Jump to content

AV Security 2012...and other things apperently.


Recommended Posts

Ok, so long story short before this thing locks up again(don't want to use alternate computer to post logs from, worried it might spread the infection)...Got infected, ran mbam and input serial for the rogue, and it seemed to take care of the problem. Also reset the host file using the fixitforme program from microsoft. Followed the instructions given perfectly.

Reboot, computer seems fine. But then nod32 reports that svchost is infected now and it cannot be cleaned. Try scanning system32, find individual file that seems to be associated with it(afd.sys). Install an update for the system file to overwrite/delete without messing computer up, reboot, problem seems to be gone there. Do full system scan with nod32, finds Rootkit.Kryptik.ET trojan. Well, a variant, along with something called opencandy and Win32/HackAV.HP. Scanner hangs at 99% and resets to 0%(as if it had started a new scan) and locks up. However, the viruses it found before are all in the quarantine.

Not sure if the coast is clear yet, especially since scanner and computer are still locking up. Professional help would be great right about now.

bump, help would still be appreciated

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Run by Justin at 22:24:35 on 2011-11-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.104 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\LTMSG.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

mDefault_Page_URL = hxxp://us9.hpwis.com/

mDefault_Search_URL = hxxp://srch-us9.hpwis.com/

mSearch Page = hxxp://srch-us9.hpwis.com/

mStart Page = hxxp://us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

mSearchAssistant = hxxp://search.live.com/sphome.aspx

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [backupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [LTMSG] LTMSG.exe 7

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA3ADMAMQAzADIANQAwAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA"&"prod=90"&"ver=9.0.894

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

LSP: mswsock.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156431290828

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156432135796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\rco19mrx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]

R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [2003-8-15 7040]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-21 54752]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 366152]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-5-12 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev usa\pangya\gameguard\dump_wmimmc.sys --> c:\ntreev usa\pangya\gameguard\dump_wmimmc.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-15 22:24:27 -------- d-----w- c:\program files\157A5

2011-11-15 22:24:16 -------- d-----w- c:\documents and settings\justin\application data\2C715

2011-11-15 22:24:15 -------- d-----w- c:\program files\LP

2011-11-15 22:24:06 -------- d-----w- c:\documents and settings\justin\application data\xlllONNtxA0cSib

2011-11-15 22:24:06 -------- d-----w- c:\documents and settings\justin\application data\HEEEL8ggTZh

2011-11-15 22:23:48 -------- d-----w- c:\documents and settings\justin\application data\PvvvD22onF4mHs

2011-11-15 22:23:46 -------- d-----w- c:\documents and settings\justin\application data\X77ffRLL9gXqjCk

2011-11-02 04:44:43 -------- d-----w- c:\documents and settings\justin\application data\TrueCrypt

2011-11-02 04:43:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-11-02 04:43:02 -------- d-----w- c:\program files\TrueCrypt

2011-11-02 03:49:14 -------- d-----w- c:\windows\system32\NtmsData

2011-11-01 01:40:26 -------- d-----w- c:\program files\iPod

2011-11-01 01:40:10 -------- d-----w- c:\program files\iTunes

2011-11-01 01:31:10 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-10-29 18:31:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-06 11:17:00 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchmsxml.dll

2011-10-06 11:16:53 36864 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\gnu.dll

2011-10-06 11:16:44 122880 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\SearchCtrl.dll

2011-10-06 11:16:29 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\FDIWrapper.dll

2011-10-06 11:16:27 69632 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\msxmlwrapper.dll

2011-10-06 11:16:20 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\WinVerifyTrust.dll

2011-10-06 11:16:18 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\util.dll

2011-10-06 11:16:05 49152 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\hwinv.dll

2011-10-06 11:16:02 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\pchmsxml.dll

2011-10-06 11:16:00 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchapi.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ------w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ------w- c:\windows\system32\html.iec

2011-09-02 16:13:45 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

.

