Jump to content

Virus preventing antivirus program and internet use


Recommended Posts

Hello,

I am unable to turn on real-time shields on Avast; the same is true of the file and browser protections on Malwarebytes. My restore points were all wiped out, so that I cannot restore to an earlier point. I am runniing Windows XP. I have tried several things, including full Avast scan, Malwarebytes quick scan, and all the recommended steps on the Malwarebytes FAQ section (beginning with Chameleon) to no avail. I am connected to my home network, but have no access to the internet (Malwarebytes, for instance, is unable to update itself).

I would be very grateful for any help I can receive.

Thanks.

Javier

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Owner at 13:15:59 on 2012-12-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1204 [GMT -6:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IDT\WDM\STacSV.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\System32\accelerometerST.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\AutoHotkey\AutoHotkey.exe

C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files\Java\jre7\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe

C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.accuweather.com/en/us/wauwatosa-wi/53213/weather-forecast/2249421

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [sRSHDAudioLab] "c:\program files\srs labs\srs hd audio lab\HDAL.exe" auto

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\accelerometerST.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x6\programs\QFSCHD160.EXE"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [1] c:\program files\malwarebytes' anti-malware\chameleon\mbam-chameleon.exe /r /p

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\documents and settings\owner\start menu\programs\startup\AutoHotkey.ahk

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: MaxRecentDocs = dword:18

mPolicies-Explorer: NoSMConfigurePrograms = dword:1

mPolicies-Explorer: NoRecentDocsNetHood = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{E6EE2977-FE8F-4DBB-AF2B-7DE2348C1ACC} : DHCPNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SecurityProviders: SecurityProviders = schannel.dll, credssp.dll, digest.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\9x5buxx8.default-1353696594734\

FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/en/us/milwaukee-wi/53213/weather-forecast/23149_pc

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll

FF - plugin: c:\windows\npMSDM.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-11-08 08:39; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

FF - ExtSQL: 2012-11-19 20:47; infoatoms@infoatoms.com; c:\program files\mozilla firefox\extensions\infoatoms@infoatoms.com

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-23 13560]

R0 iastor7;iastor7;c:\windows\system32\drivers\iastor7.sys [2012-7-12 471360]

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-7-12 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2012-7-12 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-7-12 13616]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-5 361032]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-7-26 913792]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-5 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-5 44808]

R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-10-7 3472088]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-5 676936]

R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2011-4-29 1687360]

R2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [2011-2-2 12648]

R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-7-25 113664]

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-7-30 227896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2012-7-25 116224]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-12-5 35144]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-5 22856]

R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2012-12-2 390944]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-5 738504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-7-25 7476864]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-7-28 15576]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-7-28 10200]

S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\drivers\qcfilterhp2k.sys [2012-7-25 5248]

S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\drivers\qcombushp.sys [2012-7-25 123976]

S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2012-7-25 236032]

S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2012-7-25 190592]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-7-25 165888]

S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-6-21 407368]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-12-06 16:33:23 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-12-06 16:33:23 -------- d-----w- c:\windows\system32\wbem\Repository

2012-12-06 16:32:22 -------- d-----w- c:\program files\InfoAtoms

2012-12-06 16:32:05 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars

2012-12-06 13:23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-05 18:51:47 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-12-05 18:39:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-05 18:18:38 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-05 18:18:22 41224 ----a-w- c:\windows\avastSS.scr

2012-12-05 17:53:43 -------- d-----w- c:\windows\system32\xircom

2012-12-05 17:53:43 -------- d-----w- c:\windows\system32\wbem\snmp

2012-12-05 17:53:43 -------- d-----w- c:\windows\system32\oobe

2012-12-05 17:36:32 98816 ----a-w- c:\windows\sed.exe

2012-12-05 17:36:32 256000 ----a-w- c:\windows\PEV.exe

2012-12-05 17:36:32 208896 ----a-w- c:\windows\MBR.exe

2012-12-03 03:03:43 -------- d-----w- c:\documents and settings\owner\application data\Import Audio from Video

