Jump to content

mbam will not work


Recommended Posts

ok i got infected the other day. and sybot got some of the infection avast version 5.0.545 got a few of the virrus's that came with it. also ran cc cleaner found a couple of troubles there. so i tried to open malwerebytes got the hourglass for a sec and nothing open. open my task manager and check to see if mbam.exe was running nothing there open it agin and it pop on the list for a sec and then gone. uninstalled mbam all to gether ran the cleaner and reinstalled .same prob start's and does nothing. i have all of the mbam listed in my exclude list in avast never had any conflick before. i listed it as a post said it might be the prob. also using the standerd firewall and running window xp home edtion ser pack 3 update are on and windows 32 bit malwerebytes free edition and avast free home edition thank u help

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-17 17:37:59

Windows 5.1.2600 Service Pack 3

Running: l25eowxm[1].exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uxdyyuow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA3F8CC7A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA3F8CB36]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA3F8D0EA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA3F8D014]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA3F8C70C]

SSDT spus.sys ZwEnumerateKey [0xF7339CA4]

SSDT spus.sys ZwEnumerateValueKey [0xF733A032]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA3F8CC10]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA3F8C64C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA3F8C6B0]

SSDT spus.sys ZwQueryKey [0xF733A10A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA3F8CD30]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA3F8D1B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA3F8CCF0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA3F8CE70]

INT 0x62 ? 86F68BF8

INT 0x73 ? 86F68BF8

INT 0x73 ? 86F68BF8

INT 0x73 ? 86D57F00

INT 0x73 ? 86F68BF8

INT 0x83 ? 86D57F00

INT 0xA4 ? 86D57F00

INT 0xB4 ? 86D57F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA3F99AC6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA3F998EA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA3F99A24]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54A3F8D0

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A3F99A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A3F998EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A3F95536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A3F96EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A3F99ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

? spus.sys The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF579E000, 0x1B601E, 0xE8000020]

.text USBPORT.SYS!DllUnload F57558AC 5 Bytes JMP 86D574E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A

.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F731C042] spus.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731C13E] spus.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F731C0C0] spus.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F731C800] spus.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F731C6D6] spus.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F732BE9C] spus.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

IAT C:\Program Files\Internet Explorer\iexplore.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[3616] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Ntfs \Ntfs 86FD71F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 86966500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 86D58500

Device \Driver\usbuhci \Device\USBPDO-1 86D58500

Device \Driver\usbuhci \Device\USBPDO-2 86D58500

Device \Driver\usbuhci \Device\USBPDO-3 86D58500

Device \Driver\usbehci \Device\USBPDO-4 86D55500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD91F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD91F8

Device \Driver\Cdrom \Device\CdRom0 86D7B1F8

Device \Driver\atapi \Device\Ide\IdePort0 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Cdrom \Device\CdRom1 86D7B1F8

Device \Driver\USBSTOR \Device\00000075 869BD500

Device \Driver\USBSTOR \Device\00000076 869BD500

Device \Driver\USBSTOR \Device\00000077 869BD500

Device \Driver\NetBT \Device\NetBt_Wins_Export 8692C500

Device \Driver\USBSTOR \Device\00000078 869BD500

Device \Driver\USBSTOR \Device\00000079 869BD500

Device \Driver\NetBT \Device\NetbiosSmb 8692C500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 86D58500

Device \Driver\usbuhci \Device\USBFDO-1 86D58500

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86958500

Device \Driver\usbuhci \Device\USBFDO-2 86D58500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 86958500

Device \Driver\usbuhci \Device\USBFDO-3 86D58500

Device \Driver\usbehci \Device\USBFDO-4 86D55500

Device \Driver\Ftdisk \Device\FtControl 86FD91F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{EC40FB84-AE79-4092-97D2-B3476AECB23B} 8692C500

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Fastfat \Fat 86966500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 8658E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x71 0x0A 0xF6 ...

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x71 0x0A 0xF6 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/2/2008 3:41:07 AM

System Uptime: 6/18/2010 5:25:58 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | Grouper

Processor: Intel® Pentium® 4 CPU 3.40GHz | CPU 1 | 3401/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 227 GiB total, 2.493 GiB free.

D: is FIXED (FAT32) - 6 GiB total, 0.707 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP464: 4/11/2010 4:45:57 PM - System Checkpoint