============= FINISH: 22:26:08.84 ===============

attach.7z

dds.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

All logs requested

Noting here that nod32's web protect appears to have been messed up, and my netgear adapter and its program crashed when I plug it in. This was right after combofix finished the log. Anyway...

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

11/22/2011 7:58:22 PM

mbam-log-2011-11-22 (19-58-22).txt

Scan type: Quick scan

Objects scanned: 193675

Time elapsed: 16 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Justin\local settings\temporary internet files\Content.IE5\EOB8D6F7\file[1].exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.

ComboFix 11-11-22.03 - Justin 11/22/2011 21:51:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.201 [GMT -8:00]

Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Justin\WINDOWS

c:\program files\LP

c:\windows\$NtUninstallKB21085$\2979233157

c:\windows\$NtUninstallKB21085$\3522593707\@

c:\windows\$NtUninstallKB21085$\3522593707\bckfg.tmp

c:\windows\$NtUninstallKB21085$\3522593707\cfg.ini

c:\windows\$NtUninstallKB21085$\3522593707\Desktop.ini

c:\windows\$NtUninstallKB21085$\3522593707\kwrd.dll

c:\windows\$NtUninstallKB21085$\3522593707\L\svaojlsg

c:\windows\$NtUninstallKB21085$\3522593707\lsflt7.ver

c:\windows\$NtUninstallKB21085$\3522593707\U\00000001.@

c:\windows\$NtUninstallKB21085$\3522593707\U\00000002.@

c:\windows\$NtUninstallKB21085$\3522593707\U\00000004.@

c:\windows\$NtUninstallKB21085$\3522593707\U\80000000.@

c:\windows\$NtUninstallKB21085$\3522593707\U\80000004.@

c:\windows\$NtUninstallKB21085$\3522593707\U\80000032.@

c:\windows\CSC\d6

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

c:\windows\tsoc.log

D:\Autorun.inf

c:\windows\$NtUninstallKB21085$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RPCPATCH

-------\Legacy_RPCTFTPD

.

.

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

.

.

2011-11-15 22:24 . 2011-11-15 22:24 -------- d-----w- c:\program files\157A5

2011-11-15 22:24 . 2011-11-15 22:24 -------- d-----w- c:\documents and settings\Justin\Application Data\2C715

2011-11-15 22:24 . 2011-11-15 22:40 -------- d-----w- c:\documents and settings\Justin\Application Data\xlllONNtxA0cSib

2011-11-15 22:24 . 2011-11-15 22:24 -------- d-----w- c:\documents and settings\Justin\Application Data\HEEEL8ggTZh

2011-11-15 22:23 . 2011-11-15 22:23 -------- d-----w- c:\documents and settings\Justin\Application Data\PvvvD22onF4mHs

2011-11-15 22:23 . 2011-11-15 22:23 -------- d-----w- c:\documents and settings\Justin\Application Data\X77ffRLL9gXqjCk

2011-11-13 22:29 . 2011-11-13 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-11-02 04:44 . 2011-11-02 04:47 -------- d-----w- c:\documents and settings\Justin\Application Data\TrueCrypt

2011-11-02 04:43 . 2011-11-02 04:43 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-11-02 04:43 . 2011-11-02 04:43 -------- d-----w- c:\program files\TrueCrypt

2011-11-02 03:49 . 2011-11-02 03:50 -------- d-----w- c:\windows\system32\NtmsData

2011-11-01 01:40 . 2011-11-01 01:40 -------- d-----w- c:\program files\iPod

2011-11-01 01:40 . 2011-11-01 01:43 -------- d-----w- c:\program files\iTunes

2011-11-01 01:32 . 2011-11-01 01:32 -------- d-----w- c:\program files\Apple Software Update

2011-11-01 01:31 . 2011-11-01 01:31 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-29 18:31 . 2011-05-19 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2004-10-24 22:40 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-06 11:17 . 2011-10-06 11:17 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchmsxml.dll

2011-10-06 11:16 . 2011-10-06 11:16 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\gnu.dll

