Jump to content

PC Cleaners - scareware


Recommended Posts

Hi and thanks for any help i get.

Recently whilst sorting out a problem on my PC i accidentally installed a program called "PC Cleaner V10.0" which turned out to be scareware claiming that i'd got all sorts of infections. Mbam, Spybot S&D and SUPERAntispyware all had clean sweeps. I managed to get rid of the program (i think) but it has left Windows XP Windows Security Centre telling me that i haven't got any Antivirus or Firewall protection. I have got protection, i have AVG and ZoneAlarm and the Security Centre used to detect this but now doesn't. To be safe i have come here.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by SnowBum at 15:56:56 on 2011-08-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.312 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\AutoLaunch.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

svchost.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\Folding@home-Win32-x86.exe

C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\Folding@home-Win32-x86.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\FahCore_a4.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\FahCore_a4.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyServer = 169.354.20.77:80

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

mRun: [skyTel] SkyTel.EXE

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

mExplorerRun: [application] c:\program files\akprog\AKProg.exe hs

StartupFolder: c:\docume~1\snowbum\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv6.lnk - c:\program files\avertv hybrid + fm pci\AVerQT.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: Add to AMV/AVI Video Converter... - c:\program files\media player utilities 4.25\amvconverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {3F7C5588-6763-4791-8B8B-D73B08396DE9} - c:\program files\ie_picture_downloader\picsaver.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200858399218

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3DF85D17-F1D1-4CDC-9B82-321DD3EF5EE0} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\snowbum\application data\mozilla\firefox\profiles\38tbjp91.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-29 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-28 532224]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-21 328536]

R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [2008-9-25 106496]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 Folding@home-CPU-[1];Folding@home-CPU-[1];c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 1" -local --> c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 1 [?]

R2 Folding@home-CPU-[2];Folding@home-CPU-[2];c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 2" -local --> c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 2 [?]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [2005-8-22 512384]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]

S2 gupdate1ca04b8b699b260;Google Update Service (gupdate1ca04b8b699b260);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-6-20 29184]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2008-9-25 9760]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-31 16640]

S3 XDva317;XDva317;\??\c:\windows\system32\xdva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

.

=============== Created Last 30 ================

.

2011-08-22 21:06:16 -------- d-----w- c:\program files\GiPo@Utilities

2011-08-21 20:24:40 -------- d-----w- c:\documents and settings\snowbum\application data\PC Cleaners

2011-08-21 20:24:32 5366032 ----a-w- c:\windows\uninst.exe

2011-08-21 20:24:31 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2011-08-21 20:13:00 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-21 19:31:35 -------- d-----w- c:\windows\pss

2011-08-21 11:50:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-10 13:46:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 13:45:28 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-05 12:25:05 225280 ----a-w- c:\windows\system32\nvrszhc.dll

2011-08-05 12:25:05 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2011-08-05 12:25:05 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2011-08-05 12:25:05 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-08-05 12:25:04 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2011-08-05 12:25:04 290816 ----a-w- c:\windows\system32\nvwrsth.dll

2011-08-05 12:25:04 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-08-05 12:25:04 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-08-05 12:24:53 442368 ----a-w- c:\windows\system32\nvappbar.exe

2011-08-05 12:24:53 425984 ----a-w- c:\windows\system32\keystone.exe

2011-08-05 12:24:53 147456 ----a-w- c:\windows\system32\nvcolor.exe

2011-08-05 12:24:53 -------- d-----w- c:\windows\nview

2011-08-05 12:24:52 356352 ----a-w- c:\windows\system32\nvudisp.exe

2011-08-04 22:53:47 356352 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-07-28 10:34:51 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts

2011-07-28 10:34:51 -------- d-----w- c:\documents and settings\all users\application data\EA Core

.

==================== Find3M ====================

.

2011-08-21 11:28:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:57:56.03 ===============

mbam-log-2011-08-23 (15-44-59).zip

attach.zip

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi, been away for the holiday weekend

MBAM log:-

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7606

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29/08/2011 19:17:43

mbam-log-2011-08-29 (19-17-43).txt

Scan type: Quick scan

Objects scanned: 180982

Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Combofix log:-

ComboFix 11-08-29.03 - SnowBum 29/08/2011 19:59:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.291 [GMT 1:00]

Running from: c:\documents and settings\SnowBum\Desktop\Infection clearup\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\CrashLog_20100910.txt

c:\cflog\CrashLog_20101015.txt

c:\cflog\CrashLog_20110704.txt

c:\documents and settings\All Users\Application Data\xml2.tmp

c:\documents and settings\All Users\Application Data\xml3.tmp

c:\documents and settings\All Users\Application Data\xml4.tmp

c:\documents and settings\All Users\Application Data\xmlEA.tmp

c:\documents and settings\All Users\Application Data\xmlEB.tmp

c:\documents and settings\All Users\Application Data\xmlEC.tmp

c:\documents and settings\SnowBum\(null)id.tmp

c:\documents and settings\SnowBum\Application Data\inst.exe

c:\documents and settings\SnowBum\Cookies\snowbum@managerzone.agame[2].txt

c:\documents and settings\SnowBum\Start Menu\Internet Explorer.lnk

c:\documents and settings\SnowBum\WINDOWS

c:\program files\Internet Explorer\SET322.tmp

c:\program files\Internet Explorer\SET323.tmp

c:\program files\messenger\msmsgsin.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Security

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))

.

.

2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-08-22 21:06 . 2011-08-22 21:06 -------- d-----w- c:\program files\GiPo@Utilities

2011-08-22 13:30 . 2011-08-22 13:31 -------- d-----w- c:\documents and settings\Administrator

2011-08-21 20:24 . 2011-08-21 20:24 -------- d-----w- c:\documents and settings\SnowBum\Application Data\PC Cleaners

2011-08-21 20:24 . 2011-08-21 20:22 5366032 ----a-w- c:\windows\uninst.exe

2011-08-21 20:24 . 2011-08-21 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data

2011-08-21 20:13 . 2011-08-22 21:13 -------- d-----w- c:\windows\system32\wbem\Repository\FS

2011-08-21 11:50 . 2011-08-21 11:50 -------- d-----w- c:\program files\Common Files\Java

2011-08-21 11:50 . 2011-05-04 01:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-10 13:46 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 13:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-05 12:25 . 2007-12-05 05:41 225280 ----a-w- c:\windows\system32\nvrszhc.dll