2012-12-03 03:02:00 -------- d-----w- c:\documents and settings\owner\application data\Mp3 Audio Editor

2012-12-03 03:01:37 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll

2012-12-03 03:01:37 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll

2012-12-03 03:01:37 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll

2012-12-03 03:01:37 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll

2012-12-03 03:01:37 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll

2012-12-03 03:01:37 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll

2012-12-03 03:01:36 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll

2012-12-03 03:01:36 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll

2012-12-03 03:01:36 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll

2012-12-03 03:01:36 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll

2012-12-03 03:01:35 -------- d-----w- c:\program files\Mp3 Audio Editor

2012-12-02 16:22:58 390944 ----a-r- c:\windows\system32\drivers\SRS_HDAL_i386.sys

2012-12-02 16:22:43 -------- d-----w- c:\program files\common files\Macrovision Shared

2012-12-02 16:22:41 -------- d-----w- c:\program files\common files\SRS Labs

2012-12-02 16:22:37 -------- d-----w- c:\program files\SRS Labs

2012-12-02 03:32:48 -------- d-----w- C:\Lyrics

2012-12-02 03:32:25 -------- d-----w- c:\program files\MiniLyrics

2012-11-23 20:23:06 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus

2012-11-23 20:22:16 -------- d-----w- c:\documents and settings\owner\application data\LavasoftStatistics

2012-11-23 20:12:19 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-11-23 20:11:43 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2012-11-23 20:11:31 -------- d-----w- c:\documents and settings\owner\local settings\application data\adawarebp

2012-11-23 20:10:26 -------- d-----w- c:\documents and settings\owner\application data\Ad-Aware Antivirus

2012-11-23 20:01:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-23 18:25:12 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2012-11-23 18:25:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-11-23 18:04:40 -------- d-----w- c:\documents and settings\owner\application data\GlarySoft

2012-11-23 18:04:39 -------- d-----w- c:\program files\Glary Utilities

2012-11-23 17:54:08 -------- d-----w- c:\program files\Real Alternative

2012-11-23 15:57:35 -------- d-----w- c:\documents and settings\owner\application data\AC3Filter

2012-11-22 21:34:36 -------- d-----w- c:\documents and settings\owner\local settings\application data\DFX

2012-11-20 03:22:15 -------- d-----w- c:\documents and settings\all users\application data\MediaMonkey

2012-11-20 02:47:46 -------- d-----w- c:\documents and settings\owner\local settings\application data\Babylon

2012-11-20 02:47:35 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-11-20 02:47:33 -------- d-----w- c:\documents and settings\owner\application data\Babylon

2012-11-18 16:21:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\MediaMonkey

2012-11-18 16:21:30 -------- d-----w- c:\documents and settings\owner\application data\MediaMonkey

2012-11-18 16:21:17 -------- d-----w- c:\program files\MediaMonkey

2012-11-18 15:53:30 -------- d-----w- c:\program files\M3U Creator

2012-11-17 16:05:28 -------- d-----w- c:\documents and settings\owner\application data\Mp3tag

2012-11-17 16:03:56 -------- d-----w- c:\program files\Mp3tag

2012-11-17 15:58:00 -------- d-----w- c:\program files\Musicmatch

2012-11-17 15:56:40 -------- d-----w- c:\documents and settings\owner\local settings\application data\Musicmatch

2012-11-16 04:25:00 -------- d-----w- c:\documents and settings\owner\application data\foobar2000

2012-11-16 04:24:51 -------- d-----w- c:\program files\foobar2000

2012-11-16 02:44:34 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2012-11-15 14:24:08 -------- d-----w- c:\windows\system32\LogFiles