2011-10-06 11:16 . 2011-10-06 11:16 122880 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\SearchCtrl.dll

2011-10-06 11:16 . 2011-10-06 11:16 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\FDIWrapper.dll

2011-10-06 11:16 . 2011-10-06 11:16 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\msxmlwrapper.dll

2011-10-06 11:16 . 2011-10-06 11:16 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\WinVerifyTrust.dll

2011-10-06 11:16 . 2011-10-06 11:16 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\util.dll

2011-10-06 11:16 . 2011-10-06 11:16 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\hwinv.dll

2011-10-06 11:16 . 2011-10-06 11:16 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchmsxml.dll

2011-10-06 11:16 . 2011-10-06 11:16 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchapi.dll

2011-10-06 11:15 . 2011-10-06 11:15 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\ZipLib.dll

2011-10-06 11:15 . 2011-10-06 11:15 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\asst_ui.dll

2011-10-06 11:15 . 2011-10-06 11:15 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\motivede.dll

2011-10-06 11:15 . 2011-10-06 11:15 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\msxmlwrapper.dll

2011-10-06 11:15 . 2011-10-06 11:15 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\GUI.dll

2011-10-06 11:15 . 2011-10-06 11:15 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PluginCtrl.dll

2011-10-06 11:15 . 2011-10-06 11:15 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchealthplugin.dll

2011-10-06 11:15 . 2011-10-06 11:15 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\clientutil52.dll

2011-10-06 11:15 . 2011-10-06 11:15 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\client_motkt.dll

2011-10-06 11:15 . 2011-10-06 11:15 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHI18N.dll

2011-10-06 11:15 . 2011-10-06 11:15 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchealthde.exe

2011-10-06 11:15 . 2011-10-06 11:15 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchnotify.exe

2011-10-06 11:15 . 2011-10-06 11:15 135168 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\ContentUpdater.exe

2011-10-06 11:15 . 2011-10-06 11:15 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\INV16.dll

2011-10-06 11:15 . 2011-10-06 11:15 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pcdapi.dll

2011-10-06 11:15 . 2011-10-06 11:15 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\winverifytrustwrapper.dll

2011-10-06 11:15 . 2011-10-06 11:15 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\api.dll

2011-10-06 11:15 . 2011-10-06 11:15 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\jsharpinterp.dll

2011-10-06 11:15 . 2011-10-06 11:15 155648 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHButton.exe

2011-09-28 07:06 . 2004-10-24 22:39 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2004-10-24 22:41 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2004-10-24 22:41 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-10-24 22:42 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56 . 2004-10-24 22:42 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56 . 2004-10-24 22:42 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56 . 2006-08-23 02:00 81920 ------w- c:\windows\system32\ieencode.dll

2011-09-05 12:35 . 2006-08-23 02:00 369664 ------w- c:\windows\system32\html.iec

2011-09-02 16:13 . 2011-09-01 21:23 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-09-01 00:00 . 2011-09-15 02:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2010-01-26 18:11 . 2011-09-18 21:22 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2011-11-10 23:32 . 2011-10-06 10:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]

"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-20 335872]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAA3ADMAMQAzADIANQAwAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA∏=90&ver=9.0.894" [?]

.

c:\documents and settings\Justin\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-22 113664]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]

Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2010-9-7 1175552]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Privoxy\\privoxy.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2011 12:42 PM 436792]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 8:20 AM 118104]

R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [8/15/2003 8:20 PM 7040]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 12:13 PM 38144]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 11:03 AM 974944]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/14/2011 6:29 PM 366152]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 6:09 PM 50704]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/12/2010 1:11 PM 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 2:06 AM 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/14/2011 6:29 PM 22216]

S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 8:20 AM 103112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 1:09 PM 136176]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys --> c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 1:09 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 2:12 PM 341504]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 21:09]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 21:09]

.