RP465: 4/14/2010 12:53:45 PM - System Checkpoint

RP466: 4/16/2010 9:13:41 AM - Software Distribution Service 3.0

RP467: 4/17/2010 5:42:02 PM - System Checkpoint

RP468: 4/18/2010 6:52:40 PM - System Checkpoint

RP469: 4/19/2010 6:58:37 PM - System Checkpoint

RP470: 4/22/2010 2:26:23 AM - System Checkpoint

RP471: 4/23/2010 5:08:15 PM - System Checkpoint

RP472: 4/25/2010 12:40:10 PM - System Checkpoint

RP473: 4/27/2010 3:23:06 PM - System Checkpoint

RP474: 4/28/2010 3:55:11 PM - System Checkpoint

RP475: 4/29/2010 4:24:22 PM - System Checkpoint

RP476: 5/1/2010 2:53:27 PM - System Checkpoint

RP477: 5/5/2010 7:51:39 PM - System Checkpoint

RP478: 5/6/2010 11:27:48 PM - System Checkpoint

RP479: 5/9/2010 11:12:04 AM - System Checkpoint

RP480: 5/10/2010 2:26:38 PM - System Checkpoint

RP481: 5/11/2010 4:39:52 PM - System Checkpoint

RP482: 5/12/2010 1:35:20 PM - Software Distribution Service 3.0

RP483: 5/13/2010 2:22:18 PM - System Checkpoint

RP484: 5/14/2010 7:00:50 PM - System Checkpoint

RP485: 5/17/2010 2:10:13 PM - System Checkpoint

RP486: 5/18/2010 2:27:17 PM - System Checkpoint

RP487: 5/19/2010 3:32:09 PM - System Checkpoint

RP488: 5/21/2010 11:06:58 PM - System Checkpoint

RP489: 5/23/2010 1:00:29 PM - System Checkpoint

RP490: 5/24/2010 1:55:05 PM - System Checkpoint

RP491: 5/26/2010 12:36:27 AM - Software Distribution Service 3.0

RP492: 5/27/2010 11:53:33 AM - System Checkpoint

RP493: 5/29/2010 6:58:15 AM - System Checkpoint

RP494: 5/30/2010 11:46:04 AM - System Checkpoint

RP495: 5/31/2010 12:13:23 PM - System Checkpoint

RP496: 6/1/2010 7:31:56 PM - Installed Windows Internet Explorer 8.

RP497: 6/1/2010 7:33:02 PM - Software Distribution Service 3.0

RP498: 6/1/2010 7:42:50 PM - Software Distribution Service 3.0

RP499: 6/3/2010 10:55:34 PM - System Checkpoint

RP500: 6/4/2010 11:42:52 PM - System Checkpoint

RP501: 6/5/2010 12:26:50 AM - Software Distribution Service 3.0

RP502: 6/6/2010 1:10:54 AM - System Checkpoint

RP503: 6/7/2010 2:33:07 PM - System Checkpoint

RP504: 6/8/2010 8:04:38 PM - System Checkpoint

RP505: 6/9/2010 11:41:37 PM - System Checkpoint

RP506: 6/10/2010 11:45:25 PM - System Checkpoint

RP507: 6/12/2010 12:48:55 AM - System Checkpoint

RP508: 6/13/2010 12:56:37 AM - System Checkpoint

RP509: 6/14/2010 1:46:33 AM - System Checkpoint

RP510: 6/15/2010 7:15:10 PM - System Checkpoint

RP511: 6/16/2010 7:43:35 PM - System Checkpoint

RP512: 6/17/2010 11:18:48 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Agere Systems PCI Soft Modem

AiO_Scan

AiOSoftware

Apple Application Support

Apple Software Update

ArcSoft MediaImpression

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

avast! Free Antivirus

Bonjour

BufferChm

CameraDrivers

CCleaner

CE15 1.5.60

Copy

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

Director

DivX Web Player

DocProc

DocumentViewer

Facebook Plug-In

Fax

Form Fill (Windows Live Toolbar)

Glary Registry Repair 3.0

Help and Support Additions

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet Preloaded Printer Drivers

HP Diagnostic Assistant

HP Image Zone 4.2.3

HP Image Zone Plus 4.2.3

HP Organize

HP Photosmart Cameras 4.0

HP PSC & OfficeJet 4.0

HP Software Update

HPIZ423

HpSdpAppCoreApp

InstantShare

InterVideo WinDVD Player

iTunes

J2SE Runtime Environment 5.0 Update 3

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 13

Java 6 Update 7

Junk Mail filter update

KBD

LimeWire 5.4.8

LS_HSI

Malwarebytes' Anti-Malware

Map Button (Windows Live Toolbar)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.6.3)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySpaceIM

OneCare Advisor (Windows Live Toolbar)

PhotoGallery

Popup Blocker (Windows Live Toolbar)

PrintScreen

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

QFolder

QuickProjects

QuickTime

Readme

Realtek High Definition Audio Driver

Rubik's Cube Challenge

Safari

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Segoe UI

SkinsHP1

Smart Menus (Windows Live Toolbar)

Software Jukebox 2.0 NA-02D

Spybot - Search & Destroy

TeamSpeak 2 RC2

TeamSpeak 3 Client

TestDrive Client

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB961503)

Updates from HP

Vietcong

VLC media player 1.0.5

Vuze

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

Xfire (remove only)

Yahoo! BrowserPlus 2.7.1

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Mail Advisor

Yahoo! Messenger

Yahoo! Toolbar

Zynga Toolbar

==== Event Viewer Messages From Past Week ========

6/18/2010 5:28:46 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 2 time(s).

6/17/2010 7:24:28 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

6/13/2010 1:33:14 PM, error: Service Control Manager [7034] - The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 10:07:00 AM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.

6/11/2010 3:10:09 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:34:00 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:56 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:54 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:36 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:33 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:25 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:15 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 2:33:04 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

6/11/2010 1:47:37 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

6/11/2010 1:46:23 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

6/11/2010 1:46:23 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by HP_Owner at 17:33:29.98 on Fri 06/18/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.383 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\GQJOJBG3\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:3327

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No File

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll

TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [nnkljjdrv] rundll32.exe "vtuvsq.dll",s

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [efdbyvdrv] rundll32.exe "vtuvsq.dll",s

dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe

dRun: [fcbyyxdrv] rundll32.exe "vtuvsq.dll",s

StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: {EC40FB84-AE79-4092-97D2-B3476AECB23B} = 91.188.60.223,8.8.8.8

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nnmjkl.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\7k89h0bw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=&tool_id=60531&qkw=

FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\7k89h0bw.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll

FF - plugin: c:\documents and settings\hp_owner\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\hp_owner\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-10-9 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-9 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-18 54752]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S4 Ahheners;Ahheners; [x]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-06-12 19:31:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 19:31:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-12 19:31:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 02:24:40 0 d-----w- c:\program files\CCleaner