2012-11-14 13:31:36 58368 ------w- c:\windows\system32\dllcache\synceng.dll

2012-11-14 05:21:58 -------- d-----w- c:\program files\NCH Swift Sound

2012-11-13 23:59:11 -------- d-----w- c:\documents and settings\owner\application data\CUE Tools

2012-11-13 23:29:17 -------- d-----w- C:\My Music

2012-11-13 23:28:55 -------- d-----w- c:\program files\AudioConverter Studio

2012-11-13 03:46:41 -------- d-----w- c:\documents and settings\owner\application data\EAC

2012-11-13 03:46:28 -------- d-----w- c:\documents and settings\owner\application data\AccurateRip

2012-11-13 03:46:20 -------- d-----w- c:\program files\Exact Audio Copy

2012-11-13 03:27:21 -------- d-----w- c:\program files\NCH Software

2012-11-11 18:17:56 -------- d-----w- c:\program files\Tag Support Plugin for Media Player

2012-11-11 17:59:03 104960 ----a-w- c:\program files\windows media player\wmp.dll

2012-11-11 17:59:03 -------- d-----w- c:\program files\WMP Tag Plus

2012-11-11 17:49:27 -------- d-----w- c:\program files\Essentials Codec Pack

2012-11-06 13:26:36 -------- d-----w- c:\windows\system32\C2MP

.

==================== Find3M ====================

.

2012-11-23 20:11:43 44424 ----a-w- c:\windows\system32\sbbd.exe

2012-11-20 02:43:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-20 02:43:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 08:43:24 1875328 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-25 05:30:54 3915776 ----a-w- c:\windows\system32\ffmpeg.dll

2012-09-25 05:30:04 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-09-25 05:29:52 3504128 ----a-w- c:\windows\system32\ffdshow.ax

2012-09-25 05:29:20 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2012-09-25 05:29:00 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2012-09-25 05:29:00 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2012-09-25 05:29:00 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2012-09-25 05:28:58 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2012-09-25 05:28:58 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2012-09-25 05:28:58 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2012-09-24 00:03:56 1289728 ----a-w- c:\windows\system32\VSFilter.dll

2012-09-08 21:00:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-08 21:00:26 746984 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 13:16:32.68 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/7/2005 10:24:05 AM

System Uptime: 12/5/2012 12:10:30 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 3634

Processor: Intel® Core2 Duo CPU P9300 @ 2.26GHz | Intel® Genuine processor | 2261/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 296 GiB total, 52.908 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

G: is Removable

H: is FIXED (FAT32) - 2 GiB total, 1.54 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_436C&SUBSYS_3634103C&REV_10\4&384C4504&0&00E5

Manufacturer: Marvell

Name: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_436C&SUBSYS_3634103C&REV_10\4&384C4504&0&00E5

Service: yukonwxp

.

==== System Restore Points ===================

.

RP1: 12/5/2012 11:48:39 PM - System Checkpoint

RP2: 11/30/2012 12:01:09 AM - trying to get rid of virus

RP3: 12/6/2012 12:02:28 AM - Restore Operation

RP4: 12/6/2012 10:13:25 AM - Removed Ad-Aware Antivirus.

RP5: 12/6/2012 10:31:40 AM - Restore Operation

RP6: 12/6/2012 11:00:54 AM - Removed Ad-Aware Antivirus.

RP7: 12/6/2012 11:03:37 AM - IObit Uninstaller restore point

RP8: 12/6/2012 11:05:01 AM - IObit Uninstaller restore point

RP9: 12/5/2012 12:09:32 PM - avast! Free Antivirus Setup

RP10: 12/5/2012 12:18:08 PM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20

A-PDF Page Cut

ActivClient x86

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Lightroom 3.4

Advanced SystemCare 5

Alt-Tab Task Switcher Powertoy for Windows XP

AutoHotkey 1.0.48.05

avast! Free Antivirus

AWC V4.11

BitLocker To Go Reader

Broadcom 802.11 Wireless LAN Adapter

Calculator Powertoy for Windows XP

calibre

ClearType Tuning Control Panel Applet

ContextConsole Shell Extension (x86-32)