2011-08-05 12:25 . 2007-12-05 05:41 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2011-08-05 12:25 . 2007-12-05 05:41 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2011-08-05 12:25 . 2007-12-05 05:41 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-08-05 12:25 . 2007-12-05 05:41 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2011-08-05 12:25 . 2007-12-05 05:41 290816 ----a-w- c:\windows\system32\nvwrsth.dll

2011-08-05 12:25 . 2007-12-05 05:41 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-08-05 12:25 . 2007-12-05 05:41 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-08-05 12:24 . 2011-08-05 12:24 -------- d-----w- c:\windows\nview

2011-08-05 12:24 . 2007-12-05 05:41 442368 ----a-w- c:\windows\system32\nvappbar.exe

2011-08-05 12:24 . 2007-12-05 05:41 425984 ----a-w- c:\windows\system32\keystone.exe

2011-08-05 12:24 . 2007-12-05 05:41 147456 ----a-w- c:\windows\system32\nvcolor.exe

2011-08-05 12:24 . 2007-12-05 05:41 356352 ----a-w- c:\windows\system32\nvudisp.exe

2011-08-04 22:53 . 2007-12-05 01:53 356352 ----a-w- c:\windows\system32\NVUNINST.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-21 11:28 . 2011-06-03 12:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2002-08-29 01:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52 . 2010-05-29 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2010-05-29 18:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2008-01-20 19:16 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2006-06-23 11:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2002-08-29 03:41 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 18:36 . 2002-08-29 03:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2002-08-29 03:41 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02 . 2002-08-29 02:14 1858944 ----a-w- c:\windows\system32\win32k.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\ole32.dll

[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\ole32.dll

[-] 2002-08-29 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB902400_0$\ole32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\SnowBum\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\xfire.exe [2011-8-26 3510680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

QuickTV6.lnk - c:\program files\AVerTV Hybrid + FM PCI\AVerQT.exe [2005-7-19 507904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=

"c:\\Documents and Settings\\SnowBum\\Desktop\\utorrent.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Nova Games\\DFX2\\dfx2.exe"=

"e:\\Nova Games\\DFX2\\UPDATE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\kos_snowbum\\counter-strike\\hl.exe"=

"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=

"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56065:TCP"= 56065:TCP:Pando Media Booster

"56065:UDP"= 56065:UDP:Pando Media Booster

"57812:TCP"= 57812:TCP:Pando Media Booster

"57812:UDP"= 57812:UDP:Pando Media Booster

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/08/2008 14:25 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/08/2008 14:25 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [21/08/2011 12:44 328536]

R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [25/09/2008 14:40 106496]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 15:04 308136]

R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [22/08/2005 18:05 512384]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [10/11/2006 14:08 24064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S2 gupdate1ca04b8b699b260;Google Update Service (gupdate1ca04b8b699b260);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2009 20:24 133104]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [20/06/2009 18:03 29184]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2009 20:24 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [25/09/2008 14:40 9760]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2001 13:00 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [31/05/2009 21:11 16640]

S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 06:17 2805000]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/02/2008 19:35 639224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

2011-08-29 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-21 15:40]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 19:24]

.

2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 19:24]

.

2011-08-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyServer = 169.354.20.77:80

IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.25\AMVConverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{3F7C5588-6763-4791-8B8B-D73B08396DE9} - c:\program files\ie_picture_downloader\picsaver.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\SnowBum\Application Data\Mozilla\Firefox\Profiles\38tbjp91.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-nwiz - nwiz.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-29 20:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-706699826-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ef,51,b1,fb,c9,ee,c7,37,aa,1b,d9,1b,be,1a,19,0d,ac,b0,3c,71,ce,81,07,

db,5e,a4,f5,7a,8c,e8,80,5f,5e,d8,96,26,f3,40,d6,ae,a0,7b,c9,90,ed,7c,03,04,\

"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83

.

[HKEY_USERS\S-1-5-21-682003330-706699826-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:70,bb,5c,44,ea,47,c6,6e,bc,0c,3e,67,07,0d,80,7e,d0,02,57,d2,e1,

49,7a,ee,3a,24,50,59,af,ba,3f,c2,ec,0d,6f,b9,8f,45,b6,6a,d0,92,9b,a1,1c,ba,\

"rkeysecu"=hex:85,0a,52,60,34,b1,82,a3,35,91,73,5a,ad,90,86,36

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(888)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(836)

c:\windows\system32\WININET.dll

c:\program files\Xfire\xfire_toucan_44507.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\WgaTray.exe

c:\program files\Folding@home-Win32-x86-623 number 1\Folding@home-Win32-x86.exe

c:\program files\Folding@home-Win32-x86-623 number 2\Folding@home-Win32-x86.exe

c:\program files\Folding@home-Win32-x86-623 number 1\FahCore_a4.exe

c:\program files\Folding@home-Win32-x86-623 number 2\FahCore_a4.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2011-08-29 20:23:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-29 19:23

.

Pre-Run: 93,382,877,184 bytes free

Post-Run: 93,421,772,800 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - D9816A102E7F0C8DC0B4376FB64596E0

DDS log:-

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by SnowBum at 20:43:57 on 2011-08-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.337 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\AutoLaunch.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

svchost.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\Folding@home-Win32-x86.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\Folding@home-Win32-x86.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\FahCore_a4.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\FahCore_a4.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Xfire\xfire.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyServer = 169.354.20.77:80

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

mRun: [skyTel] SkyTel.EXE

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\snowbum\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv6.lnk - c:\program files\avertv hybrid + fm pci\AVerQT.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: Add to AMV/AVI Video Converter... - c:\program files\media player utilities 4.25\amvconverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {3F7C5588-6763-4791-8B8B-D73B08396DE9} - c:\program files\ie_picture_downloader\picsaver.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200858399218

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3DF85D17-F1D1-4CDC-9B82-321DD3EF5EE0} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\snowbum\application data\mozilla\firefox\profiles\38tbjp91.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-29 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-28 532224]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-21 328536]

R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [2008-9-25 106496]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 Folding@home-CPU-[1];Folding@home-CPU-[1];c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 1" -local --> c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 1 [?]

R2 Folding@home-CPU-[2];Folding@home-CPU-[2];c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 2" -local --> c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 2 [?]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [2005-8-22 512384]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca04b8b699b260;Google Update Service (gupdate1ca04b8b699b260);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-6-20 29184]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2008-9-25 9760]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-31 16640]

S3 XDva317;XDva317;\??\c:\windows\system32\xdva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

.

=============== Created Last 30 ================

.

