Jump to content

Recommended Posts

Symptoms:

----------------------------

First sign: I noticed that for ~5mins my task manager was disabled

Second sign: Hangs at startup (nearly heart-attack inducing i might add)

Additional symptoms:

*Search engine redirection (every search engine that I have tried)

*Periodically ads will play through my speakers (only when I am connected to the internet, but even when no Internet-related software is running)

*Constant messages informing me that an IE script has malfunctioned (the message also seems to contain advertisement website addresses)

*Cant seem to burn any cds

*Recent system-wide slowdowns

As soon as I noticed something was wrong I began scanning my computer with various software. Some of the scans found and repaired things, but it certainly isn't gone yet.

"PC Health" related programs installed:

----------------------------------------------

*Avast! antivirus

*Comodo firewall

*Spybot

*Ad-Aware

*Hitman Pro 3.5

*Malwarebytes' Anti-Malware

*SUPERAntiSpyware Free Edition

Notes:

---------------------------

*I have disabled Avast! and Comodo to make sure their real-time protection isn't interfering with any of my scans. This does not seem to have had any negative effects (other than the decreased security).

*It seems to have been silently installed through firefox

Recent changes to my system:

-------------------------------

(Pre-Infection)

*Removal of alot of unused software

*Upgraded to Firefox4

(Post-Infection)

*Installed: Ad-Aware

*Installed: Hitman Pro 3.5

*Installed: Malwarebytes' Anti-Malware

*Installed: SUPERAntiSpyware Free Edition

I followed all of the Prelim steps which I found here on the forum, and I have attached the suggested files.

I am an amateur game developer, and this thing seems like it is going to cost me ~60hrs of work since I last backed up my engine/media (not to mention the sense of disconnection that I already have towards the older version). If you like I can post a screenshot or two of what you are helping to preserve.

Here is my MalwareBytes Log:

------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6567

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

5/13/2011 7:34:38 AM

mbam-log-2011-05-13 (07-34-38).txt

Scan type: Quick scan

Objects scanned: 52423

Time elapsed: 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is my DDS Log:

----------------------------------------------------

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Compaq_Administrator at 13:11:11.81 on Fri 05/13/2011

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1390 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Norton Internet Worm Protection *Disabled*

FW: COMODO Firewall *Disabled*

FW: Kaspersky Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programming\3DS MAX 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Program Files\nHancer\nHancerService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\spm\spmdib.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\New Folder\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{D4195F3D-C51E-4215-A814-9123F7FDD72B}

mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{D4195F3D-C51E-4215-A814-9123F7FDD72B}

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop

uInternet Settings,ProxyOverride = <local>

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm

IE: Download with USDownloader - c:\new downloads\new folder (2)\ext\downloadie.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: trymedia.com

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: {D3735A09-FE33-4B60-A634-03169DF14EA9} = 156.154.70.22,156.154.71.22

TCP: {ED7C799B-266C-4FCC-B417-CE8C5238DBB1} = 156.154.70.22,156.154.71.22

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 38.113.174.32 view.atdmt.com

Hosts: 38.113.174.32 delb.myspace.com

Hosts: 72.167.163.234 www.google-analytics.com

Hosts: 38.113.174.32 dehp.myspace.com

Hosts: 38.113.174.32 debr.myspace.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\rnq5iga2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 4

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-13 64512]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-2 307928]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 242472]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-2 19544]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1779792]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programming\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 29400]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-5-2 42184]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2146496]

S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2002-7-1 95232]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2008-6-21 17149]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]

S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [2008-6-30 186368]

S3 NETGEAR NETGEAR_MA101_USB_Adapter®;NETGEAR NETGEAR_MA101_USB_Adapter® Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma1012kr.sys [2008-6-21 93312]

S3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rnd.sys --> c:\windows\system32\drivers\ma101rnd.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

.

=============== Created Last 30 ================

.

2011-05-13 13:13:30 -------- d-----w- C:\AV shortcuts

2011-05-13 13:04:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-13 12:50:14 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-05-13 12:49:56 -------- d-----w- c:\program files\Lavasoft

2011-05-12 13:18:13 -------- d-----w- c:\windows\7GOV3AIQX5DKS08F

2011-05-12 13:11:42 134464 ----a-w- c:\windows\system32\LnkProtect.dll

2011-05-12 13:10:14 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-05-12 13:02:00 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-12 13:01:59 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-05-12 13:00:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-05-12 11:53:57 -------- d-----w- c:\windows\5KR4IW9N0FT7V3BJ

2011-05-12 11:36:15 98816 ----a-w- c:\windows\sed.exe

2011-05-12 11:36:15 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 11:36:15 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 11:36:15 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 06:58:08 -------- d-----w- c:\windows\CLU2BKT18GOV3BIQ

2011-05-11 12:48:54 -------- d-----w- c:\windows\2BJRY6EMU1AJRZ7F

2011-05-11 11:51:25 -------- d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com