Digitale Bibliothek 4

Dropbox

DVDFab 8.1.7.8 (17/04/2012) Qt

Exact Audio Copy 1.0beta3

FBReader for Windows

foobar2000 v1.1.17

Free M4a to MP3 Converter 7.1

FreeMind

Glary Utilities 2.50.0.1632

GoodSync

Google Chrome

Google Update Helper

HashCheck Shell Extension (x86-32)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

HP 3D DriveGuard

HP Battery Check

HP ESU for Microsoft Windows XP

HP Help and Support

HP Integrated Module with Bluetooth wireless technology

HP Quick Launch Buttons

HP QuickWeb

HP Web Camera

HP Webcam

HP Webcam Driver

HP Wireless Assistant

IDT Audio

Intel® Graphics Media Accelerator Driver

Java 7 Update 9

Java Auto Updater

K-Lite Mega Codec Pack 9.0.2

M3U Creator 1.0

M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1

Malwarebytes Anti-Malware version 1.65.1.1000

Media Player Codec Pack 4.2.3

MediaMonkey 4.0

MediaMonkey Script: MiniLyrics Embedder v1.4b

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Download Manager

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.6229

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6276

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219.380

Minilyrics(remove only)

MiniTool Partition Wizard Home Edition 7.5

Mobipocket Reader 6.2

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

Mp3 Audio Editor

Mp3tag v2.53

Neat Image v6.0 Pro+

PDF-XChange 2012 Pro

PhotoScape

Picasa 3

PowerISO

QLBCASL

Qualcomm Gobi 2000 Package for HP

Real Alternative 2.0.2

Scan Tailor

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Skype™ 5.10

Slice Audio File Splitter

Snagit 10.0.1

SRS HD Audio Lab

Synaptics Pointing Device Driver

SyncToy 2.1 (x86)

Taskbar Activate

The KMPlayer (remove only)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

USB2.0 Card Reader Software

User Profile Hive Cleanup Service

VLC media player 2.0.4

WebFldrs XP

WinCDEmu

Windows Essentials Media Codec Pack 4.0 [32-Bit]

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows PowerShell 1.0

Windows Search 4.0

WMP Tag Plus version 2.1

WordPerfect IFilter 32 bit

WordPerfect Office X5 - Migration Manager

WordPerfect Office X5 - Oxford

WordPerfect Office X5 - Setup Files

WordPerfect Office X5 - Sharepoint

WordPerfect Office X5 - WT

WordPerfect Office X6

WordPerfect Office X6 - Common Files

WordPerfect Office X6 - Common Files English

WordPerfect Office X6 - IPM

WordPerfect Office X6 - Lightning Files

WordPerfect Office X6 - Lightning Files English

WordPerfect Office X6 - Oxford

WordPerfect Office X6 - Presentations Files

WordPerfect Office X6 - Presentations Files English

WordPerfect Office X6 - Quattro Pro Files

WordPerfect Office X6 - Quattro Pro Files English

WordPerfect Office X6 - Setup Files

WordPerfect Office X6 - System Files

WordPerfect Office X6 - WordPerfect Files

WordPerfect Office X6 - WordPerfect Files English

WordPerfect Office X6 - WT

WordWeb

Youtube Downloader HD v. 2.9.5

.

==== Event Viewer Messages From Past Week ========

.

12/6/2012 8:26:43 AM, error: WMPNetworkSvc [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/6/2012 8:26:43 AM, error: Service Control Manager [7023] - The Windows Media Player Network Sharing Service service terminated with the following error: An attempt was made to reference a token that does not exist.

12/6/2012 8:26:43 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

12/6/2012 2:22:12 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/6/2012 12:21:04 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2012 12:21:04 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.