2011-08-29 18:41:56 -------- d-sha-r- C:\cmdcons

2011-08-29 18:30:10 98816 ----a-w- c:\windows\sed.exe

2011-08-29 18:30:10 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 18:30:10 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 18:30:10 208896 ----a-w- c:\windows\MBR.exe

2011-08-26 22:21:30 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-08-22 21:06:16 -------- d-----w- c:\program files\GiPo@Utilities

2011-08-21 20:24:40 -------- d-----w- c:\documents and settings\snowbum\application data\PC Cleaners

2011-08-21 20:24:32 5366032 ----a-w- c:\windows\uninst.exe

2011-08-21 20:24:31 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2011-08-21 20:13:00 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-21 19:31:35 -------- d-----w- c:\windows\pss

2011-08-21 11:50:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-10 13:46:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 13:45:28 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-05 12:25:05 225280 ----a-w- c:\windows\system32\nvrszhc.dll

2011-08-05 12:25:05 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2011-08-05 12:25:05 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2011-08-05 12:25:05 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-08-05 12:25:04 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2011-08-05 12:25:04 290816 ----a-w- c:\windows\system32\nvwrsth.dll

2011-08-05 12:25:04 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-08-05 12:25:04 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-08-05 12:24:53 442368 ----a-w- c:\windows\system32\nvappbar.exe

2011-08-05 12:24:53 425984 ----a-w- c:\windows\system32\keystone.exe

2011-08-05 12:24:53 147456 ----a-w- c:\windows\system32\nvcolor.exe

2011-08-05 12:24:53 -------- d-----w- c:\windows\nview

2011-08-05 12:24:52 356352 ----a-w- c:\windows\system32\nvudisp.exe

2011-08-04 22:53:47 356352 ----a-w- c:\windows\system32\NVUNINST.EXE

.

==================== Find3M ====================

.

2011-08-21 11:28:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:44:35.58 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\ServicePackFiles\i386\ole32.dll | c:\windows\system32\ole32.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Done

ComboFix log

ComboFix 11-09-01.03 - SnowBum 02/09/2011 15:49:40.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.493 [GMT 1:00]

Running from: c:\documents and settings\SnowBum\Desktop\Infection clearup\ComboFix.exe

Command switches used :: c:\documents and settings\SnowBum\Desktop\Infection clearup\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\mfc100deu.dll

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\ole32.dll --> c:\windows\system32\ole32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Security

.

.

((((((((((((((((((((((((( Files Created from 2011-08-02 to 2011-09-02 )))))))))))))))))))))))))))))))

.

.

2011-08-30 13:53 . 2003-12-05 09:46 10368 ------w- c:\windows\system32\drivers\pfc.sys

2011-08-30 13:51 . 2011-08-30 14:08 -------- d-----w- C:\MyWorks

2011-08-30 13:51 . 2004-08-09 22:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2011-08-29 20:54 . 2011-08-29 20:54 -------- d-----w- c:\windows\system32\custom matrices

2011-08-29 20:54 . 2011-08-29 20:54 -------- d-----w- c:\windows\system32\C2MP

2011-08-29 20:54 . 2011-08-29 20:54 -------- d-----w- c:\windows\system32\QuickTime

2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-08-22 21:06 . 2011-08-22 21:06 -------- d-----w- c:\program files\GiPo@Utilities

2011-08-22 13:30 . 2011-08-22 13:31 -------- d-----w- c:\documents and settings\Administrator

2011-08-21 20:24 . 2011-08-21 20:24 -------- d-----w- c:\documents and settings\SnowBum\Application Data\PC Cleaners

2011-08-21 20:24 . 2011-08-21 20:22 5366032 ----a-w- c:\windows\uninst.exe

2011-08-21 20:24 . 2011-08-21 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data

2011-08-21 20:13 . 2011-08-22 21:13 -------- d-----w- c:\windows\system32\wbem\Repository\FS

2011-08-21 11:50 . 2011-08-21 11:50 -------- d-----w- c:\program files\Common Files\Java

2011-08-21 11:50 . 2011-05-04 01:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-10 13:46 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 13:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-05 12:25 . 2007-12-05 05:41 225280 ----a-w- c:\windows\system32\nvrszhc.dll

2011-08-05 12:25 . 2007-12-05 05:41 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2011-08-05 12:25 . 2007-12-05 05:41 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2011-08-05 12:25 . 2007-12-05 05:41 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-08-05 12:25 . 2007-12-05 05:41 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2011-08-05 12:25 . 2007-12-05 05:41 290816 ----a-w- c:\windows\system32\nvwrsth.dll

2011-08-05 12:25 . 2007-12-05 05:41 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-08-05 12:25 . 2007-12-05 05:41 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-08-05 12:24 . 2011-08-05 12:24 -------- d-----w- c:\windows\nview

2011-08-05 12:24 . 2007-12-05 05:41 442368 ----a-w- c:\windows\system32\nvappbar.exe

2011-08-05 12:24 . 2007-12-05 05:41 425984 ----a-w- c:\windows\system32\keystone.exe

2011-08-05 12:24 . 2007-12-05 05:41 147456 ----a-w- c:\windows\system32\nvcolor.exe

2011-08-05 12:24 . 2007-12-05 05:41 356352 ----a-w- c:\windows\system32\nvudisp.exe

2011-08-04 22:53 . 2007-12-05 01:53 356352 ----a-w- c:\windows\system32\NVUNINST.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-21 11:28 . 2011-06-03 12:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-31 18:47 . 2011-07-31 18:47 3577856 ----a-w- c:\windows\system32\ffdshow.ax

2011-07-31 18:31 . 2011-07-31 18:31 3854848 ----a-w- c:\windows\system32\ffmpeg.dll

2011-07-19 19:08 . 2011-07-19 19:08 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-19 19:06 . 2011-07-19 19:06 259584 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-07-19 19:06 . 2011-07-19 19:06 158208 ----a-w- c:\windows\system32\ff_unrar.dll

2011-07-19 19:06 . 2011-07-19 19:06 96768 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-07-19 19:06 . 2011-07-19 19:06 1524224 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-07-19 19:06 . 2011-07-19 19:06 145920 ----a-w- c:\windows\system32\ff_libmad.dll

2011-07-19 19:06 . 2011-07-19 19:06 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-07-19 19:06 . 2011-07-19 19:06 113664 ----a-w- c:\windows\system32\ff_liba52.dll

2011-07-19 19:06 . 2011-07-19 19:06 327680 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-07-19 19:06 . 2011-07-19 19:06 211456 ----a-w- c:\windows\system32\ff_libdts.dll