2011-05-11 11:51:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-05-11 11:50:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-11 10:57:05 -------- d-----w- c:\windows\U3BJRZ6ELU3BIQY6

2011-05-11 08:10:18 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes

2011-05-11 08:09:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-11 08:09:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-11 08:09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-11 05:55:02 -------- d-----w- c:\windows\Y6EMT19HPW4CKRZ7

2011-05-05 18:02:42 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-05 18:02:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-05 18:02:42 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-05 18:02:42 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-05 18:02:42 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-05 18:02:41 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-05 18:02:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-05 18:02:40 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-04 07:20:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-05-02 10:17:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-02 10:17:48 40112 ----a-w- c:\windows\avastSS.scr

2011-05-02 09:11:48 -------- d-----w- c:\program files\COMODO

2011-05-02 09:10:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2011-05-02 08:36:56 -------- d-----w- C:\Desktop Cleanup

2011-05-02 08:28:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2011-04-30 10:05:26 -------- d-----w- c:\docume~1\compaq~1\applic~1\fltk.org

.

==================== Find3M ====================

.

2011-05-05 08:51:28 284744 ----a-w- c:\windows\system32\guard32.dll

.

============= FINISH: 13:13:11.03 ===============

I have attached the compressed file containing the GMER and "Attach.txt" files.

Logs.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

Looks like you're running 3 anti-virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

Uninstall 2 of the 3.

Reboot and post a new DDS Log

Also let me know how it's running.

Link to post
Share on other sites

Lavasoft Ad-Watch Live! Anti-Virus - I dont have the full version so there is no real-time protection. I only use it when I have manually disabled Avast!'s startup and it's services.

Kaspersky Internet Security - This hasnt been installed on my machine for over a year. I am not sure why it is still showing up.

I will Uninstall Lavasoft and post the new log.

Link to post
Share on other sites

Also let me know how it's running.

Windows itself doesn't seem to be running badly, and all of my software seems to be working fine (other than the obvious problems). It might be that my DVDRW crapped out at the same time that I became infected, but I am hoping not.

Here are my new DDS logs

DDS.txt:

--------------------------------------

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Compaq_Administrator at 16:22:09.73 on Tue 05/17/2011

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1563 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Norton Internet Worm Protection *Disabled*

FW: COMODO Firewall *Disabled*

FW: Kaspersky Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\nHancer\nHancerService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\New Folder\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{D4195F3D-C51E-4215-A814-9123F7FDD72B}

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop

uInternet Settings,ProxyOverride = <local>

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm

IE: Download with USDownloader - c:\new downloads\new folder (2)\ext\downloadie.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: trymedia.com

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: {D3735A09-FE33-4B60-A634-03169DF14EA9} = 156.154.70.22,156.154.71.22

TCP: {ED7C799B-266C-4FCC-B417-CE8C5238DBB1} = 156.154.70.22,156.154.71.22

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 38.113.174.32 view.atdmt.com

Hosts: 38.113.174.32 delb.myspace.com

Hosts: 72.167.163.234 www.google-analytics.com

Hosts: 38.113.174.32 dehp.myspace.com

Hosts: 38.113.174.32 debr.myspace.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\rnq5iga2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 4

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-2 307928]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 242472]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-2 19544]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1779792]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 29400]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-5-2 42184]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]

S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programming\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]

S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2002-7-1 95232]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2008-6-21 17149]

S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [2008-6-30 186368]

S3 NETGEAR NETGEAR_MA101_USB_Adapter®;NETGEAR NETGEAR_MA101_USB_Adapter® Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma1012kr.sys [2008-6-21 93312]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]

S3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rnd.sys --> c:\windows\system32\drivers\ma101rnd.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

.

=============== Created Last 30 ================

.

2011-05-16 10:51:49 216 ---ha-w- C:\aaw7boot.cmd

2011-05-15 21:13:47 -------- d-----w- C:\New Folder

2011-05-14 10:49:45 -------- d-----w- c:\windows\system32\LogFiles

2011-05-13 13:13:30 -------- d-----w- C:\AV shortcuts

2011-05-13 13:04:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-13 12:49:56 -------- d-----w- c:\program files\Lavasoft

2011-05-12 13:18:13 -------- d-----w- c:\windows\7GOV3AIQX5DKS08F

2011-05-12 13:11:42 134464 ----a-w- c:\windows\system32\LnkProtect.dll

2011-05-12 13:10:14 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-05-12 13:02:00 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-12 13:01:59 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-05-12 13:00:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-05-12 11:53:57 -------- d-----w- c:\windows\5KR4IW9N0FT7V3BJ

2011-05-12 11:36:15 98816 ----a-w- c:\windows\sed.exe

2011-05-12 11:36:15 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 11:36:15 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 11:36:15 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 06:58:08 -------- d-----w- c:\windows\CLU2BKT18GOV3BIQ

2011-05-11 12:48:54 -------- d-----w- c:\windows\2BJRY6EMU1AJRZ7F

2011-05-11 11:51:25 -------- d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com