2010-06-10 00:09:27 74752 ---ha-w- c:\windows\system32\vtuvsq.dll

2010-06-09 22:38:27 74752 ---ha-w- c:\windows\system32\awuurr.dll

2010-06-09 21:40:06 7168 --sha-w- c:\windows\Thumbs.db

2010-06-08 23:00:54 96768 ---ha-w- c:\windows\system32\cbxuvw.dll

2010-06-01 23:30:36 0 dc-h--w- c:\windows\ie8

==================== Find3M ====================

2010-01-13 21:29:45 18848592 ----a-w- c:\program files\LimeWireWin.exe

2009-03-21 05:06:09 10427840 ----a-w- c:\program files\Vuze_Installer.exe

2008-10-09 20:53:51 27462344 ----a-w- c:\program files\setupeng.exe

2008-09-20 00:13:04 23510720 ----a-w- c:\program files\dotnetfx.exe

2008-09-07 03:44:39 273846 ----a-w- c:\program files\3ssetup104.zip

2008-09-07 03:16:02 7507296 ----a-w- c:\program files\rminstall.exe

2008-09-01 21:43:45 2928600 ----a-w- c:\program files\ccsetup211.exe

2008-09-01 21:28:29 1909574 ----a-w- c:\program files\rrsetup.exe

2008-08-30 23:42:29 18895728 ----a-w- c:\program files\Install_Messenger.exe

2008-08-29 01:30:16 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-08-21 18:14:39 1885120 ----a-w- c:\program files\mbam-setup.exe

2008-08-21 00:04:01 15083520 ----a-w- c:\program files\spybotsd160.exe

2008-08-19 20:30:17 3347616 ----a-w- c:\program files\radio-amp-mp3-player.exe

2008-08-19 20:18:43 818192 ----a-w- c:\program files\world-tv-center-light.exe

2008-08-03 15:59:58 9501920 ----a-w- c:\program files\vlc-0.8.6i-win32.exe

2008-08-02 13:42:35 6820552 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe

2008-08-02 13:11:35 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-08-02 13:07:19 18027729 -c--a-w- c:\program files\Firefox 3.0.1.dmg

2008-08-02 10:45:41 1206366 ----a-w- c:\program files\wrar371.exe

2008-08-02 08:12:36 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe

2008-08-02 07:58:07 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe

2008-08-02 07:52:23 4279120 ----a-w- c:\program files\LimeWire[1].PRO.v4.12.6_setup.exe

2007-09-20 22:34:22 936960 ----a-w- c:\program files\WinRAR.exe

2008-09-01 04:44:43 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 17:35:58.39 ===============

Link to post
Share on other sites

Hi again,

LimeWire

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

ComboFix 10-06-18.03 - HP_Owner 06/19/2010 10:56:35.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.535 [GMT -4:00]

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Toolbar4

c:\program files\Search Toolbar

c:\program files\Search Toolbar\basis.xml

c:\program files\Search Toolbar\bg.bmp

c:\program files\Search Toolbar\bing_logo.png

c:\program files\Search Toolbar\celebrity.png

c:\program files\Search Toolbar\drop_images.png

c:\program files\Search Toolbar\drop_maps.png

c:\program files\Search Toolbar\drop_news.png

c:\program files\Search Toolbar\drop_videos.png

c:\program files\Search Toolbar\drop_web.png

c:\program files\Search Toolbar\facebook.png

c:\program files\Search Toolbar\favicon.png

c:\program files\Search Toolbar\games.png

c:\program files\Search Toolbar\hotmail.png

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\images.png

c:\program files\Search Toolbar\include.xml

c:\program files\Search Toolbar\info.txt

c:\program files\Search Toolbar\lifestyle.png

c:\program files\Search Toolbar\maps.png

c:\program files\Search Toolbar\messenger.png

c:\program files\Search Toolbar\msn.png

c:\program files\Search Toolbar\news.png

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\tbcore3.dll

c:\program files\Search Toolbar\tbhelper.dll

c:\program files\Search Toolbar\twitter.png

c:\program files\Search Toolbar\uninstall.exe

c:\program files\Search Toolbar\update.exe

c:\program files\Search Toolbar\version.txt

c:\program files\Search Toolbar\video.png

c:\program files\Search Toolbar\videos.png

c:\program files\Search Toolbar\weather.png

c:\program files\Search Toolbar\web.png

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\vtuvsq.dll

D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_FOLLOWER

((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))

.

2010-06-12 19:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 19:31 . 2010-06-12 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-12 19:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-10 02:24 . 2010-06-10 02:24 -------- d-----w- c:\program files\CCleaner

2010-06-09 22:57 . 2010-06-09 22:57 -------- d-----w- c:\documents and settings\Administrator.PATHFINDER\Application Data\Malwarebytes

2010-06-09 22:39 . 2010-06-09 22:39 -------- d-----w- c:\documents and settings\Administrator.PATHFINDER\Local Settings\Application Data\Mozilla

2010-06-09 22:38 . 2010-06-09 22:38 74752 ---ha-w- c:\windows\system32\awuurr.dll

2010-06-08 23:00 . 2010-06-08 23:00 96768 ---ha-w- c:\windows\system32\cbxuvw.dll

2010-06-08 22:56 . 2010-06-08 22:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-06-07 23:35 . 2010-06-09 04:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\omgxwi

2010-06-04 17:25 . 2010-06-05 13:12 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\vlc

2010-06-01 23:30 . 2010-06-01 23:32 -------- dc-h--w- c:\windows\ie8

2010-05-31 19:56 . 2010-06-09 04:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\stkqgvlvc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-19 15:11 . 2010-03-03 17:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire

2010-06-12 22:43 . 2008-08-21 18:15 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes

2010-06-12 19:31 . 2008-08-21 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-10 03:45 . 2008-08-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-10 02:32 . 2009-03-21 05:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Azureus

2010-06-09 16:05 . 2008-08-02 13:12 -------- d-----w- c:\program files\QuickTime

2010-06-05 11:17 . 2010-03-19 03:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-24 17:11 . 2010-05-28 23:17 65536 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll

2010-05-06 20:59 . 2008-10-09 20:54 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-05-06 20:59 . 2008-10-09 20:54 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2008-10-09 20:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2008-10-09 20:54 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2008-10-09 20:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:33 . 2008-10-09 20:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-05-06 20:33 . 2008-10-09 20:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-05-06 20:33 . 2008-10-09 20:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-06 20:33 . 2008-10-09 20:54 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-05-05 00:34 . 2008-08-02 18:13 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yahoo!

2010-04-29 14:34 . 2009-01-13 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-03-29 13:59 . 2010-05-19 20:08 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-03-29 13:59 . 2010-05-19 20:08 101376 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-01-13 21:29 . 2010-01-13 21:26 18848592 ----a-w- c:\program files\LimeWireWin.exe

2009-03-21 05:06 . 2009-03-21 05:04 10427840 ----a-w- c:\program files\Vuze_Installer.exe

2008-10-09 20:53 . 2008-08-02 07:51 27462344 ----a-w- c:\program files\setupeng.exe

2008-09-20 00:13 . 2008-09-20 00:12 23510720 ----a-w- c:\program files\dotnetfx.exe

2008-09-07 03:44 . 2008-09-07 03:28 273846 ----a-w- c:\program files\3ssetup104.zip

2008-09-07 03:16 . 2008-09-07 03:15 7507296 ----a-w- c:\program files\rminstall.exe

2008-09-01 21:43 . 2008-09-01 21:43 2928600 ----a-w- c:\program files\ccsetup211.exe

2008-09-01 21:28 . 2008-09-01 21:28 1909574 ----a-w- c:\program files\rrsetup.exe

2008-08-30 23:42 . 2008-08-30 23:42 18895728 ----a-w- c:\program files\Install_Messenger.exe

2008-08-29 01:30 . 2008-08-29 01:30 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-08-21 18:14 . 2008-08-21 18:14 1885120 ----a-w- c:\program files\mbam-setup.exe

2008-08-21 00:04 . 2008-08-21 00:03 15083520 ----a-w- c:\program files\spybotsd160.exe

2008-08-19 20:30 . 2008-08-19 20:28 3347616 ----a-w- c:\program files\radio-amp-mp3-player.exe

2008-08-19 20:18 . 2008-08-19 20:18 818192 ----a-w- c:\program files\world-tv-center-light.exe

2008-08-03 15:59 . 2008-08-03 15:59 9501920 ----a-w- c:\program files\vlc-0.8.6i-win32.exe

2008-08-02 13:42 . 2008-08-02 13:42 6820552 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe

2008-08-02 13:11 . 2008-08-02 13:11 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-08-02 13:07 . 2008-08-02 13:07 18027729 -c--a-w- c:\program files\Firefox 3.0.1.dmg

2008-08-02 10:45 . 2008-08-02 10:45 1206366 ----a-w- c:\program files\wrar371.exe

2008-08-02 08:12 . 2008-08-02 08:12 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe

2008-08-02 07:58 . 2008-08-02 07:57 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe

2008-08-02 07:52 . 2008-08-02 07:52 4279120 ----a-w- c:\program files\LimeWire[1].PRO.v4.12.6_setup.exe

2007-09-20 22:34 . 2008-09-07 03:30 936960 ----a-w- c:\program files\WinRAR.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-02-22 16:05 2353176 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-09 09:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\TeamSpeak 3 Client\\ts3client_win32.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Vietcong\\vietcong.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/9/2008 4:54 PM 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/9/2008 4:54 PM 19024]

S4 Ahheners;Ahheners; [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/31/2010 5:09 PM 721904]

.

Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{693EEB97-44AF-4F7B-B3B6-CD3B4B9BD3E7}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:3327

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

TCP: {EC40FB84-AE79-4092-97D2-B3476AECB23B} = 91.188.60.223,8.8.8.8

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=&tool_id=60531&qkw=

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll

FF - plugin: c:\documents and settings\HP_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

Toolbar-SITEguard - (no file)

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll

Toolbar-Locked - (no file)

WebBrowser-{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

HKU-Default-Run-awtuttdrv - vtuvsq.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-19 11:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2340)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\snmp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\ALCWZRD.EXE

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-06-19 11:17:21 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-19 15:17

Pre-Run: 2,727,526,400 bytes free

Post-Run: 2,782,351,360 bytes free

- - End Of File - - BA97088CF3706F4F2DED8B2A0BD8CFA5

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/2/2008 3:41:07 AM

System Uptime: 6/19/2010 11:09:30 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | Grouper

Processor: Intel® Pentium® 4 CPU 3.40GHz | CPU 1 | 3401/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 227 GiB total, 2.589 GiB free.