2011-07-15 13:29 . 2002-08-29 01:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52 . 2010-05-29 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2010-05-29 18:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2008-01-20 19:16 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2006-06-23 11:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2002-08-29 03:41 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 18:36 . 2002-08-29 03:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2002-08-29 03:41 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-29_19.16.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-02 15:10 . 2011-09-02 15:10 16384 c:\windows\Temp\Perflib_Perfdata_990.dat

+ 2011-09-02 15:10 . 2011-09-02 15:10 16384 c:\windows\Temp\Perflib_Perfdata_2a8.dat

+ 2006-03-04 04:52 . 2006-03-04 04:52 88576 c:\windows\system32\OptimFROG.dll

+ 2011-03-03 11:35 . 2011-03-03 11:35 80384 c:\windows\system32\mkzlib.dll

+ 2011-03-03 11:35 . 2011-03-03 11:35 24576 c:\windows\system32\mkunicode.dll

+ 2008-08-05 20:59 . 2008-08-05 20:59 57344 c:\windows\system32\dpv11.dll

+ 2009-05-01 20:02 . 2009-05-01 20:02 90112 c:\windows\system32\dpl100.dll

+ 2008-05-25 13:39 . 2008-05-25 13:39 13824 c:\windows\system32\C2MP\StatsReader.exe

+ 2002-12-12 00:14 . 2002-12-12 00:14 13312 c:\windows\system32\C2MP\msdmo.dll

+ 2008-05-25 13:39 . 2008-05-25 13:39 23040 c:\windows\system32\C2MP\MiniCalc.exe

+ 2009-11-14 00:46 . 2009-11-14 00:46 69632 c:\windows\system32\C2MP\DivXConfig.exe

+ 2010-03-16 13:52 . 2010-03-16 13:52 28224 c:\windows\system32\bass_wv.dll

+ 2009-05-22 15:55 . 2009-05-22 15:55 21320 c:\windows\system32\bass_mpc.dll

+ 2009-12-09 12:40 . 2009-12-09 12:40 25152 c:\windows\system32\bass_flac.dll

+ 2009-08-03 12:17 . 2009-08-03 12:17 33624 c:\windows\system32\bass_ape.dll

+ 2009-10-28 14:03 . 2009-10-28 14:03 12488 c:\windows\system32\bass_alac.dll

+ 2010-06-17 13:31 . 2010-06-17 13:31 99896 c:\windows\system32\bass.dll

+ 2011-03-03 11:37 . 2011-03-03 11:37 93184 c:\windows\system32\avss.dll

+ 2011-03-03 11:38 . 2011-03-03 11:38 97792 c:\windows\system32\avs.dll

+ 2009-08-11 21:21 . 2009-08-11 21:21 87552 c:\windows\system32\ac3config.exe

+ 2008-05-25 13:39 . 2008-05-25 13:39 9216 c:\windows\system32\C2MP\OGMCalc.exe

+ 2008-05-25 13:39 . 2008-05-25 13:39 6144 c:\windows\system32\C2MP\AviC.exe

+ 2008-02-27 21:49 . 2008-02-27 21:49 8536 c:\windows\system32\bass_tta.dll

+ 2009-04-24 12:20 . 2009-04-24 12:20 5960 c:\windows\system32\bass_ofr.dll

+ 2011-05-30 13:42 . 2011-05-30 13:42 240640 c:\windows\system32\xvidvfw.dll

+ 2011-05-23 07:46 . 2011-05-23 07:46 645632 c:\windows\system32\xvidcore.dll

+ 2008-08-26 22:11 . 2008-08-26 22:11 987136 c:\windows\system32\VSFilter.dll

+ 2011-03-03 11:38 . 2011-03-03 11:38 154112 c:\windows\system32\ts.dll

+ 2009-05-01 20:02 . 2009-05-01 20:02 200704 c:\windows\system32\ssldivx.dll

+ 2011-03-03 11:39 . 2011-03-03 11:39 123392 c:\windows\system32\ogm.dll

+ 2011-03-03 11:39 . 2011-03-03 11:39 141824 c:\windows\system32\mp4.dll

+ 2011-03-03 11:40 . 2011-03-03 11:40 150528 c:\windows\system32\mkx.dll

+ 2011-03-03 11:38 . 2011-03-03 11:38 137728 c:\windows\system32\mkv2vfr.exe

+ 2007-07-05 01:33 . 2007-07-05 01:33 892928 c:\windows\system32\iconv.dll

+ 2011-03-03 11:37 . 2011-03-03 11:37 358400 c:\windows\system32\gdsmux.exe

+ 2011-03-03 11:38 . 2011-03-03 11:38 249856 c:\windows\system32\dxr.dll

+ 2008-08-05 20:59 . 2008-08-05 20:59 196608 c:\windows\system32\dtu100.dll

+ 2011-03-03 11:39 . 2011-03-03 11:39 113152 c:\windows\system32\dsmux.exe

+ 2008-08-05 20:59 . 2008-08-05 20:59 344064 c:\windows\system32\dpus11.dll

+ 2008-08-05 20:59 . 2008-08-05 20:59 593920 c:\windows\system32\dpuGUI11.dll

+ 2008-08-05 20:59 . 2008-08-05 20:59 294912 c:\windows\system32\dpu11.dll

+ 2009-11-14 00:49 . 2009-11-14 00:49 532480 c:\windows\system32\DivXsm.exe

+ 2009-11-13 23:47 . 2009-11-13 23:47 696320 c:\windows\system32\DivX.dll

+ 2011-08-04 20:19 . 2011-08-04 20:19 507785 c:\windows\system32\C2MP\Uninst.exe

+ 2007-02-19 15:28 . 2007-02-19 15:28 117974 c:\windows\system32\C2MP\GSpot27.dat

+ 2007-02-22 20:08 . 2007-02-22 20:08 925696 c:\windows\system32\C2MP\GSpot.exe

+ 2011-08-04 20:19 . 2011-08-04 20:19 234875 c:\windows\system32\C2MP\CleanUp_x64.exe

+ 2011-08-04 20:19 . 2011-08-04 20:19 238076 c:\windows\system32\C2MP\CleanUp.exe

+ 2009-02-27 15:52 . 2009-02-27 15:52 151416 c:\windows\system32\bass_aac.dll

+ 2011-03-03 11:39 . 2011-03-03 11:39 109568 c:\windows\system32\avi.dll

+ 2008-11-06 15:37 . 2008-11-06 15:37 3596288 c:\windows\system32\qt-dx331.dll

+ 2009-05-01 20:02 . 2009-05-01 20:02 1044480 c:\windows\system32\libdivx.dll

+ 2005-07-26 04:31 . 2008-04-14 00:12 1287168 c:\windows\system32\dllcache\ole32.dll