12/6/2012 12:21:03 AM, error: Service Control Manager [7001] - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/6/2012 12:21:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AswRdr aswSnx

12/6/2012 12:21:02 AM, error: Service Control Manager [7022] - The SRS HDAudio Lab Service service hung on starting.

12/6/2012 12:19:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/6/2012 12:18:40 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

12/6/2012 12:18:40 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/6/2012 12:18:40 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/6/2012 12:17:15 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

12/6/2012 12:08:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

12/6/2012 12:08:33 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/6/2012 12:08:32 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/6/2012 12:07:10 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

12/5/2012 8:48:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/5/2012 8:48:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AswRdr aswSnx aswSP aswTdi Fips intelppm SCDEmu

12/5/2012 8:06:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu

12/5/2012 8:06:28 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/5/2012 8:06:28 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/5/2012 8:06:28 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/5/2012 7:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SRS HDAudio Lab Service service to connect.

12/5/2012 7:36:54 PM, error: Service Control Manager [7000] - The SRS HDAudio Lab Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/5/2012 11:43:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AswRdr

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you very much.

Here are the logs for MBAM and ComboFix. Please note that, because I have no access to the internet through my infected computer, I had to update MBAM manually and that the rules appear to be a couple of days old.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.03.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: COMPUTER-1388 [administrator]

Protection: Enabled

12/5/2012 2:16:08 PM

mbam-log-2012-12-05 (14-16-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 271998

Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-12-04.01 - Owner 12/05/2012 14:40:55.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1054 [GMT -6:00]

Running from: G:\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\tcpip.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))

.

.

2012-12-06 16:33 . 2012-12-06 16:33 -------- d-----w- c:\windows\system32\wbem\Repository

2012-12-06 16:32 . 2012-12-06 16:32 -------- d-----w- c:\program files\InfoAtoms

2012-12-06 16:32 . 2012-12-06 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars

2012-12-06 13:23 . 2012-12-05 18:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-05 18:39 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-05 18:18 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-12-05 18:18 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-12-05 18:18 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-05 18:18 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-12-05 18:18 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-12-05 18:18 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-12-05 18:18 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-12-05 18:18 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-12-05 18:18 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr

2012-12-05 18:18 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-05 17:53 . 2012-12-05 17:53 -------- d-----w- c:\windows\system32\xircom

2012-12-05 17:53 . 2012-12-05 17:53 -------- d-----w- c:\windows\system32\wbem\snmp

2012-12-05 17:53 . 2012-12-05 17:53 -------- d-----w- c:\windows\system32\oobe

2012-12-05 17:53 . 2012-12-05 17:53 -------- d-----w- c:\program files\microsoft frontpage

2012-12-03 03:03 . 2012-12-03 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Import Audio from Video

2012-12-03 03:02 . 2012-12-03 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Mp3 Audio Editor

2012-12-03 03:01 . 2005-04-25 19:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll

2012-12-03 03:01 . 2005-04-25 19:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll

2012-12-03 03:01 . 2005-04-04 23:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll

2012-12-03 03:01 . 2005-03-28 21:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll

2012-12-03 03:01 . 2005-03-28 21:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll

2012-12-03 03:01 . 2005-02-24 17:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll

2012-12-03 03:01 . 2005-05-18 17:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll

2012-12-03 03:01 . 2005-05-17 18:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll

2012-12-03 03:01 . 2005-04-15 18:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll

2012-12-03 03:01 . 2004-11-04 19:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll

2012-12-03 03:01 . 2012-12-03 03:01 -------- d-----w- c:\program files\Mp3 Audio Editor

2012-12-02 16:22 . 2010-11-15 20:29 390944 ----a-r- c:\windows\system32\drivers\SRS_HDAL_i386.sys

2012-12-02 16:22 . 2012-12-02 16:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-12-02 16:22 . 2012-12-02 16:22 -------- d-----w- c:\program files\Common Files\SRS Labs