D: is FIXED (FAT32) - 6 GiB total, 0.707 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP464: 4/11/2010 4:45:57 PM - System Checkpoint

RP465: 4/14/2010 12:53:45 PM - System Checkpoint

RP466: 4/16/2010 9:13:41 AM - Software Distribution Service 3.0

RP467: 4/17/2010 5:42:02 PM - System Checkpoint

RP468: 4/18/2010 6:52:40 PM - System Checkpoint

RP469: 4/19/2010 6:58:37 PM - System Checkpoint

RP470: 4/22/2010 2:26:23 AM - System Checkpoint

RP471: 4/23/2010 5:08:15 PM - System Checkpoint

RP472: 4/25/2010 12:40:10 PM - System Checkpoint

RP473: 4/27/2010 3:23:06 PM - System Checkpoint

RP474: 4/28/2010 3:55:11 PM - System Checkpoint

RP475: 4/29/2010 4:24:22 PM - System Checkpoint

RP476: 5/1/2010 2:53:27 PM - System Checkpoint

RP477: 5/5/2010 7:51:39 PM - System Checkpoint

RP478: 5/6/2010 11:27:48 PM - System Checkpoint

RP479: 5/9/2010 11:12:04 AM - System Checkpoint

RP480: 5/10/2010 2:26:38 PM - System Checkpoint

RP481: 5/11/2010 4:39:52 PM - System Checkpoint

RP482: 5/12/2010 1:35:20 PM - Software Distribution Service 3.0

RP483: 5/13/2010 2:22:18 PM - System Checkpoint

RP484: 5/14/2010 7:00:50 PM - System Checkpoint

RP485: 5/17/2010 2:10:13 PM - System Checkpoint

RP486: 5/18/2010 2:27:17 PM - System Checkpoint

RP487: 5/19/2010 3:32:09 PM - System Checkpoint

RP488: 5/21/2010 11:06:58 PM - System Checkpoint

RP489: 5/23/2010 1:00:29 PM - System Checkpoint

RP490: 5/24/2010 1:55:05 PM - System Checkpoint

RP491: 5/26/2010 12:36:27 AM - Software Distribution Service 3.0

RP492: 5/27/2010 11:53:33 AM - System Checkpoint

RP493: 5/29/2010 6:58:15 AM - System Checkpoint

RP494: 5/30/2010 11:46:04 AM - System Checkpoint

RP495: 5/31/2010 12:13:23 PM - System Checkpoint

RP496: 6/1/2010 7:31:56 PM - Installed Windows Internet Explorer 8.

RP497: 6/1/2010 7:33:02 PM - Software Distribution Service 3.0

RP498: 6/1/2010 7:42:50 PM - Software Distribution Service 3.0

RP499: 6/3/2010 10:55:34 PM - System Checkpoint

RP500: 6/4/2010 11:42:52 PM - System Checkpoint

RP501: 6/5/2010 12:26:50 AM - Software Distribution Service 3.0

RP502: 6/6/2010 1:10:54 AM - System Checkpoint

RP503: 6/7/2010 2:33:07 PM - System Checkpoint

RP504: 6/8/2010 8:04:38 PM - System Checkpoint

RP505: 6/9/2010 11:41:37 PM - System Checkpoint

RP506: 6/10/2010 11:45:25 PM - System Checkpoint

RP507: 6/12/2010 12:48:55 AM - System Checkpoint

RP508: 6/13/2010 12:56:37 AM - System Checkpoint

RP509: 6/14/2010 1:46:33 AM - System Checkpoint

RP510: 6/15/2010 7:15:10 PM - System Checkpoint

RP511: 6/16/2010 7:43:35 PM - System Checkpoint

RP512: 6/17/2010 11:18:48 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Agere Systems PCI Soft Modem

AiO_Scan

AiOSoftware

Apple Application Support

Apple Software Update

ArcSoft MediaImpression

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

avast! Free Antivirus

Bonjour

BufferChm

CameraDrivers

CCleaner

CE15 1.5.60

Copy

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

Director

DivX Web Player

DocProc

DocumentViewer

Facebook Plug-In

Fax

Form Fill (Windows Live Toolbar)

Glary Registry Repair 3.0

Help and Support Additions

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet Preloaded Printer Drivers

HP Diagnostic Assistant

HP Image Zone 4.2.3

HP Image Zone Plus 4.2.3

HP Organize

HP Photosmart Cameras 4.0

HP PSC & OfficeJet 4.0

HP Software Update

HPIZ423

HpSdpAppCoreApp

InstantShare

InterVideo WinDVD Player

iTunes

J2SE Runtime Environment 5.0 Update 3

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 13

Java 6 Update 7

Junk Mail filter update

KBD

LimeWire 5.4.8

LS_HSI

Malwarebytes' Anti-Malware

Map Button (Windows Live Toolbar)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.6.3)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySpaceIM

OneCare Advisor (Windows Live Toolbar)

PhotoGallery

Popup Blocker (Windows Live Toolbar)

PrintScreen

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

QFolder

QuickProjects

QuickTime

Readme

Realtek High Definition Audio Driver

Rubik's Cube Challenge

Safari

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Segoe UI

SkinsHP1

Smart Menus (Windows Live Toolbar)

Software Jukebox 2.0 NA-02D

Spybot - Search & Destroy

TeamSpeak 2 RC2

TeamSpeak 3 Client

TestDrive Client

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB961503)

Updates from HP

Vietcong

VLC media player 1.0.5

Vuze

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

Xfire (remove only)

Yahoo! BrowserPlus 2.7.1

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Mail Advisor

Yahoo! Messenger

Yahoo! Toolbar

Zynga Toolbar

==== Event Viewer Messages From Past Week ========

6/18/2010 5:28:46 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 2 time(s).

6/17/2010 7:24:28 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

6/13/2010 1:33:14 PM, error: Service Control Manager [7034] - The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:28:47 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

6/12/2010 3:28:47 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.