+ 2010-03-08 17:59 . 2010-03-08 17:59 1619968 c:\windows\system32\C2MP\VC80CRTRedist.msi

+ 2009-08-11 21:21 . 2009-08-11 21:21 1021440 c:\windows\system32\ac3filter_intl.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\SnowBum\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\xfire.exe [2011-8-26 3510680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

QuickTV6.lnk - c:\program files\AVerTV Hybrid + FM PCI\AVerQT.exe [2005-7-19 507904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=

"c:\\Documents and Settings\\SnowBum\\Desktop\\utorrent.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Nova Games\\DFX2\\dfx2.exe"=

"e:\\Nova Games\\DFX2\\UPDATE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\kos_snowbum\\counter-strike\\hl.exe"=

"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=

"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56065:TCP"= 56065:TCP:Pando Media Booster

"56065:UDP"= 56065:UDP:Pando Media Booster

"57812:TCP"= 57812:TCP:Pando Media Booster

"57812:UDP"= 57812:UDP:Pando Media Booster

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/08/2008 14:25 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/08/2008 14:25 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [21/08/2011 12:44 328536]

R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [25/09/2008 14:40 106496]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 15:04 308136]

R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [22/08/2005 18:05 512384]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [10/11/2006 14:08 24064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S2 gupdate1ca04b8b699b260;Google Update Service (gupdate1ca04b8b699b260);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2009 20:24 133104]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [20/06/2009 18:03 29184]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2009 20:24 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [25/09/2008 14:40 9760]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2001 13:00 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [31/05/2009 21:11 16640]

S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 06:17 2805000]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/02/2008 19:35 639224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

2011-09-02 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-21 15:40]

.

2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 19:24]

.

2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 19:24]

.

2011-09-02 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyServer = 169.354.20.77:80

IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.25\AMVConverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{3F7C5588-6763-4791-8B8B-D73B08396DE9} - c:\program files\ie_picture_downloader\picsaver.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\SnowBum\Application Data\Mozilla\Firefox\Profiles\38tbjp91.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-02 16:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-706699826-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ef,51,b1,fb,c9,ee,c7,37,aa,1b,d9,1b,be,1a,19,0d,ac,b0,3c,71,ce,81,07,

db,5e,a4,f5,7a,8c,e8,80,5f,5e,d8,96,26,f3,40,d6,ae,a0,7b,c9,90,ed,7c,03,04,\

"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83

.

[HKEY_USERS\S-1-5-21-682003330-706699826-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:70,bb,5c,44,ea,47,c6,6e,bc,0c,3e,67,07,0d,80,7e,d0,02,57,d2,e1,

49,7a,ee,3a,24,50,59,af,ba,3f,c2,ec,0d,6f,b9,8f,45,b6,6a,d0,92,9b,a1,1c,ba,\

"rkeysecu"=hex:85,0a,52,60,34,b1,82,a3,35,91,73,5a,ad,90,86,36

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(888)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(676)

c:\windows\system32\WININET.dll

c:\program files\Xfire\xfire_toucan_44507.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Folding@home-Win32-x86-623 number 1\Folding@home-Win32-x86.exe

c:\program files\Folding@home-Win32-x86-623 number 2\Folding@home-Win32-x86.exe

c:\program files\Folding@home-Win32-x86-623 number 1\FahCore_a4.exe

c:\program files\Folding@home-Win32-x86-623 number 2\FahCore_a4.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\WgaTray.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2011-09-02 16:17:19 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-02 15:17

ComboFix2.txt 2011-08-29 19:23

.

Pre-Run: 91,771,785,216 bytes free

Post-Run: 91,740,782,592 bytes free

.

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 6FC0EEE74043C4855377E4CE2F154FDA

DDS Log

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by SnowBum at 16:21:55 on 2011-09-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.227 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\AutoLaunch.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

svchost.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\Folding@home-Win32-x86.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\Folding@home-Win32-x86.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\FahCore_a4.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\FahCore_a4.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe

C:\Program Files\Xfire\xfire.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyServer = 169.354.20.77:80

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

mRun: [skyTel] SkyTel.EXE

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\snowbum\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv6.lnk - c:\program files\avertv hybrid + fm pci\AVerQT.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: Add to AMV/AVI Video Converter... - c:\program files\media player utilities 4.25\amvconverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {3F7C5588-6763-4791-8B8B-D73B08396DE9} - c:\program files\ie_picture_downloader\picsaver.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200858399218

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3DF85D17-F1D1-4CDC-9B82-321DD3EF5EE0} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\snowbum\application data\mozilla\firefox\profiles\38tbjp91.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-29 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-28 532224]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-21 328536]

R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [2008-9-25 106496]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 Folding@home-CPU-[1];Folding@home-CPU-[1];c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 1" -local --> c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 1 [?]

R2 Folding@home-CPU-[2];Folding@home-CPU-[2];c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 2" -local --> c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 2 [?]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [2005-8-22 512384]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca04b8b699b260;Google Update Service (gupdate1ca04b8b699b260);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-6-20 29184]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2008-9-25 9760]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-31 16640]

S3 XDva317;XDva317;\??\c:\windows\system32\xdva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

.

=============== Created Last 30 ================

.

2011-08-30 13:53:25 10368 ------w- c:\windows\system32\drivers\pfc.sys

2011-08-30 13:51:50 -------- d-----w- C:\MyWorks

2011-08-30 13:51:44 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2011-08-29 20:54:08 -------- d-----w- c:\windows\system32\custom matrices

2011-08-29 20:54:03 -------- d-----w- c:\windows\system32\QuickTime

2011-08-29 20:54:03 -------- d-----w- c:\windows\system32\C2MP

2011-08-29 18:41:56 -------- d-sha-r- C:\cmdcons

2011-08-29 18:30:10 98816 ----a-w- c:\windows\sed.exe

2011-08-29 18:30:10 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 18:30:10 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 18:30:10 208896 ----a-w- c:\windows\MBR.exe

2011-08-26 22:21:30 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-08-22 21:06:16 -------- d-----w- c:\program files\GiPo@Utilities

2011-08-21 20:24:40 -------- d-----w- c:\documents and settings\snowbum\application data\PC Cleaners

2011-08-21 20:24:32 5366032 ----a-w- c:\windows\uninst.exe

2011-08-21 20:24:31 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2011-08-21 20:13:00 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-21 19:31:35 -------- d-----w- c:\windows\pss