2012-12-02 16:22 . 2012-12-02 16:22 -------- d-----w- c:\program files\SRS Labs

2012-12-02 03:32 . 2012-12-02 03:56 -------- d-----w- C:\Lyrics

2012-12-02 03:32 . 2012-12-06 01:07 -------- d-----w- c:\program files\MiniLyrics

2012-11-23 23:10 . 2012-11-23 23:12 -------- d-----w- c:\program files\WINAMP

2012-11-23 20:23 . 2012-11-23 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus

2012-11-23 20:22 . 2012-12-06 16:13 -------- d-----w- c:\documents and settings\Owner\Application Data\LavasoftStatistics

2012-11-23 20:12 . 2012-11-23 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2012-11-23 20:12 . 2012-12-06 17:06 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-11-23 20:11 . 2012-11-23 20:11 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2012-11-23 20:11 . 2012-11-23 20:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\adawarebp

2012-11-23 20:10 . 2012-12-06 13:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Ad-Aware Antivirus

2012-11-23 20:01 . 2012-09-25 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-23 18:25 . 2012-11-23 18:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-11-23 18:25 . 2012-11-23 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-11-23 18:04 . 2012-11-23 18:25 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft

2012-11-23 18:04 . 2012-11-23 18:04 -------- d-----w- c:\program files\Glary Utilities

2012-11-23 17:54 . 2012-11-23 17:54 -------- d-----w- c:\program files\Real Alternative

2012-11-23 15:57 . 2012-11-23 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\AC3Filter

2012-11-22 21:34 . 2012-11-22 21:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DFX

2012-11-22 21:34 . 2012-11-22 21:34 -------- d-----w- c:\documents and settings\SUPPORT_388945a0

2012-11-22 21:34 . 2012-11-22 21:34 -------- d-----w- c:\documents and settings\HelpAssistant

2012-11-22 21:34 . 2012-11-22 21:34 -------- d-----w- c:\documents and settings\Guest

2012-11-22 21:34 . 2012-11-22 21:34 -------- d-----w- c:\documents and settings\ASPNET

2012-11-22 21:34 . 2012-11-22 21:34 -------- d-----w- c:\documents and settings\Administrator

2012-11-20 03:22 . 2012-11-20 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey

2012-11-20 02:47 . 2012-11-20 02:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Babylon

2012-11-20 02:47 . 2012-11-20 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-11-20 02:47 . 2012-11-20 02:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylon

2012-11-18 16:21 . 2012-11-18 16:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MediaMonkey

2012-11-18 16:21 . 2012-12-05 18:16 -------- d-----w- c:\documents and settings\Owner\Application Data\MediaMonkey

2012-11-18 16:21 . 2012-12-06 01:07 -------- d-----w- c:\program files\MediaMonkey

2012-11-18 15:53 . 2012-11-18 15:53 -------- d-----w- c:\program files\M3U Creator

2012-11-17 16:05 . 2012-11-18 05:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Mp3tag

2012-11-17 16:03 . 2012-11-17 16:03 -------- d-----w- c:\program files\Mp3tag

2012-11-17 15:58 . 2012-11-17 16:03 -------- d-----w- c:\program files\Musicmatch

2012-11-17 15:58 . 2012-11-17 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Musicmatch

2012-11-17 15:56 . 2012-11-17 15:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Musicmatch

2012-11-16 04:25 . 2012-12-06 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\foobar2000

2012-11-16 04:24 . 2012-11-18 16:16 -------- d-----w- c:\program files\foobar2000

2012-11-16 02:44 . 2012-11-16 02:44 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2012-11-15 14:24 . 2012-11-15 14:24 -------- d-----w- c:\windows\system32\LogFiles

2012-11-15 14:21 . 2012-11-15 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2012-11-14 13:31 . 2012-10-02 18:04 58368 ------w- c:\windows\system32\dllcache\synceng.dll