2011-05-11 11:51:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-05-11 11:50:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-11 10:57:05 -------- d-----w- c:\windows\U3BJRZ6ELU3BIQY6

2011-05-11 08:10:18 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes

2011-05-11 08:09:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-11 08:09:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-11 08:09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-11 05:55:02 -------- d-----w- c:\windows\Y6EMT19HPW4CKRZ7

2011-05-05 18:02:42 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-05 18:02:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-05 18:02:42 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-05 18:02:42 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-05 18:02:42 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-05 18:02:41 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-05 18:02:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-05 18:02:40 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-04 07:20:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-05-02 10:17:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-02 10:17:48 40112 ----a-w- c:\windows\avastSS.scr

2011-05-02 09:11:48 -------- d-----w- c:\program files\COMODO

2011-05-02 09:10:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2011-05-02 08:36:56 -------- d-----w- C:\Desktop Cleanup

2011-05-02 08:28:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2011-04-30 10:05:26 -------- d-----w- c:\docume~1\compaq~1\applic~1\fltk.org

.

==================== Find3M ====================

.

2011-05-05 08:51:28 284744 ----a-w- c:\windows\system32\guard32.dll

.

============= FINISH: 16:24:23.56 ===============

Attach.txt:

----------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/25/2008 10:50:18 AM

System Uptime: 5/17/2011 4:12:32 PM (0 hours ago)

.

Motherboard: ASUSTek Computer INC. | | Amberine M

Processor: AMD Athlon 64 Processor 3700+ | Socket 939 | 2188/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 225 GiB total, 24.929 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 0.437 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {85B5DDD0-E090-4B15-BDF2-A443A3CA0B66}

Description: ATITool Driver

Device ID: ROOT\*ATITOOLDEVICE\0000

Manufacturer: W1zzard

Name: ATITool Driver

PNP Device ID: ROOT\*ATITOOLDEVICE\0000

Service: ATITool

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Asynchronous Virus Monitor

Device ID: ROOT\LEGACY_AAVMKER4\0000

Manufacturer:

Name: avast! Asynchronous Virus Monitor

PNP Device ID: ROOT\LEGACY_AAVMKER4\0000

Service: Aavmker4

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: COMODO Internet Security Helper Driver

Device ID: ROOT\LEGACY_CMDHLP\0000

Manufacturer:

Name: COMODO Internet Security Helper Driver

PNP Device ID: ROOT\LEGACY_CMDHLP\0000

Service: cmdHlp

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: COMODO Internet Security Firewall Driver

Device ID: ROOT\LEGACY_INSPECT\0000

Manufacturer:

Name: COMODO Internet Security Firewall Driver

PNP Device ID: ROOT\LEGACY_INSPECT\0000

Service: Inspect

.

==== System Restore Points ===================

.

RP1: 5/16/2011 5:50:56 AM - System Checkpoint

RP2: 5/16/2011 5:51:46 AM - Ad-Aware Checkpoint

RP3: 5/17/2011 5:55:05 AM - System Checkpoint

RP4: 5/17/2011 3:49:09 PM - Removed Ad-Aware

.

==== Hosts File Hijack ======================

.

Hosts: 38.113.174.32 view.atdmt.com

Hosts: 38.113.174.32 delb.myspace.com

Hosts: 72.167.163.234 www.google-analytics.com

Hosts: 38.113.174.32 dehp.myspace.com

Hosts: 38.113.174.32 debr.myspace.com

Hosts: 72.167.163.234 ads1.msn.com

Hosts: 72.167.163.234 pagead.googlesyndication.com

Hosts: 38.113.174.32 demr.myspace.com

Hosts: 38.113.174.32 desk.myspace.com

Hosts: 72.167.163.234 pagead2.googlesyndication.com

Hosts: 38.113.174.32 delb2.myspace.com

Hosts: 208.109.233.197 themis.geocities.yahoo.com

.

==== Installed Programs ======================

.

3D Cloth & Particles Expansion Pack

3D Object Converter for Windows 4.40

Acrobat.com

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.3

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Advanced Terrain Expansion Pack

Agere Systems PCI-SV92PP Soft Modem

Aglare DVD to AVI WMV MP4 MPEG Converter 6.7

Allegorithmic MaPZone2.Free

AnyDVD

Apple Software Update

ATI Display Driver

ATITool Overclocking Utility

Audacity 1.3.5 (Unicode)

Autodesk 3ds Max 2009 32-bit

Autodesk Backburner 2008.1

Autodesk Mudbox 2011 32-bit

Autodesk Softimage 2011 32-bit

avast! Free Antivirus

Benge's Animated Sprite Pack For FPS Creator

BlueGUI 2

BufferChm

CamStudio

Canon CanoScan Toolbox 4.1

cFosSpeed v4.22

CharacterFX (remove only)