2011-08-21 11:50:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-10 13:46:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 13:45:28 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-05 12:25:05 225280 ----a-w- c:\windows\system32\nvrszhc.dll

2011-08-05 12:25:05 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2011-08-05 12:25:05 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2011-08-05 12:25:05 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-08-05 12:25:04 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2011-08-05 12:25:04 290816 ----a-w- c:\windows\system32\nvwrsth.dll

2011-08-05 12:25:04 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-08-05 12:25:04 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-08-05 12:24:53 442368 ----a-w- c:\windows\system32\nvappbar.exe

2011-08-05 12:24:53 425984 ----a-w- c:\windows\system32\keystone.exe

2011-08-05 12:24:53 147456 ----a-w- c:\windows\system32\nvcolor.exe

2011-08-05 12:24:53 -------- d-----w- c:\windows\nview

2011-08-05 12:24:52 356352 ----a-w- c:\windows\system32\nvudisp.exe

2011-08-04 22:53:47 356352 ----a-w- c:\windows\system32\NVUNINST.EXE

.

==================== Find3M ====================

.

2011-08-21 11:28:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-31 18:47:46 3577856 ----a-w- c:\windows\system32\ffdshow.ax

2011-07-31 18:31:38 3854848 ----a-w- c:\windows\system32\ffmpeg.dll

2011-07-19 19:08:04 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-19 19:06:48 259584 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-07-19 19:06:36 158208 ----a-w- c:\windows\system32\ff_unrar.dll

2011-07-19 19:06:34 96768 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-07-19 19:06:34 1524224 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-07-19 19:06:32 145920 ----a-w- c:\windows\system32\ff_libmad.dll

2011-07-19 19:06:30 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-07-19 19:06:30 113664 ----a-w- c:\windows\system32\ff_liba52.dll

2011-07-19 19:06:28 327680 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-07-19 19:06:28 211456 ----a-w- c:\windows\system32\ff_libdts.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 16:22:36.03 ===============

Link to post
Share on other sites

  • Staff

Hi,

I see you have IOBit software installed.

Please read this:

http://forums.malwarebytes.org/index.php?showtopic=33217

I highly recommend uninstalling their software.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESET Log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=d9e9f54f0ce1ee49b84747109c194cd4

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-05 03:05:41

# local_time=2011-09-05 04:05:41 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=224355

# found=0

# cleaned=0

# scan_time=11994

SecurityCheck Log

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

AVG Free 9.0

ESET Online Scanner v3

ESET Online Scanner

ZoneAlarm

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 26

Flash Player Out of Date!