2012-11-14 05:22 . 2012-11-14 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2012-11-14 05:21 . 2012-11-14 05:21 -------- d-----w- c:\program files\NCH Swift Sound

2012-11-13 23:59 . 2012-12-03 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\CUE Tools

2012-11-13 23:29 . 2012-12-04 21:41 -------- d-----w- C:\My Music

2012-11-13 23:28 . 2012-11-18 04:51 -------- d-----w- c:\program files\AudioConverter Studio

2012-11-13 03:46 . 2012-11-13 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\EAC

2012-11-13 03:46 . 2012-11-13 04:22 -------- d-----w- c:\documents and settings\Owner\Application Data\AccurateRip

2012-11-13 03:46 . 2012-11-13 15:02 -------- d-----w- c:\program files\Exact Audio Copy

2012-11-13 03:28 . 2012-11-13 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2012-11-13 03:27 . 2012-11-13 04:12 -------- d-----w- c:\program files\NCH Software

2012-11-11 18:17 . 2012-11-11 18:17 -------- d-----w- c:\program files\Tag Support Plugin for Media Player

2012-11-11 17:59 . 2012-11-11 18:06 -------- d-----w- c:\program files\WMP Tag Plus

2012-11-11 17:59 . 2012-05-05 04:17 104960 ----a-w- c:\program files\Windows Media Player\wmp.dll

2012-11-11 17:49 . 2012-11-11 17:49 -------- d-----w- c:\program files\Essentials Codec Pack

2012-11-06 13:26 . 2012-11-06 13:26 -------- d-----w- c:\windows\system32\C2MP

2012-11-06 07:24 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-23 20:11 . 2012-09-20 11:39 44424 ----a-w- c:\windows\system32\sbbd.exe

2012-11-20 02:43 . 2012-07-11 11:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-20 02:43 . 2012-07-11 11:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 08:43 . 2012-06-13 13:29 1875328 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-25 05:30 . 2012-09-25 05:30 3915776 ----a-w- c:\windows\system32\ffmpeg.dll

2012-09-25 05:30 . 2012-09-25 05:30 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-09-25 05:29 . 2012-09-25 05:29 3504128 ----a-w- c:\windows\system32\ffdshow.ax

2012-09-25 05:29 . 2012-09-25 05:29 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2012-09-25 05:29 . 2012-09-25 05:29 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2012-09-25 05:29 . 2012-09-25 05:29 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2012-09-25 05:29 . 2012-09-25 05:29 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2012-09-25 05:28 . 2012-09-25 05:28 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2012-09-25 05:28 . 2012-09-25 05:28 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2012-09-25 05:28 . 2012-09-25 05:28 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\system32\VSFilter.dll

2012-09-08 21:00 . 2012-07-25 20:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-08 21:00 . 2012-07-25 20:46 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-05 07:14 . 2012-12-05 07:14 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A}]

2012-05-07 21:40 418912 ----a-w- c:\program files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A}"= "c:\program files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll" [2012-05-07 418912]

.

[HKEY_CLASSES_ROOT\clsid\{42dfa04f-0f16-418e-b80c-ab97a5afad3a}]

[HKEY_CLASSES_ROOT\PXCIEaddin5.PXCIEaddinBHO.1]

[HKEY_CLASSES_ROOT\TypeLib\{A9182958-5371-4f59-B3F7-EF4AF1AF0697}]

[HKEY_CLASSES_ROOT\PXCIEaddin5.PXCIEaddinBHO]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]

"SRSHDAudioLab"="c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe" [2011-02-02 726856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-23 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-23 170008]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-23 145432]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

"AccelerometerSysTrayApplet"="c:\windows\System32\accelerometerST.exe" [2009-04-07 70200]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE" [2012-07-31 169416]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-07 128512]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

AutoHotkey.ahk [2010-1-29 2701]

Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 18 (0x12)

"NoSMConfigurePrograms"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders schannel.dll, credssp.dll, digest.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Siber Systems\\GoodSync\\GoodSync.exe"=

"c:\\Program Files\\Siber Systems\\GoodSync\\GsExplorer.exe"=

"c:\\Program Files\\Siber Systems\\GoodSync\\Gs-Server.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"33333:TCP"= 33333:TCP:GoodSync Server incoming connections

"33338:UDP"= 33338:UDP:GoodSync Server LAN discovery

.