CloneDVD2

COMODO Internet Security

Compaq Multimedia Keyboard Software

Cool MP4 To WMV Converter 1.0

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

CubeMapGen v1.1

CueTour

Dark AI Expansion Pack

Dark Basic Professional

Dark Lights Expansion Pack

Dark Shader

Dark Shader Runtime

DarkNet Expansion Pack

DarkSOURCE

DarkTree 2.50

DDS Thumbnail Viewer

Destinations

Dev-C++ 5 beta 9 release (4.9.9.2)

DeviceManagementQFolder

DISCover

Dream Video Converter Ultimate 3.8

EarthSculptor 1.05

Enhanced Animations Expansion Pack

Enhancements Expansion Pack

Extends

EZRotate Expansion Pack

FaceGen Modeller 3.1

FBX Plugin 2009.0 for Max 2009

Firewire Family

FLAV FLV to MP4 Converter 2.58.15

fragMOTION 1.0.0

Fraps (remove only)

Free Download Manager 3.0

FreeBASIC 0.20.0b

FullDPAppQFolder

Fx WMV Indexer

Genetica 3.5

GIMP 2.6.11

Guitar Pro 6

High Definition Audio Driver Package - KB888111

HijackThis 1.99.1

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB971276-v3)

HP Boot Optimizer

HP DigitalMedia Archive

HP DVD Play 1.0

HP Imaging Device Functions 6.0

HP Photosmart Premier Software 6.0

HP Software Update

HP Support Overview

HpSdpAppCoreApp

InstantShareDevices

J2SE Runtime Environment 5.0 Update 5

Java 6 Update 17

LightScribe 1.4.62.1

LimeWire 5.3.6

LuaEdit 3.0.2a

MA101 USB Adapter Configuration Utility

Macromedia Flash Player 8

Magic Particles 1.61

Magicbit DVD Ripper Deluxe

Malwarebytes' Anti-Malware

Map Scape 1.0

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Away Mode

Microsoft National Language Support Downlevel APIs

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Samples

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft Works

MilkShape 3D 1.8.4

Mozilla Firefox 4.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

NETGEAR WG111v3 wireless USB 2.0 adapter

Netscape Browser (remove only)

Newsletter Tutorial - More Intelligent AI

Newsletter Tutorial - Vertex Manipulation

nHancer

NVIDIA Drivers

NVIDIA nTune

NVIDIA nView Desktop Manager

NVIDIA Photoshop Plug-ins

NVIDIA PhysX

NVIDIA PhysX Unreal Tournament 3 Mods

NVIDIA System Monitor

OJOsoft Total Video Converter

OMP Index Reference Increment

OpenAL

Opera 10.61

OptionalContentQFolder

Orca

PC-Doctor 5 for Windows

PD Particles

PDF Settings

PeoplePC Online

PhotoGallery

PixPlant 2.0.43

PowerISO

PS2

PureBasic 4.30 (32 bit)

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

QuickTime

RandMap

RealPlayer

RunAlyzer

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

SFVManager

ShaderMap Pro 1.3.1

SkinsHP1

SOFTIMAGE CROSSWALK 2.6

SOFTIMAGE License Server 1.1.11.1502

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sonic_PrimoSDK

Sothink Movie DVD Maker

SpeechRedist

Spybot - Search & Destroy

Sql Server Customer Experience Improvement Program

SQL Server System CLR Types

Stellarium 0.10.5

SUPERAntiSpyware

Terragen 2 Deep Edition

Texture Maker 3.03

Treeparty Dark Basic Pro - Dark GDK Demo 1.00

Ultimate Unwrap3D 2.15

Unload

Unreal Tournament 3

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB953356)

Update Rollup 2 for Windows XP Media Center Edition 2005

Video Edit Magic 4

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Media Encoder 9 Series

Windows Media Format Runtime

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB883667

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB892050

Windows XP Hotfix - KB893066

Windows XP Media Center Edition 2005 KB908250

WinRAR archiver

xNormal 3.17.3

XP Codec Pack

Xvid 1.1.3 final uninstall

XYZ RGB Texture Package

.

==== Event Viewer Messages From Past Week ========

.

5/17/2011 4:21:09 PM, error: Service Control Manager [7022] - The Java Quick Starter service hung on starting.

5/17/2011 4:19:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the helpsvc service.

5/17/2011 4:19:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Scheduler Service service to connect.

5/17/2011 4:19:29 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/17/2011 4:19:29 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/15/2011 5:00:29 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

5/13/2011 7:12:57 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 ae74ec6b, parameter3 b84ef638, parameter4 b84ef334.

5/13/2011 7:12:18 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 e1f02687, parameter3 e1f02e97, parameter4 0d020500.

5/13/2011 6:31:35 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

5/13/2011 5:53:23 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.

5/13/2011 5:00:15 AM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.

5/13/2011 4:51:58 AM, error: Service Control Manager [7000] - The avast! Network Shield Support service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/13/2011 4:51:50 AM, error: Service Control Manager [7000] - The avast! Asynchronous Virus Monitor service failed to start due to the following error: The system cannot find the file specified.