Adobe Flash Player 10.1.53.64

Mozilla Firefox (3.0.11) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Zone Labs ZoneAlarm zlclient.exe

``````````End of Log````````````

The only issue i still have is the red shield with a white x "Windows Security Alerts" which tells me i haven't got any anti-virus installed, also says that Windows firewall is disabled and i don't have any firewall installed. I have both and prior to me accidentally installing "PC Cleaners V10.0" they were both detected by Windows Security Centre. The red shield is kinda irritating.

Link to post
Share on other sites

I had already uninstalled the IObit software before i did the ESET scan and your Security Check. I had rebooted and it made no difference.

I've attached a screen shot of the shield and what the bubble is saying, you can clearly see that AVG and ZoneAlarm are running.

DDS Log

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by SnowBum at 23:00:54 on 2011-09-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.372 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\AutoLaunch.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\Folding@home-Win32-x86.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\Folding@home-Win32-x86.exe

C:\Program Files\Folding@home-Win32-x86-623 number 1\FahCore_a4.exe

C:\Program Files\Folding@home-Win32-x86-623 number 2\FahCore_a4.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyServer = 169.354.20.77:80

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [skyTel] SkyTel.EXE

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\snowbum\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv6.lnk - c:\program files\avertv hybrid + fm pci\AVerQT.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: Add to AMV/AVI Video Converter... - c:\program files\media player utilities 4.25\amvconverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {3F7C5588-6763-4791-8B8B-D73B08396DE9} - c:\program files\ie_picture_downloader\picsaver.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200858399218

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3DF85D17-F1D1-4CDC-9B82-321DD3EF5EE0} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\snowbum\application data\mozilla\firefox\profiles\38tbjp91.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-29 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-28 532224]

R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [2008-9-25 106496]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 Folding@home-CPU-[1];Folding@home-CPU-[1];c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 1" -local --> c:\program files\folding@home-win32-x86-623 number 1\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 1 [?]

R2 Folding@home-CPU-[2];Folding@home-CPU-[2];c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d "c:\program files\folding@home-win32-x86-623 number 2" -local --> c:\program files\folding@home-win32-x86-623 number 2\folding@home-win32-x86.exe -svcstart -d c:\program files\Folding@home-Win32-x86-623 number 2 [?]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [2005-8-22 512384]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca04b8b699b260;Google Update Service (gupdate1ca04b8b699b260);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-6-20 29184]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2008-9-25 9760]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-31 16640]

S3 XDva317;XDva317;\??\c:\windows\system32\xdva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

.

=============== Created Last 30 ================

.

2011-09-05 09:15:56 -------- d-----w- c:\program files\ESET

2011-08-30 13:53:25 10368 ------w- c:\windows\system32\drivers\pfc.sys

2011-08-30 13:51:50 -------- d-----w- C:\MyWorks

2011-08-30 13:51:44 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2011-08-29 20:54:08 -------- d-----w- c:\windows\system32\custom matrices

2011-08-29 20:54:03 -------- d-----w- c:\windows\system32\QuickTime

2011-08-29 20:54:03 -------- d-----w- c:\windows\system32\C2MP

2011-08-29 18:41:56 -------- d-sha-r- C:\cmdcons

2011-08-29 18:30:10 98816 ----a-w- c:\windows\sed.exe

2011-08-29 18:30:10 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 18:30:10 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 18:30:10 208896 ----a-w- c:\windows\MBR.exe

2011-08-26 22:21:30 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-08-22 21:06:16 -------- d-----w- c:\program files\GiPo@Utilities

2011-08-21 20:24:40 -------- d-----w- c:\documents and settings\snowbum\application data\PC Cleaners

2011-08-21 20:24:32 5366032 ----a-w- c:\windows\uninst.exe

2011-08-21 20:24:31 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2011-08-21 20:13:00 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-21 19:31:35 -------- d-----w- c:\windows\pss

2011-08-21 11:50:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-10 13:46:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 13:45:28 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

.

==================== Find3M ====================

.

2011-08-21 11:28:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-31 18:47:46 3577856 ----a-w- c:\windows\system32\ffdshow.ax

2011-07-31 18:31:38 3854848 ----a-w- c:\windows\system32\ffmpeg.dll

2011-07-19 19:08:04 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-19 19:06:48 259584 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-07-19 19:06:36 158208 ----a-w- c:\windows\system32\ff_unrar.dll

2011-07-19 19:06:34 96768 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-07-19 19:06:34 1524224 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-07-19 19:06:32 145920 ----a-w- c:\windows\system32\ff_libmad.dll

2011-07-19 19:06:30 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-07-19 19:06:30 113664 ----a-w- c:\windows\system32\ff_liba52.dll

2011-07-19 19:06:28 327680 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-07-19 19:06:28 211456 ----a-w- c:\windows\system32\ff_libdts.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 23:02:20.06 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 20/01/2008 19:29:01

System Uptime: 07/09/2011 22:54:34 (1 hours ago)

.

Motherboard: | | 4CoreDual-SATA2

Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | CPUSocket | 2925/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 177 GiB total, 83.3 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 195 GiB total, 29.119 GiB free.

F: is FIXED (NTFS) - 59 GiB total, 58.519 GiB free.

G: is CDROM ()

L: is Removable

M: is Removable

N: is Removable

O: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP226: 16/06/2011 03:00:23 - Software Distribution Service 3.0

RP227: 25/06/2011 09:14:27 - Software Distribution Service 3.0

RP228: 27/06/2011 15:21:02 - System Checkpoint

RP229: 28/06/2011 18:13:44 - System Checkpoint

RP230: 29/06/2011 18:36:58 - System Checkpoint

RP231: 29/06/2011 20:33:27 - Software Distribution Service 3.0

RP232: 04/07/2011 13:55:33 - System Checkpoint

RP233: 05/07/2011 14:42:28 - System Checkpoint

RP234: 06/07/2011 15:23:44 - System Checkpoint

RP235: 11/07/2011 15:24:15 - System Checkpoint

RP236: 12/07/2011 17:50:30 - System Checkpoint

RP237: 13/07/2011 15:34:15 - Software Distribution Service 3.0

RP238: 14/07/2011 19:40:41 - System Checkpoint

RP239: 14/07/2011 19:44:42 - Software Distribution Service 3.0

RP240: 17/07/2011 19:07:26 - System Checkpoint

RP241: 18/07/2011 21:09:11 - System Checkpoint

RP242: 20/07/2011 17:05:50 - System Checkpoint

RP243: 28/07/2011 11:23:08 - Installed The Sims Medieval

RP244: 28/07/2011 11:38:44 - Installed The Sims Medieval

RP245: 29/07/2011 15:27:47 - System Checkpoint

RP246: 29/07/2011 18:48:24 - Software Distribution Service 3.0

RP247: 01/08/2011 10:13:28 - System Checkpoint

RP248: 01/08/2011 21:16:42 - Software Distribution Service 3.0

RP249: 04/08/2011 14:42:36 - System Checkpoint

RP250: 07/08/2011 20:34:54 - Configured Delta Force: Xtreme

RP251: 09/08/2011 17:07:45 - System Checkpoint

RP252: 10/08/2011 17:22:25 - Unsigned driver install

RP253: 10/08/2011 17:54:06 - Unsigned printer driver Lexmark X84-X85 installed.

RP254: 10/08/2011 17:58:22 - Unsigned printer driver Lexmark X84-X85 installed.

RP255: 10/08/2011 18:07:40 - Unsigned printer driver Lexmark X84-X85 installed.

RP256: 10/08/2011 18:09:35 - Software Distribution Service 3.0

RP257: 10/08/2011 18:38:25 - Software Distribution Service 3.0

RP258: 10/08/2011 18:45:18 - Unsigned driver install

RP259: 10/08/2011 21:33:38 - Software Distribution Service 3.0

RP260: 10/08/2011 23:33:11 - Software Distribution Service 3.0