2006-09-16 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-16 23:04]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\rco19mrx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-HyperCam 2 - c:\documents and settings\justin\my documents\UnHyCam2.exe

AddRemove-zbattle.net_is1 - c:\documents and settings\Justin\My Documents\My Games\zbattle.net\unins000.exe

AddRemove-Castle Wars v2.5a - c:\program files\Bethesda Softworks\Morrowind\Data Files\Uninstal.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-22 22:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3488836725-3771021564-3911274412-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\m0S0K0“0[*+s]*×*f0d0O0Z0J0M0p0 ÿ]

@Class="Shell"

"a"="c:\\Documents and Settings\\Justin\\My Documents\\My Videos\\?Sylpheed?(Team.????[?]×???????)"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3488836725-3771021564-3911274412-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m0S0K0“0[*+s]*×*f0d0O0Z0J0M0p0 ÿ]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3488836725-3771021564-3911274412-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m0S0K0“0[*+s]*×*f0d0O0Z0J0M0p0 ÿ\OpenWithList]

@Class="Shell"

"a"="VDownloader.exe"

"MRUList"="a"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(512)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\ALCXMNTR.EXE

c:\windows\LTMSG.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\libusbd-nt.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wdfmgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-22 22:23:00 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-23 06:22

.

Pre-Run: 86,139,961,344 bytes free

Post-Run: 88,499,998,720 bytes free

.

- - End Of File - - 6FB391F22AFD8D7F7C979EA7CAA804DD

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Run by Justin at 22:35:41 on 2011-11-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.229 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\LTMSG.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

svchost.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [backupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [LTMSG] LTMSG.exe 7

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA3ADMAMQAzADIANQAwAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA"&"prod=90"&"ver=9.0.894

StartupFolder: c:\documents and settings\justin\start menu\programs\startup\AutoTBar.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156431290828

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156432135796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\rco19mrx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]

R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [2003-8-15 7040]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 366152]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-5-12 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22216]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]

S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-21 54752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev usa\pangya\gameguard\dump_wmimmc.sys --> c:\ntreev usa\pangya\gameguard\dump_wmimmc.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-23 05:39:49 98816 ----a-w- c:\windows\sed.exe

2011-11-23 05:39:49 518144 ----a-w- c:\windows\SWREG.exe

2011-11-23 05:39:49 256000 ----a-w- c:\windows\PEV.exe

2011-11-23 05:39:49 208896 ----a-w- c:\windows\MBR.exe

2011-11-15 22:24:27 -------- d-----w- c:\program files\157A5

2011-11-15 22:24:16 -------- d-----w- c:\documents and settings\justin\application data\2C715

2011-11-15 22:24:06 -------- d-----w- c:\documents and settings\justin\application data\xlllONNtxA0cSib

2011-11-15 22:24:06 -------- d-----w- c:\documents and settings\justin\application data\HEEEL8ggTZh

2011-11-15 22:23:48 -------- d-----w- c:\documents and settings\justin\application data\PvvvD22onF4mHs

2011-11-15 22:23:46 -------- d-----w- c:\documents and settings\justin\application data\X77ffRLL9gXqjCk

2011-11-02 04:44:43 -------- d-----w- c:\documents and settings\justin\application data\TrueCrypt

2011-11-02 04:43:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-11-02 04:43:02 -------- d-----w- c:\program files\TrueCrypt

2011-11-02 03:49:14 -------- d-----w- c:\windows\system32\NtmsData

2011-11-01 01:40:26 -------- d-----w- c:\program files\iPod

2011-11-01 01:40:10 -------- d-----w- c:\program files\iTunes

2011-11-01 01:31:10 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-10-29 18:31:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-06 11:17:00 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchmsxml.dll

2011-10-06 11:16:53 36864 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\gnu.dll

2011-10-06 11:16:44 122880 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\SearchCtrl.dll

2011-10-06 11:16:29 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\FDIWrapper.dll

2011-10-06 11:16:27 69632 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\msxmlwrapper.dll

2011-10-06 11:16:20 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\WinVerifyTrust.dll

2011-10-06 11:16:18 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\util.dll

2011-10-06 11:16:05 49152 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\hwinv.dll

2011-10-06 11:16:02 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\pchmsxml.dll

2011-10-06 11:16:00 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchapi.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ------w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ------w- c:\windows\system32\html.iec

2011-09-02 16:13:45 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

.