5/13/2011 4:50:57 AM, error: Service Control Manager [7022] - The Media Center Scheduler Service service hung on starting.

5/13/2011 4:49:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Receiver Service service to connect.

5/13/2011 4:49:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.

5/13/2011 4:49:26 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/13/2011 1:45:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Autodesk Licensing Service service to connect.

5/13/2011 1:45:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ARSVC service to connect.

5/13/2011 1:45:07 AM, error: Service Control Manager [7000] - The Autodesk Licensing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/13/2011 1:45:07 AM, error: Service Control Manager [7000] - The ARSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/12/2011 8:56:28 AM, error: Service Control Manager [7034] - The nHancer Support service terminated unexpectedly. It has done this 1 time(s).

5/12/2011 8:56:24 AM, error: Service Control Manager [7034] - The nTune Service service terminated unexpectedly. It has done this 1 time(s).

5/12/2011 6:36:14 AM, error: SRService [104] - The System Restore initialization process failed.

5/12/2011 6:36:14 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

5/12/2011 2:31:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi cmdGuard ElbyCDIO Fips SASDIFSV SASKUTIL SCDEmu sptd

5/12/2011 2:30:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/12/2011 2:30:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/12/2011 2:29:58 AM, error: sptd [4] - Driver detected an internal error in its data structures for .

5/11/2011 6:34:22 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

5/11/2011 5:58:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

5/11/2011 5:57:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde

5/11/2011 5:57:44 AM, error: Service Control Manager [7000] - The HDD & SSD access service service failed to start due to the following error: The system cannot find the path specified.

5/11/2011 2:16:42 AM, error: Service Control Manager [7034] - The ARSVC service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 2:16:37 AM, error: Service Control Manager [7034] - The SPM License Server service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 2:16:31 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 2:16:29 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 2:15:41 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/11/2011 2:15:39 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 2:15:33 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/11/2011 2:03:31 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/11/2011 12:56:59 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 12:55:31 AM, error: Service Control Manager [7034] - The mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit service terminated unexpectedly. It has done this 1 time(s).

5/11/2011 12:55:31 AM, error: Service Control Manager [7022] - The Workstation service hung on starting.

5/11/2011 12:55:31 AM, error: Service Control Manager [7022] - The Windows Audio service hung on starting.

5/11/2011 12:55:31 AM, error: Service Control Manager [7022] - The Task Scheduler service hung on starting.

5/11/2011 12:55:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.

5/11/2011 12:55:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.

5/11/2011 12:55:31 AM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/11/2011 12:55:31 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/11/2011 1:04:31 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/11/2011 1:03:24 AM, error: Service Control Manager [7034] - The Autodesk Licensing Service service terminated unexpectedly. It has done this 1 time(s).

5/10/2011 4:32:28 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

5/10/2011 4:31:58 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

5/10/2011 2:22:53 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

5/10/2011 2:22:26 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

I am running the malwarebytes scan now, do you want to see the log file?

Link to post
Share on other sites

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ok, I ran combofix but it did not detect the Microsoft Windows Recovery Console (even though it came pre-installed on my machine). It said that it had detected rootkit activity and prompted me to restart. Since it didn't find the recovery console does that mean that it didn't fix anything? I am going to assume that It did fix something, because google seems to work again, but I am waiting to see if the audio ads are still there.

Here is the Log:

---------------------------------

ComboFix 11-05-17.03 - Compaq_Administrator 05/18/2011 20:20:31.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1581 [GMT -5:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))

.

.

2011-05-16 10:51 . 2011-05-16 10:51 216 ---ha-w- C:\aaw7boot.cmd

2011-05-15 21:13 . 2011-05-15 21:24 -------- d-----w- C:\New Folder

2011-05-14 10:49 . 2011-05-14 10:49 -------- d-----w- c:\windows\system32\LogFiles

2011-05-13 13:13 . 2011-05-13 13:14 -------- d-----w- C:\AV shortcuts

2011-05-13 13:04 . 2011-05-13 13:04 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-13 12:49 . 2011-05-13 12:49 -------- d-----w- c:\program files\Lavasoft

2011-05-13 12:49 . 2011-05-17 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-05-12 13:18 . 2011-05-12 13:18 -------- d-----w- c:\windows\7GOV3AIQX5DKS08F

2011-05-12 13:11 . 2011-05-12 13:11 134464 ----a-w- c:\windows\system32\LnkProtect.dll

2011-05-12 13:10 . 2011-05-12 13:10 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-05-12 13:02 . 2011-05-13 22:43 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-12 13:01 . 2011-05-12 13:01 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-05-12 13:00 . 2011-05-12 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-05-12 11:53 . 2011-05-12 11:53 -------- d-----w- c:\windows\5KR4IW9N0FT7V3BJ

2011-05-12 06:58 . 2011-05-12 06:58 -------- d-----w- c:\windows\CLU2BKT18GOV3BIQ