6/12/2010 3:27:41 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

6/12/2010 3:27:40 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

6/12/2010 3:01:29 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:01:26 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:01:24 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:01:21 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:01:14 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:01:11 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

6/12/2010 3:01:09 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by HP_Owner at 11:35:02.15 on Sat 06/19/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.14 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Yahoo!\Common\YMailAdvisor.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\KFC7TAQZ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:3327

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No File

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll

TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe

StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: {EC40FB84-AE79-4092-97D2-B3476AECB23B} = 91.188.60.223,8.8.8.8

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\7k89h0bw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=&tool_id=60531&qkw=

FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\7k89h0bw.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll

FF - plugin: c:\documents and settings\hp_owner\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\hp_owner\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-10-9 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-9 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-18 54752]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S4 Ahheners;Ahheners; [x]

=============== Created Last 30 ================

2010-06-19 14:44:09 98816 ----a-w- c:\windows\sed.exe

2010-06-19 14:44:09 77312 ----a-w- c:\windows\MBR.exe

2010-06-19 14:44:09 256512 ----a-w- c:\windows\PEV.exe

2010-06-19 14:44:09 161792 ----a-w- c:\windows\SWREG.exe

2010-06-12 19:31:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 19:31:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-12 19:31:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 02:24:40 0 d-----w- c:\program files\CCleaner

2010-06-09 22:38:27 74752 ---ha-w- c:\windows\system32\awuurr.dll

2010-06-09 21:40:06 7168 --sha-w- c:\windows\Thumbs.db

2010-06-08 23:00:54 96768 ---ha-w- c:\windows\system32\cbxuvw.dll

2010-06-01 23:30:36 0 dc-h--w- c:\windows\ie8

==================== Find3M ====================

2010-01-13 21:29:45 18848592 ----a-w- c:\program files\LimeWireWin.exe

2009-03-21 05:06:09 10427840 ----a-w- c:\program files\Vuze_Installer.exe

2008-10-09 20:53:51 27462344 ----a-w- c:\program files\setupeng.exe

2008-09-20 00:13:04 23510720 ----a-w- c:\program files\dotnetfx.exe

2008-09-07 03:44:39 273846 ----a-w- c:\program files\3ssetup104.zip

2008-09-07 03:16:02 7507296 ----a-w- c:\program files\rminstall.exe

2008-09-01 21:43:45 2928600 ----a-w- c:\program files\ccsetup211.exe

2008-09-01 21:28:29 1909574 ----a-w- c:\program files\rrsetup.exe

2008-08-30 23:42:29 18895728 ----a-w- c:\program files\Install_Messenger.exe

2008-08-29 01:30:16 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-08-21 18:14:39 1885120 ----a-w- c:\program files\mbam-setup.exe

2008-08-21 00:04:01 15083520 ----a-w- c:\program files\spybotsd160.exe

2008-08-19 20:30:17 3347616 ----a-w- c:\program files\radio-amp-mp3-player.exe

2008-08-19 20:18:43 818192 ----a-w- c:\program files\world-tv-center-light.exe

2008-08-03 15:59:58 9501920 ----a-w- c:\program files\vlc-0.8.6i-win32.exe

2008-08-02 13:42:35 6820552 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe

2008-08-02 13:11:35 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-08-02 13:07:19 18027729 -c--a-w- c:\program files\Firefox 3.0.1.dmg

2008-08-02 10:45:41 1206366 ----a-w- c:\program files\wrar371.exe

2008-08-02 08:12:36 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe

2008-08-02 07:58:07 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe

2008-08-02 07:52:23 4279120 ----a-w- c:\program files\LimeWire[1].PRO.v4.12.6_setup.exe

2007-09-20 22:34:22 936960 ----a-w- c:\program files\WinRAR.exe

2008-09-01 04:44:43 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 11:37:30.45 ===============

Link to post
Share on other sites

Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode

  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=53799
Driver::
Ahheners
Collect::
c:\windows\system32\awuurr.dll
c:\windows\system32\cbxuvw.dll
Folder::
c:\documents and settings\HP_Owner\Local Settings\Application Data\omgxwi
c:\documents and settings\HP_Owner\Local Settings\Application Data\stkqgvlvc
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:3327
uInternet Settings,ProxyOverride = <local>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows, disable protection and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner

Link to post
Share on other sites

ComboFix 10-06-18.03 - HP_Owner 06/19/2010 20:35:47.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.553 [GMT -4:00]

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\HP_Owner\Local Settings\Application Data\omgxwi

c:\documents and settings\HP_Owner\Local Settings\Application Data\stkqgvlvc

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_AHHENERS

-------\Service_Ahheners

((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))

.

2010-06-20 00:30 . 2010-06-20 00:30 -------- d-----w- c:\program files\Common Files\Java

2010-06-20 00:28 . 2010-06-20 00:28 -------- d-----w- c:\program files\Sun

2010-06-20 00:27 . 2010-06-20 00:27 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-20 00:25 . 2010-06-20 00:25 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\PCHealth

2010-06-19 22:37 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-12 19:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 19:31 . 2010-06-12 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-12 19:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-10 02:24 . 2010-06-10 02:24 -------- d-----w- c:\program files\CCleaner

2010-06-09 22:57 . 2010-06-09 22:57 -------- d-----w- c:\documents and settings\Administrator.PATHFINDER\Application Data\Malwarebytes

2010-06-09 22:39 . 2010-06-09 22:39 -------- d-----w- c:\documents and settings\Administrator.PATHFINDER\Local Settings\Application Data\Mozilla

2010-06-08 22:56 . 2010-06-08 22:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-06-04 17:25 . 2010-06-05 13:12 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\vlc

2010-06-01 23:30 . 2010-06-01 23:32 -------- dc-h--w- c:\windows\ie8

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 00:51 . 2010-03-03 17:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire

2010-06-20 00:24 . 2004-10-22 00:27 -------- d-----w- c:\program files\Java

2010-06-12 22:43 . 2008-08-21 18:15 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes

2010-06-12 19:31 . 2008-08-21 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-10 03:45 . 2008-08-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-10 02:32 . 2009-03-21 05:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Azureus

2010-06-09 16:05 . 2008-08-02 13:12 -------- d-----w- c:\program files\QuickTime

2010-06-05 11:17 . 2010-03-19 03:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-24 17:11 . 2010-05-28 23:17 65536 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll

2010-05-06 20:59 . 2008-10-09 20:54 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-05-06 20:59 . 2008-10-09 20:54 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2008-10-09 20:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2008-10-09 20:54 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2008-10-09 20:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:33 . 2008-10-09 20:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-05-06 20:33 . 2008-10-09 20:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-05-06 20:33 . 2008-10-09 20:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-06 20:33 . 2008-10-09 20:54 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-05-06 10:41 . 2004-11-03 18:52 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-05 00:34 . 2008-08-02 18:13 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yahoo!

2010-05-02 05:22 . 2004-11-03 18:52 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 14:34 . 2009-01-13 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-04-20 05:30 . 2004-11-03 19:19 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-29 13:59 . 2010-05-19 20:08 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-03-29 13:59 . 2010-05-19 20:08 101376 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-01-13 21:29 . 2010-01-13 21:26 18848592 ----a-w- c:\program files\LimeWireWin.exe

2009-03-21 05:06 . 2009-03-21 05:04 10427840 ----a-w- c:\program files\Vuze_Installer.exe

2008-10-09 20:53 . 2008-08-02 07:51 27462344 ----a-w- c:\program files\setupeng.exe

2008-09-20 00:13 . 2008-09-20 00:12 23510720 ----a-w- c:\program files\dotnetfx.exe

2008-09-07 03:44 . 2008-09-07 03:28 273846 ----a-w- c:\program files\3ssetup104.zip

2008-09-07 03:16 . 2008-09-07 03:15 7507296 ----a-w- c:\program files\rminstall.exe

2008-09-01 21:43 . 2008-09-01 21:43 2928600 ----a-w- c:\program files\ccsetup211.exe

2008-09-01 21:28 . 2008-09-01 21:28 1909574 ----a-w- c:\program files\rrsetup.exe

2008-08-30 23:42 . 2008-08-30 23:42 18895728 ----a-w- c:\program files\Install_Messenger.exe

2008-08-29 01:30 . 2008-08-29 01:30 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-08-21 18:14 . 2008-08-21 18:14 1885120 ----a-w- c:\program files\mbam-setup.exe

2008-08-21 00:04 . 2008-08-21 00:03 15083520 ----a-w- c:\program files\spybotsd160.exe

2008-08-19 20:30 . 2008-08-19 20:28 3347616 ----a-w- c:\program files\radio-amp-mp3-player.exe

2008-08-19 20:18 . 2008-08-19 20:18 818192 ----a-w- c:\program files\world-tv-center-light.exe

2008-08-03 15:59 . 2008-08-03 15:59 9501920 ----a-w- c:\program files\vlc-0.8.6i-win32.exe

2008-08-02 13:42 . 2008-08-02 13:42 6820552 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe

2008-08-02 13:11 . 2008-08-02 13:11 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-08-02 13:07 . 2008-08-02 13:07 18027729 -c--a-w- c:\program files\Firefox 3.0.1.dmg

2008-08-02 10:45 . 2008-08-02 10:45 1206366 ----a-w- c:\program files\wrar371.exe

2008-08-02 08:12 . 2008-08-02 08:12 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe

2008-08-02 07:58 . 2008-08-02 07:57 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe

2008-08-02 07:52 . 2008-08-02 07:52 4279120 ----a-w- c:\program files\LimeWire[1].PRO.v4.12.6_setup.exe

2007-09-20 22:34 . 2008-09-07 03:30 936960 ----a-w- c:\program files\WinRAR.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-02-22 16:05 2353176 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\TeamSpeak 3 Client\\ts3client_win32.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Vietcong\\vietcong.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/9/2008 4:54 PM 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/9/2008 4:54 PM 19024]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/31/2010 5:09 PM 721904]

.

Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{693EEB97-44AF-4F7B-B3B6-CD3B4B9BD3E7}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

TCP: {EC40FB84-AE79-4092-97D2-B3476AECB23B} = 91.188.60.223,8.8.8.8

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=&tool_id=60531&qkw=

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7k89h0bw.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll

FF - plugin: c:\documents and settings\HP_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-19 20:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3372)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\snmp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\ALCWZRD.EXE

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2010-06-19 20:56:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-20 00:56

ComboFix2.txt 2010-06-19 15:17

Pre-Run: 1,602,158,592 bytes free

Post-Run: 1,547,730,944 bytes free

- - End Of File - - 25EF621DA0F11E1DCF5D8D612922C040

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-17 17:37:59

Windows 5.1.2600 Service Pack 3

Running: l25eowxm[1].exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uxdyyuow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA3F8CC7A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA3F8CB36]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA3F8D0EA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA3F8D014]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA3F8C70C]

SSDT spus.sys ZwEnumerateKey [0xF7339CA4]

SSDT spus.sys ZwEnumerateValueKey [0xF733A032]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA3F8CC10]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA3F8C64C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA3F8C6B0]

SSDT spus.sys ZwQueryKey [0xF733A10A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA3F8CD30]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA3F8D1B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA3F8CCF0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA3F8CE70]