============= FINISH: 22:36:45.34 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/22/2006 6:44:34 PM

System Uptime: 11/22/2011 10:14:19 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Yale

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 148 GiB total, 82.45 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 0.906 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139/810x Family Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0

Manufacturer: Realtek

Name: Realtek RTL8139/810x Family Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0

Service: rtl8139

.

==== System Restore Points ===================

.

RP366: 9/1/2011 2:20:59 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter

RP367: 9/2/2011 1:39:08 PM - Installed JoypadConnect

RP368: 9/3/2011 2:45:53 PM - System Checkpoint

RP369: 9/3/2011 11:04:15 PM - Installed Windows Installer KB893803v2.

RP370: 9/3/2011 11:04:32 PM - Installed MSXML 4.0 SP2 Parser and SDK

RP371: 9/3/2011 11:09:25 PM - Unsigned driver install

RP372: 9/3/2011 11:14:42 PM - Update to an unsigned driver

RP373: 9/3/2011 11:41:59 PM - Update to an unsigned driver

RP374: 9/3/2011 11:48:07 PM - Unsigned driver install

RP375: 9/5/2011 2:23:56 PM - System Checkpoint

RP376: 9/6/2011 3:21:52 PM - System Checkpoint

RP377: 9/7/2011 8:47:46 PM - System Checkpoint

RP378: 9/8/2011 9:36:23 PM - System Checkpoint

RP379: 9/9/2011 9:53:10 PM - System Checkpoint

RP380: 9/10/2011 11:09:06 PM - System Checkpoint

RP381: 9/12/2011 6:59:51 PM - System Checkpoint

RP382: 9/13/2011 9:27:50 PM - System Checkpoint

RP383: 9/14/2011 11:17:43 PM - System Checkpoint

RP384: 9/17/2011 3:00:25 PM - System Checkpoint

RP385: 9/19/2011 6:06:49 PM - System Checkpoint

RP386: 9/19/2011 7:30:30 PM - Installed AirPort Extreme Admin Utility

RP387: 9/20/2011 9:31:27 PM - System Checkpoint

RP388: 9/21/2011 10:30:40 PM - System Checkpoint

RP389: 9/23/2011 4:31:15 PM - System Checkpoint

RP390: 9/24/2011 11:26:53 PM - System Checkpoint

RP391: 9/26/2011 4:55:45 PM - System Checkpoint

RP392: 9/27/2011 6:08:48 PM - System Checkpoint

RP393: 9/28/2011 7:22:52 PM - System Checkpoint

RP394: 9/29/2011 7:39:42 PM - System Checkpoint

RP395: 9/30/2011 8:56:10 PM - System Checkpoint

RP396: 10/2/2011 1:52:31 AM - System Checkpoint

RP397: 10/3/2011 7:57:57 AM - System Checkpoint

RP398: 10/5/2011 9:06:55 AM - System Checkpoint

RP399: 10/6/2011 2:55:41 AM - avast! Free Antivirus Setup

RP400: 10/6/2011 3:11:11 AM - Installed ESET NOD32 Antivirus

RP401: 10/6/2011 3:41:08 AM - Software Distribution Service 3.0

RP402: 10/6/2011 3:44:30 AM - Software Distribution Service 3.0

RP403: 10/6/2011 3:00:42 PM - Software Distribution Service 3.0

RP404: 10/6/2011 9:03:46 PM - Software Distribution Service 3.0

RP405: 10/7/2011 10:00:22 PM - System Checkpoint

RP406: 10/8/2011 11:57:31 PM - System Checkpoint

RP407: 10/10/2011 8:18:47 AM - System Checkpoint

RP408: 10/11/2011 3:58:34 PM - System Checkpoint