2011-05-11 12:48 . 2011-05-11 12:48 -------- d-----w- c:\windows\2BJRY6EMU1AJRZ7F

2011-05-11 11:51 . 2011-05-11 11:51 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com

2011-05-11 11:51 . 2011-05-11 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-11 11:50 . 2011-05-11 11:51 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-11 10:57 . 2011-05-11 10:57 -------- d-----w- c:\windows\U3BJRZ6ELU3BIQY6

2011-05-11 08:10 . 2011-05-11 08:10 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2011-05-11 08:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-11 08:09 . 2011-05-11 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-11 08:09 . 2011-05-11 08:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-11 05:55 . 2011-05-11 05:55 -------- d-----w- c:\windows\Y6EMT19HPW4CKRZ7

2011-05-05 18:02 . 2011-05-05 18:02 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-05 18:02 . 2011-05-05 18:02 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-05 18:02 . 2011-05-05 18:02 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-05 18:02 . 2011-05-05 18:02 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-05 18:02 . 2011-05-05 18:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-05 18:02 . 2011-05-05 18:02 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-05 18:02 . 2011-05-05 18:02 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-05 18:02 . 2011-05-05 18:02 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-04 07:20 . 2011-05-04 07:20 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-05-02 10:17 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-02 10:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr

2011-05-02 09:11 . 2011-05-02 09:11 -------- d-----w- c:\program files\COMODO

2011-05-02 09:10 . 2011-05-07 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2011-05-02 08:36 . 2011-05-02 08:39 -------- d-----w- C:\Desktop Cleanup

2011-05-02 08:29 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-02 08:29 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-02 08:29 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-02 08:29 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-02 08:29 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-02 08:29 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-02 08:29 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-02 08:28 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-02 08:28 . 2011-05-02 08:28 -------- d-----w- c:\program files\Alwil Software

2011-05-02 08:28 . 2011-05-02 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2011-04-30 10:05 . 2011-04-30 10:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\fltk.org

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-11 07:25 . 2011-01-06 22:37 97504 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-05 08:51 . 2010-12-29 06:42 284744 ----a-w- c:\windows\system32\guard32.dll

2011-05-05 08:51 . 2011-01-06 22:37 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-05 08:51 . 2011-01-06 22:37 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-05 08:51 . 2011-01-06 22:37 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-05 18:02 . 2011-05-05 18:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-12_12.01.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-19 01:12 . 2011-05-19 01:12 16384 c:\windows\temp\Perflib_Perfdata_704.dat

+ 2011-05-19 01:12 . 2011-05-19 01:12 16384 c:\windows\temp\Perflib_Perfdata_3e0.dat

+ 2011-05-13 13:02 . 2011-05-16 10:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2005-08-30 20:51 . 2011-05-16 10:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-08-30 20:51 . 2011-05-10 06:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-05-13 13:02 . 2011-05-16 10:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2005-08-30 20:51 . 2011-05-10 06:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-14 27136]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA101 Configuration Utility .lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MA101 Configuration Utility .lnk

backup=c:\windows\pss\MA101 Configuration Utility .lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk

backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire Ultra Accelerator.lnk]

path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire Ultra Accelerator.lnk

backup=c:\windows\pss\LimeWire Ultra Accelerator.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2007-03-01 04:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]

2005-08-03 07:19 77312 ------w- c:\windows\arpwrmsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2009-04-10 13:04 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]

2005-07-25 19:17 20480 ------w- c:\program files\PeoplePC\ISP6200\Bin\PPCOLink.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]

2008-06-25 15:32 867544 ----a-r- c:\program files\cFosSpeed\cfosspeed.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]

2011-05-11 07:24 2552648 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-10 04:00 15360 ------w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]

2005-11-12 04:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]

2005-11-12 04:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]

2005-11-01 17:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 14:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-11-10 00:29 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]

2007-10-24 19:37 245760 ----a-w- c:\windows\system32\mafwTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 23:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nHancer]

2010-05-02 22:29 1385472 ----a-w- c:\program files\nHancer\nHancer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-08-17 08:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-08-17 08:03 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-06-10 13:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

2005-11-01 02:47 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2005-07-23 06:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-12-13 05:51 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-02-15 02:35 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

"VideoAcceleratorService"=2 (0x2)

"PinnacleUpdateSvc"=2 (0x2)

"MSSQL$SQLEXPRESS"=2 (0x2)

"cFosSpeedS"=2 (0x2)

"SQLWriter"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 5:17 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2011 3:29 AM 307928]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 242472]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2011 3:29 AM 19544]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 29400]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]

S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programming\3DS MAX 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]

S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [6/21/2008 5:44 AM 17149]

S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [6/30/2008 10:59 PM 186368]

S3 NETGEAR NETGEAR_MA101_USB_Adapter®;NETGEAR NETGEAR_MA101_USB_Adapter® Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma1012kr.sys [6/21/2008 5:37 AM 93312]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]

