybe a little faster. This computer is a bit older, but works well. Revo didn't show AVG as an installed app. What about the original file that I have in my AVAST virus chest? Was there another infection on my computer?

Man, you are quick. Appreciate it.

Link to post
Share on other sites

What about the original file that I have in my AVAST virus chest? Was there another infection on my computer?

A: Dunno. The item you'd listed was in a Windows restore-point, and thus was not active.

You may go to the Avast quarantine area, and delete it permanently.

I'd like for you to do one other scan, with Dr Web Cure-It.

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

I hope I did this correctly. My anti-virus may have re-enabled during the Dr.Web scan. I had to leave while it was scanning. It looks like it was able to complete the scan properly. I will run again if you think I should. The "CureIt.log" file is a 44 MB text file. Should I post it as well?

BugTool.exe;C:\Program Files\321Studios\Platinum;BackDoor.Bifrost.24389;Incurable.Moved.; A0033666.scr;C:\System Volume Information\_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP160;Trojan.MulDrop2.44246;Incurable.Moved.; A0033707.bat;C:\System Volume Information\_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP160;Probably SCRIPT.Virus;Incurable.Moved.; A0033845.exe;C:\System Volume Information\_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP161;BackDoor.Bifrost.24389;Incurable.Moved.;

Link to post
Share on other sites

No do not run it again. good grief ! 44MB is way too large.

This system had some serious backdoor trojans.

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.

I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you have decided.

IF and only IF you elect to continue with removal attempt, remember there's no guarantee that all will be caught & removed.

and if so,

then do the following:

  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt in your next reply.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq[*]Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

Link to post
Share on other sites

First, thanks for your help. Now, I need to make sure my laptop (we've been working on my desktop) is clean. I'm guessing it is possible for it to be infected as well and I don't want to change anything from another infected computer. Can we run the same scan(s) on the laptop?

For now, I'm going to try and clean the desktop. I will consider starting from scratch. Could this have happened due to Steam? I don't suppose you can tell how long the trojans have been on the machine. I will begin to take the steps for removal. Let me know what we can do with the laptop.

Link to post
Share on other sites

Try to not get me over-confused. What have you decide about "this case here" ?

One cannot tell how long trojans have been around.

IF you have a separate pc with a "suspected" problem (just don't add it into "this" thread.....) the 1st things are 1) full antivirus scan, 2) full MBAM scan. Then see what result is.

Link to post
Share on other sites

Sorry about the confusion. I have decided to try and remove/fix the problem for this case here.

Could the current problem be related to this past problem? Same computer.

http://forums.malwar...50

Here is the CKFiles log:

CKScanner - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11.WNNAVN

----- EOF -----

The ESET log file:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ecc663e6aaf2244aa350b9a7f35feef6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-10 07:51:33

# local_time=2012-08-10 02:51:33 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 78228 78228 0 0

# compatibility_mode=1026 16777190 0 2 86616411 86616411 0 0

# compatibility_mode=3073 16777214 0 39 29799123 35935486 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=67400

# found=0

# cleaned=0

# scan_time=3093

What is this in bold above in the ESET log (I added the bold so you could see what I was talking about)? ESET found no infections. There was no "details" tab present upon completion of the ESET scan.

Now, separate issue (separate computer that had a similar problem about 7 weeks ago [http://forums.malwarebytes.org/index.php?showtopic=111112&hl=&fromsearch=1]). I never ran Dr.Web CureIt when trying to address this problem. The two problems just seem similar (false positive alert by AVAST/MBAM, etc. logs clean). I will run AVAST scan and MBAM full scan.

Link to post
Share on other sites

Where & how did you upgrade to Internet Explorer 8 ?

Start I.E., select Help >> About.

Write down and post back the 1st 3 lines (verbatim): Version, Update version, and Cipher strength

Then using Internet Explorer

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Link to post
Share on other sites

I've had Explorer 8 for some time. It shows up in my MBAM logs going back to May 31, 2010. Here is the data you requested from the help-about screen:

Version: 8.0.6001.18702

Cipher Strength: 128-bit

Product ID: 01398-643-8526185-23342

Update Versions: 0

Should I run the full scan or quick scan on MS Safety Scanner. I'm currently running the full scan. It is going to take a very long time. No problem if that is what I need to run.

FYI. When I started my computer and logged on I had a crash (probably blue screen). I wasn't in the room the witness it. When I started up again, I received the message: Windows has recovered from a serious error... I wrote down the information to be sent in the error report. Let me know if you want to see those codes.

Link to post
Share on other sites

Later on and after this is all finished, you must visit Windows Update and insure you are all up-to-date with critical or important updates.