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [11/23/2012 2:11 PM 13560]

R0 iastor7;iastor7;c:\windows\system32\drivers\iastor7.sys [7/12/2012 7:43 AM 471360]

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [7/12/2012 7:43 AM 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [7/12/2012 7:43 AM 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [7/12/2012 7:43 AM 13616]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/5/2012 12:18 PM 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/5/2012 12:18 PM 361032]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [7/26/2012 2:18 PM 913792]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/5/2012 12:18 PM 21256]

R2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [10/7/2012 8:55 PM 3472088]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/5/2012 12:39 PM 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2012 12:39 PM 676936]

R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [4/29/2011 3:44 PM 1687360]

R2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2/2/2011 10:58 AM 12648]

R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/25/2012 4:19 PM 113664]

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [6/4/2011 2:14 PM 117584]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/30/2012 2:55 PM 227896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/25/2012 4:52 PM 116224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/5/2012 12:39 PM 22856]

R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [12/2/2012 10:22 AM 390944]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [7/25/2012 9:33 AM 7476864]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [7/28/2012 7:22 AM 15576]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [7/28/2012 7:22 AM 10200]

S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\drivers\qcfilterhp2k.sys [7/25/2012 8:19 PM 5248]

S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\drivers\qcombushp.sys [7/25/2012 8:19 PM 123976]

S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [7/25/2012 8:19 PM 236032]

S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [7/25/2012 8:19 PM 190592]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/25/2012 5:10 PM 165888]

S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_i386.sys [6/21/2012 4:04 PM 407368]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSCHEDULER

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 02:43]

.

2012-12-05 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-05 23:50]

.

2012-12-05 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2012-11-23 18:45]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-25 19:51]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-25 19:51]

.

2012-12-06 c:\windows\Tasks\Windows Codec Update Service.job

- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.accuweather.com/en/us/wauwatosa-wi/53213/weather-forecast/2249421

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X6\Programs\WPLauncher.hta

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9x5buxx8.default-1353696594734\

FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/en/us/milwaukee-wi/53213/weather-forecast/23149_pc

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - ExtSQL: 2012-11-08 08:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2012-11-19 20:47; infoatoms@infoatoms.com; c:\program files\Mozilla Firefox\extensions\infoatoms@infoatoms.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-05 14:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

c:\program files\ActivIdentity\ActivClient\aclog.dll

c:\program files\ActivIdentity\ActivClient\accrypto.dll

c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\program files\ActivIdentity\ActivClient\aipingui.dll

c:\program files\ActivIdentity\ActivClient\acevtsub.dll

c:\program files\ActivIdentity\ActivClient\asphat32.dll

c:\program files\ActivIdentity\ActivClient\acerrmes.dll

c:\program files\ActivIdentity\ActivClient\aiwinext.dll

c:\program files\ActivIdentity\ActivClient\aspcom.dll

c:\program files\ActivIdentity\ActivClient\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

.

- - - - - - - > 'explorer.exe'(1736)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-12-05 14:57:28

ComboFix-quarantined-files.txt 2012-12-05 20:57

ComboFix2.txt 2012-12-05 17:50

.

Pre-Run: 56,714,821,632 bytes free

Post-Run: 56,587,825,152 bytes free

.

- - End Of File - - 2BFD51FC66AB45617790102C7A355932

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of ComboFix.

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

  • Staff

Here is my standard prevention speech so you can keep yourself protected for the future.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is imperative that you have an antivirus. You are basically asking for infection without one. :lol:

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.