S3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\DRIVERS\ma101rnd.sys --> c:\windows\system32\DRIVERS\ma101rnd.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/14/2010 8:23 AM 697328]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{D4195F3D-C51E-4215-A814-9123F7FDD72B}

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop

uInternet Settings,ProxyOverride = <local>

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

IE: Download with USDownloader - c:\new downloads\New Folder (2)\Ext\downloadie.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: trymedia.com

TCP: {D3735A09-FE33-4B60-A634-03169DF14EA9} = 156.154.70.22,156.154.71.22

TCP: {ED7C799B-266C-4FCC-B417-CE8C5238DBB1} = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\rnq5iga2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 4

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-18 20:38

Windows 5.1.2600 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3407755496-1751749413-3371979630-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ca,f0,b4,1d,37,6b,bd,5b,a6,26,61,3b,cc,d0,34,09,bb,fe,e0,d4,99,e9,48,

5e,20,2c,f3,c2,85,3e,fd,d2,74,f4,19,9a,30,55,01,b6,7d,36,67,28,82,b1,9f,1f,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

[HKEY_LOCAL_MACHINE\software\NETGEAR\MA101 USB Adapter Configuration Utility]

@DACL=(02 0000)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1240)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(1296)

c:\windows\system32\guard32.dll

.

Completion time: 2011-05-18 20:45:13

ComboFix-quarantined-files.txt 2011-05-19 01:45

ComboFix2.txt 2011-05-12 12:16

.

Pre-Run: 26,617,171,968 bytes free

Post-Run: 27,022,151,680 bytes free

.

- - End Of File - - 82073569DD9CA314B8222E40C2CD96F8

Link to post
Share on other sites

Do you know what these folders are?

Looks like they were all created 2011-05-11 / 05-12

c:\windows\7GOV3AIQX5DKS08F

c:\windows\5KR4IW9N0FT7V3BJ

c:\windows\CLU2BKT18GOV3BIQ

c:\windows\2BJRY6EMU1AJRZ7F

c:\windows\U3BJRZ6ELU3BIQY6

c:\windows\Y6EMT19HPW4CKRZ7

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\windows\7GOV3AIQX5DKS08F
c:\windows\5KR4IW9N0FT7V3BJ
c:\windows\CLU2BKT18GOV3BIQ
c:\windows\2BJRY6EMU1AJRZ7F
c:\windows\U3BJRZ6ELU3BIQY6
c:\windows\Y6EMT19HPW4CKRZ7

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ok, here is the log:

---------------------------------

ComboFix 11-05-17.03 - Compaq_Administrator 05/19/2011 10:13:28.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1480 [GMT -5:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\2BJRY6EMU1AJRZ7F

c:\windows\5KR4IW9N0FT7V3BJ

c:\windows\7GOV3AIQX5DKS08F

c:\windows\CLU2BKT18GOV3BIQ

c:\windows\U3BJRZ6ELU3BIQY6

c:\windows\Y6EMT19HPW4CKRZ7

.

.

((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))

.

.

2011-05-16 10:51 . 2011-05-16 10:51 216 ---ha-w- C:\aaw7boot.cmd

2011-05-15 21:13 . 2011-05-15 21:24 -------- d-----w- C:\New Folder

2011-05-14 10:49 . 2011-05-14 10:49 -------- d-----w- c:\windows\system32\LogFiles

2011-05-13 13:13 . 2011-05-13 13:14 -------- d-----w- C:\AV shortcuts

2011-05-13 13:04 . 2011-05-13 13:04 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-13 12:49 . 2011-05-13 12:49 -------- d-----w- c:\program files\Lavasoft

2011-05-13 12:49 . 2011-05-17 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-05-12 13:11 . 2011-05-12 13:11 134464 ----a-w- c:\windows\system32\LnkProtect.dll

2011-05-12 13:10 . 2011-05-12 13:10 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-05-12 13:02 . 2011-05-13 22:43 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-12 13:01 . 2011-05-12 13:01 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-05-12 13:00 . 2011-05-12 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-05-11 11:51 . 2011-05-11 11:51 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com

2011-05-11 11:51 . 2011-05-11 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-11 11:50 . 2011-05-11 11:51 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-11 08:10 . 2011-05-11 08:10 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2011-05-11 08:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-11 08:09 . 2011-05-11 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-11 08:09 . 2011-05-11 08:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-05 18:02 . 2011-05-05 18:02 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-05 18:02 . 2011-05-05 18:02 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-05 18:02 . 2011-05-05 18:02 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-05 18:02 . 2011-05-05 18:02 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-05 18:02 . 2011-05-05 18:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-05 18:02 . 2011-05-05 18:02 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-05 18:02 . 2011-05-05 18:02 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-05 18:02 . 2011-05-05 18:02 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-04 07:20 . 2011-05-04 07:20 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-05-02 10:17 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-02 10:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr

2011-05-02 09:11 . 2011-05-02 09:11 -------- d-----w- c:\program files\COMODO

2011-05-02 09:10 . 2011-05-07 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2011-05-02 08:36 . 2011-05-02 08:39 -------- d-----w- C:\Desktop Cleanup

2011-05-02 08:29 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-02 08:29 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-02 08:29 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-02 08:29 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-02 08:29 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-02 08:29 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-02 08:29 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-02 08:28 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-02 08:28 . 2011-05-02 08:28 -------- d-----w- c:\program files\Alwil Software

2011-05-02 08:28 . 2011-05-02 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2011-04-30 10:05 . 2011-04-30 10:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\fltk.org

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-11 07:25 . 2011-01-06 22:37 97504 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-05 08:51 . 2010-12-29 06:42 284744 ----a-w- c:\windows\system32\guard32.dll

2011-05-05 08:51 . 2011-01-06 22:37 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-05 08:51 . 2011-01-06 22:37 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-05 08:51 . 2011-01-06 22:37 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-05 18:02 . 2011-05-05 18:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-14 27136]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA101 Configuration Utility .lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MA101 Configuration Utility .lnk

backup=c:\windows\pss\MA101 Configuration Utility .lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk

backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire Ultra Accelerator.lnk]

path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire Ultra Accelerator.lnk

backup=c:\windows\pss\LimeWire Ultra Accelerator.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2007-03-01 04:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]

2005-08-03 07:19 77312 ------w- c:\windows\arpwrmsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2009-04-10 13:04 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]

2005-07-25 19:17 20480 ------w- c:\program files\PeoplePC\ISP6200\Bin\PPCOLink.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]

2008-06-25 15:32 867544 ----a-r- c:\program files\cFosSpeed\cfosspeed.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]

2011-05-11 07:24 2552648 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-10 04:00 15360 ------w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]

2005-11-12 04:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]

2005-11-12 04:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]

2005-11-01 17:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 14:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-11-10 00:29 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]

2007-10-24 19:37 245760 ----a-w- c:\windows\system32\mafwTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 23:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nHancer]

2010-05-02 22:29 1385472 ----a-w- c:\program files\nHancer\nHancer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-08-17 08:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-08-17 08:03 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-06-10 13:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

2005-11-01 02:47 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2005-07-23 06:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-12-13 05:51 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-02-15 02:35 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

"VideoAcceleratorService"=2 (0x2)

"PinnacleUpdateSvc"=2 (0x2)

"MSSQL$SQLEXPRESS"=2 (0x2)

"cFosSpeedS"=2 (0x2)

"SQLWriter"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 5:17 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2011 3:29 AM 307928]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 242472]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2011 3:29 AM 19544]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programming\3DS MAX 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 29400]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]

S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [6/21/2008 5:44 AM 17149]

S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [6/30/2008 10:59 PM 186368]

S3 NETGEAR NETGEAR_MA101_USB_Adapter®;NETGEAR NETGEAR_MA101_USB_Adapter® Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma1012kr.sys [6/21/2008 5:37 AM 93312]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]

S3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\DRIVERS\ma101rnd.sys --> c:\windows\system32\DRIVERS\ma101rnd.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/14/2010 8:23 AM 697328]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{D4195F3D-C51E-4215-A814-9123F7FDD72B}

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop

uInternet Settings,ProxyOverride = <local>

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

IE: Download with USDownloader - c:\new downloads\New Folder (2)\Ext\downloadie.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: trymedia.com

TCP: {D3735A09-FE33-4B60-A634-03169DF14EA9} = 156.154.70.22,156.154.71.22

TCP: {ED7C799B-266C-4FCC-B417-CE8C5238DBB1} = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\rnq5iga2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 4

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-19 10:34

Windows 5.1.2600 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3407755496-1751749413-3371979630-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ca,f0,b4,1d,37,6b,bd,5b,a6,26,61,3b,cc,d0,34,09,bb,fe,e0,d4,99,e9,48,

5e,20,2c,f3,c2,85,3e,fd,d2,74,f4,19,9a,30,55,01,b6,7d,36,67,28,82,b1,9f,1f,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

[HKEY_LOCAL_MACHINE\software\NETGEAR\MA101 USB Adapter Configuration Utility]

@DACL=(02 0000)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1232)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(1292)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(2524)

c:\windows\system32\guard32.dll

c:\windows\system32\msi.dll

c:\windows\system32\LnkProtect.dll

c:\windows\IME\SPGRMR.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\arservice.exe

c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\nHancer\nHancerService.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\spm\spmdib.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-05-19 10:43:33 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-19 15:43

ComboFix2.txt 2011-05-12 12:16

.

Pre-Run: 25,560,731,648 bytes free

Post-Run: 25,558,409,216 bytes free

.

- - End Of File - - 3B0C97C6B8C86CFD1A86EABF0AE874EA

Is it normal for ComboFix to not detect the presence of the Recovery console?

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.