For now, I hope you have the system running the MS Safety scanner. Either full or quick scan will do. Full scan would be best.

IF you really had a BSOD stop screen, I'd need the actual STOP code and the descriptive lines around it.

Usually, with XP systems a " Windows has recovered from a serious error" is really an informational message that just means that XP has auto-enlarged the system pagingfile, and that is normal.

Link to post
Share on other sites

Thanks again for the quick replies.

I completed a full scan with MS Safety scanner. The scan found nothing - no viruses, malware, etc.

I'm not sure what you mean by the STOP code. How do you know if you had an actual BSOD stop screen? I've witnessed one of my crashes and it was a blue screen. However, it did not stay up long enough for me to read what was going on. I'm pretty sure it stated there was a critical error. But, like I said it was up for about 3 seconds.

Why do you think my system is not up-to-date? Is there a problem with my version of IE? I'm pretty sure that my system is up-to-date. You can't get version 9 for XP, correct? I will check after we have finished. Thanks for the heads-up.

Link to post
Share on other sites

Ok, good, the MS Safety scanner did not find anything; as did ESET online.

We can wrap this up now.

No, I don't think there's a problem with your IE. and, yes, on XP you cannot install IE9.

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste Combo-Fix /uninstall and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

RogueKiller.exe

Dr Web Cure-It

CKscanner.exe

SecurityCheck.exe

MS Safety scanner

Go to Control Panel >>Add-or=Remove Programs

Uninstall Bit Defender online scan

Uninstall ESET Online scanner

exit Control Panel

Safer practices & malware prevention

We are finished here. Best regards.

Link to post
Share on other sites

When I try to uninstall Combo-Fix I get this message:

Windows cannot find 'Combo-Fix'. Make sure you typed the mane correctly, and then try again. To search for a file, click the Start button, and the click Search.

I tried all kinds of variations and Windows can't find it in the "Run" box. However, it is sitting right on my desktop. What's up with that?

Link to post
Share on other sites

I was able to get ComboFix to uninstall by removing the dash (-) between Combo and Fix. Bitdefender is not in my list of Add/Remove

programs. There is an add-on that I have the option to disable. Is there an uninstall option? Everything else seemed to work. Thank

you very much.

So, I'm not truly 100% safe because there might be a backdoor trojan, correct?

On another note, something strange keeps happening. I went to control panel - add/remove prog. and when I closed everything out, my desktop flashed and I lost the graphic for 3 of my shortcuts. Two of them were for games and the third was actually in my quick launch area. The graphic for my calculator disappeared. They are now represented by the generic icon graphic. This has happened on multiple occasions. I didn't think anything of it until now because it keeps happening. If I restart the computer, they appear as normal. Nothing else returns them to normal. It is the same ones each time.

My desktop icons also keep disappearing and slowly reappearing (10 sec.) when I close out a few folders. Also, when I try to open a folder, for example, "My Computer", the list takes time to populate. This is the newest strange thing to happen. I recently installed a new graphics card. I also installed 2 GB of RAM a few months ago. I don't suppose either of these can cause a problem?

Is it safe to back-up all of my documents or is there a chance that whatever infected my computer will end up on my

external hard drive, usb, etc.?

I have windows 7 on my laptop. Is there a way that I can install it on my desktop? Can I create a recovery disk or something

like that from the laptop and then use it to install on my desktop computer? I know this is probably confusing and/or just a

poor question. Windows 7 came installed on my laptop and I don't have a disk. I don't want to do anything that would violate

their policies.

Can you help me make sure my laptop is safe? I haven't changed any passwords because I'm worried that my laptop might have a backdoor trojan like the system we have been working on. I would like to run that Dr.Web Cureit and see if something similar comes up.

Sorry for all of the questions. I'm just trying to make sure I am as safe as possible moving forward. I would like to safely and confidently use my laptop to change my passwords.

Thanks again!

Link to post
Share on other sites

There is no 100% guarantee of safety, or that everything was caught.

The safest way would be to wipe away your HDD and setup Windows fresh, along with antivirus & security software, and all your apps from scratch.

But having said that, I am confident your pc is good to go.

You must follow the safer pc practices (listed before).

Any other issue you are seeing (like graphics, etc) is due to other factors, unrelated to malware.

Yes, you can backup your documents.

NO, you cannot install the Windows 7 from one pc to another.

The only exception is, IF you have a retail purchased (full boxed) Windows 7 then you can migrate it to a new pc, but then you'd have to re-activate Windows AND de-install from the old system.

IF you have suspected malware on another system, please open a new topic in malware-removal-help.

IF you have non-malware related issues, please use PC Help forum http://forums.malwarebytes.org/index.php?showforum=6

I am closing this topic. All the best.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.