INT 0x62 ? 86F68BF8

INT 0x73 ? 86F68BF8

INT 0x73 ? 86F68BF8

INT 0x73 ? 86D57F00

INT 0x73 ? 86F68BF8

INT 0x83 ? 86D57F00

INT 0xA4 ? 86D57F00

INT 0xB4 ? 86D57F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA3F99AC6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA3F998EA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA3F99A24]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54A3F8D0

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A3F99A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A3F998EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A3F95536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A3F96EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A3F99ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

? spus.sys The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF579E000, 0x1B601E, 0xE8000020]

.text USBPORT.SYS!DllUnload F57558AC 5 Bytes JMP 86D574E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A

.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F731C042] spus.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731C13E] spus.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F731C0C0] spus.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F731C800] spus.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F731C6D6] spus.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F732BE9C] spus.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

IAT C:\Program Files\Internet Explorer\iexplore.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[3616] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Ntfs \Ntfs 86FD71F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 86966500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 86D58500

Device \Driver\usbuhci \Device\USBPDO-1 86D58500

Device \Driver\usbuhci \Device\USBPDO-2 86D58500

Device \Driver\usbuhci \Device\USBPDO-3 86D58500

Device \Driver\usbehci \Device\USBPDO-4 86D55500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD91F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD91F8

Device \Driver\Cdrom \Device\CdRom0 86D7B1F8

Device \Driver\atapi \Device\Ide\IdePort0 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Cdrom \Device\CdRom1 86D7B1F8

Device \Driver\USBSTOR \Device\00000075 869BD500

Device \Driver\USBSTOR \Device\00000076 869BD500

Device \Driver\USBSTOR \Device\00000077 869BD500

Device \Driver\NetBT \Device\NetBt_Wins_Export 8692C500

Device \Driver\USBSTOR \Device\00000078 869BD500

Device \Driver\USBSTOR \Device\00000079 869BD500

Device \Driver\NetBT \Device\NetbiosSmb 8692C500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 86D58500

Device \Driver\usbuhci \Device\USBFDO-1 86D58500

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86958500

Device \Driver\usbuhci \Device\USBFDO-2 86D58500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 86958500

Device \Driver\usbuhci \Device\USBFDO-3 86D58500

Device \Driver\usbehci \Device\USBFDO-4 86D55500

Device \Driver\Ftdisk \Device\FtControl 86FD91F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{EC40FB84-AE79-4092-97D2-B3476AECB23B} 8692C500

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Fastfat \Fat 86966500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 8658E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x71 0x0A 0xF6 ...

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x71 0x0A 0xF6 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-17 17:37:59

Windows 5.1.2600 Service Pack 3

Running: l25eowxm[1].exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uxdyyuow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA3F8CC7A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA3F8CB36]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA3F8D0EA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA3F8D014]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA3F8C70C]

SSDT spus.sys ZwEnumerateKey [0xF7339CA4]

SSDT spus.sys ZwEnumerateValueKey [0xF733A032]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA3F8CC10]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA3F8C64C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA3F8C6B0]

SSDT spus.sys ZwQueryKey [0xF733A10A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA3F8CD30]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA3F8D1B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA3F8CCF0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA3F8CE70]

INT 0x62 ? 86F68BF8

INT 0x73 ? 86F68BF8

INT 0x73 ? 86F68BF8

INT 0x73 ? 86D57F00

INT 0x73 ? 86F68BF8

INT 0x83 ? 86D57F00

INT 0xA4 ? 86D57F00

INT 0xB4 ? 86D57F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA3F99AC6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA3F998EA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA3F99A24]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54A3F8D0

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A3F99A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A3F998EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A3F95536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A3F96EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A3F99ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

? spus.sys The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF579E000, 0x1B601E, 0xE8000020]

.text USBPORT.SYS!DllUnload F57558AC 5 Bytes JMP 86D574E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A

.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1104] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyng.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F731C042] spus.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731C13E] spus.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F731C0C0] spus.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F731C800] spus.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F731C6D6] spus.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F732BE9C] spus.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

IAT C:\Program Files\Internet Explorer\iexplore.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[3616] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Ntfs \Ntfs 86FD71F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 86966500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 86D58500

Device \Driver\usbuhci \Device\USBPDO-1 86D58500

Device \Driver\usbuhci \Device\USBPDO-2 86D58500

Device \Driver\usbuhci \Device\USBPDO-3 86D58500

Device \Driver\usbehci \Device\USBPDO-4 86D55500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD91F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD91F8

Device \Driver\Cdrom \Device\CdRom0 86D7B1F8

Device \Driver\atapi \Device\Ide\IdePort0 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7295B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Cdrom \Device\CdRom1 86D7B1F8

Device \Driver\USBSTOR \Device\00000075 869BD500

Device \Driver\USBSTOR \Device\00000076 869BD500

Device \Driver\USBSTOR \Device\00000077 869BD500

Device \Driver\NetBT \Device\NetBt_Wins_Export 8692C500

Device \Driver\USBSTOR \Device\00000078 869BD500

Device \Driver\USBSTOR \Device\00000079 869BD500

Device \Driver\NetBT \Device\NetbiosSmb 8692C500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 86D58500

Device \Driver\usbuhci \Device\USBFDO-1 86D58500

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86958500

Device \Driver\usbuhci \Device\USBFDO-2 86D58500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 86958500

Device \Driver\usbuhci \Device\USBFDO-3 86D58500

Device \Driver\usbehci \Device\USBFDO-4 86D55500

Device \Driver\Ftdisk \Device\FtControl 86FD91F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{EC40FB84-AE79-4092-97D2-B3476AECB23B} 8692C500

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Fastfat \Fat 86966500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 8658E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x71 0x0A 0xF6 ...

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x71 0x0A 0xF6 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.