RP261: 11/08/2011 15:14:30 - Software Distribution Service 3.0

RP262: 11/08/2011 18:07:20 - Software Distribution Service 3.0

RP263: 11/08/2011 18:14:26 - Software Distribution Service 3.0

RP264: 11/08/2011 18:18:49 - Software Distribution Service 3.0

RP265: 11/08/2011 18:29:22 - Software Distribution Service 3.0

RP266: 11/08/2011 18:59:16 - Software Distribution Service 3.0

RP267: 11/08/2011 19:19:30 - Software Distribution Service 3.0

RP268: 11/08/2011 19:25:21 - Software Distribution Service 3.0

RP269: 12/08/2011 19:50:43 - System Checkpoint

RP270: 13/08/2011 03:00:18 - Software Distribution Service 3.0

RP271: 13/08/2011 19:56:24 - Software Distribution Service 3.0

RP272: 14/08/2011 00:14:04 - Software Distribution Service 3.0

RP273: 15/08/2011 03:00:19 - Software Distribution Service 3.0

RP274: 15/08/2011 09:10:54 - Software Distribution Service 3.0

RP275: 15/08/2011 13:31:34 - Software Distribution Service 3.0

RP276: 16/08/2011 15:25:09 - Software Distribution Service 3.0

RP277: 17/08/2011 03:00:22 - Software Distribution Service 3.0

RP278: 17/08/2011 14:58:26 - Software Distribution Service 3.0

RP279: 17/08/2011 22:30:57 - Software Distribution Service 3.0

RP280: 18/08/2011 17:27:38 - Software Distribution Service 3.0

RP281: 19/08/2011 18:24:47 - System Checkpoint

RP282: 19/08/2011 19:41:00 - Software Distribution Service 3.0

RP283: 21/08/2011 12:47:35 - Installed Java 6 Update 26

RP284: 21/08/2011 15:56:08 - Software Distribution Service 3.0

RP285: 21/08/2011 20:39:12 - Software Distribution Service 3.0

RP286: 22/08/2011 03:00:19 - Software Distribution Service 3.0

RP287: 22/08/2011 05:32:39 - Software Distribution Service 3.0

RP288: 22/08/2011 19:37:40 - Software Distribution Service 3.0

RP289: 22/08/2011 19:47:23 - Restore Operation

RP290: 22/08/2011 19:52:33 - Restore Operation

RP291: 22/08/2011 22:06:15 - Installed GiPo@FileUtilities 3.2

RP292: 22/08/2011 22:37:21 - Software Distribution Service 3.0

RP293: 23/08/2011 15:37:08 - Removed Dark Basic Professional CD 1.057 Upgrade

RP294: 23/08/2011 15:37:33 - Removed Dark Basic Professional

RP295: 23/08/2011 15:38:18 - Removed GiPo@FileUtilities 3.2

RP296: 23/08/2011 19:31:35 - Software Distribution Service 3.0

RP297: 25/08/2011 16:39:21 - System Checkpoint

RP298: 25/08/2011 19:05:44 - Software Distribution Service 3.0

RP299: 27/08/2011 13:34:11 - System Checkpoint

RP300: 27/08/2011 13:49:59 - Software Distribution Service 3.0

RP301: 29/08/2011 19:30:22 - ComboFix created restore point

RP302: 29/08/2011 22:16:06 - Software Distribution Service 3.0

RP303: 30/08/2011 14:33:18 - Software Distribution Service 3.0

RP304: 30/08/2011 18:38:49 - Software Distribution Service 3.0

RP305: 31/08/2011 21:48:45 - System Checkpoint

RP306: 31/08/2011 22:21:15 - Software Distribution Service 3.0

RP307: 01/09/2011 14:45:34 - Software Distribution Service 3.0

RP308: 01/09/2011 18:12:34 - Software Distribution Service 3.0

RP309: 02/09/2011 13:54:54 - Software Distribution Service 3.0

RP310: 02/09/2011 17:18:58 - Software Distribution Service 3.0

RP311: 05/09/2011 11:16:40 - System Checkpoint

RP312: 05/09/2011 23:26:34 - Software Distribution Service 3.0

RP313: 06/09/2011 09:01:33 - Software Distribution Service 3.0

RP314: 06/09/2011 09:53:58 - Software Distribution Service 3.0

RP315: 07/09/2011 13:59:18 - System Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.0

Adobe Reader Extended Language Support Font Pack

Adobe Shockwave Player 11.5

Any Video Converter 2.7.2

Apple Software Update

Audacity 1.2.6

AVerHybridTV

AVerTV Hybrid + FM PCI

AVG Free 9.0

BBC iPlayer Desktop

BioShock 2

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

CamStudio

CamStudio Lossless Codec

Chinese Simplified Fonts Support For Adobe Reader 8

Chinese Traditional Fonts Support For Adobe Reader 8

Critical Update for Windows Media Player 11 (KB959772)

Cross Fire En

Delta Force - Black Hawk Down

Delta Force Black Hawk Down Team Sabre

Delta Force Xtreme 2

Delta Force: Xtreme

DivX Setup

DVD Shrink 3.2

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2

DVDFab 8.0.4.0 (11/11/2010)

ESET Online Scanner

ESET Online Scanner v3

EVEREST Home Edition v2.20

FahMon - Folding@home client monitoring software

Far Cry 2

ffdshow v1.1.3800 [2011-03-28]

Fraps (remove only)

getPlus®_ocx

Google Chrome

Google Earth

Google Update Helper

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IrfanView (remove only)

Java Auto Updater

Java 6 Update 26

Joint Operations: Typhoon Rising

Kaspersky Online Scanner

Macromedia Dreamweaver MX

Macromedia Extension Manager

Macromedia Fireworks MX

Macromedia Flash MX

Macromedia FreeHand 10

Malwarebytes' Anti-Malware version 1.51.1.1800

Media Player Codec Pack 4.0.2

Media Player Utilities 4.25

Microsoft .NET Compact Framework 1.0 SP3 Developer

Microsoft .NET Compact Framework 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Device Emulator version 1.0 - ENU

Microsoft Document Explorer 2005

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Mobile [ENU] Developer Tools

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio 2005 Professional Edition - ENU

Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)

Microsoft WinUsb 1.0

Microsoft Works 6-9 Converter

Microsoft WSE 3.0 Runtime

Mozilla Firefox (3.0.11)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB933579)

NAVIGON Fresh 1.4.9

Nero 7 Premium

NVIDIA Drivers

NVIDIA nTune

Nvidia Omega Drivers v2.169.21 Setup Files

OGA Notifier 2.0.0048.0

Outlook Express Backup V6.5

Pando Media Booster

PFPortChecker 1.0.28

Platform

PunkBuster for Joint Operations: Typhoon Rising

PunkBuster Services

Qloud Plug-in for WM

Qloud Plugin for Windows Media Player

QuickTime

Realtek High Definition Audio Driver

RegistrySmart

Roblox for SnowBum

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3 USB Driver Installer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2251481)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2538218)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 8 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SIMREADER

SiSoftware Sandra Lite XII.SP1

Skype™ 4.0

SopCast 3.0.3

Spelling Dictionaries Support For Adobe Reader 8

Spybot - Search & Destroy

Spybot - Search & Destroy 1.5.2.20

Steam

SUPERAntiSpyware

System Requirements Lab

TeamSpeak 2 RC2

The Sims 2

The Sims Medieval

The Sims™ 3

Toontown Online

Twins video to iPod-Zune-PSP-3GP 1.0

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.4053

Ventrilo Client

VIA Platform Device Manager

VIA Rhine-Family Fast-Ethernet Adapter

WebEx

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Messenger

Windows Live Upload Tool

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

WolfQuest

Xfire (remove only)

Xvid 1.1.3 final uninstall

Yahoo! Detect

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

05/09/2011 14:11:33, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

05/09/2011 10:13:29, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

05/09/2011 10:13:24, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).

02/09/2011 16:58:07, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

02/09/2011 16:10:14, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

02/09/2011 15:49:19, error: Service Control Manager [7034] - The Folding@home-CPU-[2] service terminated unexpectedly. It has done this 1 time(s).

02/09/2011 15:49:19, error: Service Control Manager [7034] - The Folding@home-CPU-[1] service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

post-69667-0-86862800-1315433272.jpg

Link to post
Share on other sites

I have now solved the issue of my Antivirus and Firewall not being detected by the Security Center.

After reading up on why this happens it seems like the WMI (windows Management Instrumentaion) was corrupt or incomplete. I tried repairing and re-registering the WMI components but this didn't work. So then i took the step of doing the comprehensive rebuild. This has worked.

This was the page which helped me :- http://windowsxp.mvps.org/repairwmi.htm

I think that we should take the final steps of finishing off now.

Link to post
Share on other sites

  • Staff

Great work figuring out the issue on your own.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

Adobe Flash Player 10.1.53.64

Adobe Reader 8.0

Java™ 6 Update 26

HijackThis 2.0.2

ESET Online Scanner v3

ESET Online Scanner

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Link to post
Share on other sites

  • Staff

Yup. Everything looks good from here!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.