RP409: 10/12/2011 7:17:21 AM - Software Distribution Service 3.0

RP410: 10/13/2011 3:38:34 PM - System Checkpoint

RP411: 10/14/2011 5:49:38 PM - System Checkpoint

RP412: 10/15/2011 10:09:51 PM - System Checkpoint

RP413: 10/16/2011 3:00:24 PM - Software Distribution Service 3.0

RP414: 10/17/2011 5:51:45 PM - System Checkpoint

RP415: 10/18/2011 5:55:07 PM - System Checkpoint

RP416: 10/19/2011 6:45:31 PM - System Checkpoint

RP417: 10/20/2011 7:51:58 PM - System Checkpoint

RP418: 10/21/2011 8:01:19 PM - System Checkpoint

RP419: 10/22/2011 8:11:02 PM - System Checkpoint

RP420: 10/24/2011 4:35:46 PM - System Checkpoint

RP421: 10/25/2011 5:07:08 PM - System Checkpoint

RP422: 10/26/2011 6:09:42 PM - System Checkpoint

RP423: 10/27/2011 9:57:34 PM - System Checkpoint

RP424: 10/29/2011 1:04:14 AM - System Checkpoint

RP425: 10/30/2011 5:30:12 PM - System Checkpoint

RP426: 10/31/2011 6:34:12 PM - Installed iTunes

RP427: 11/1/2011 7:35:30 PM - System Checkpoint

RP428: 11/1/2011 9:43:17 PM - TrueCrypt installation

RP429: 11/2/2011 11:40:17 PM - System Checkpoint

RP430: 11/5/2011 2:16:41 PM - System Checkpoint

RP431: 11/6/2011 1:19:57 PM - System Checkpoint

RP432: 11/8/2011 2:01:28 PM - System Checkpoint

RP433: 11/9/2011 3:00:24 PM - Software Distribution Service 3.0

RP434: 11/10/2011 7:19:11 PM - System Checkpoint

RP435: 11/10/2011 11:48:25 PM - Software Distribution Service 3.0

RP436: 11/15/2011 4:03:22 PM - Installed Microsoft Fix it 50267

RP437: 11/15/2011 7:16:21 PM - Installed Windows XP KB958752.

RP438: 11/15/2011 9:21:21 PM - Software Distribution Service 3.0

RP439: 11/17/2011 9:04:20 AM - System Checkpoint

RP440: 11/18/2011 12:18:22 PM - System Checkpoint

RP441: 11/19/2011 2:16:14 PM - System Checkpoint

RP442: 11/20/2011 3:43:20 PM - System Checkpoint

RP443: 11/21/2011 3:55:14 PM - System Checkpoint

RP444: 11/22/2011 4:19:06 PM - System Checkpoint

.

==== Installed Programs ======================

.

µTorrent

7-Zip 4.65

AC3Filter (remove only)

Acoustica Effects Pack

Acoustica Mixcraft 5

Adobe Acrobat 6.0 Professional

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

AIM 7

AirPort Extreme Admin Utility

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft ShowBiz 2

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Bitmap Font Writer (remove only)

Bonjour

BootDreams

Camtasia Studio 7

Cheat Engine 6.0

Compatibility Pack for the 2007 Office system

CreativeProjects

Director

DiscJuggler

DivX Setup

Download Updater (AOL LLC)

ESET NOD32 Antivirus

Eye Candy 4000

FLAC 1.2.1b (remove only)

Fraps (remove only)

Fusion's SADX PC Chao Editor

Google Earth

Google Update Helper

GTK+ Runtime 2.14.7 rev a (remove only)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

HP Deskjet Preloaded Printer Drivers

HP Instant Support

HP Photo & Imaging 3.0

HP Photo and Imaging 2.0 - Photosmart Cameras

HP Software Update

HPImageZone

HPIZ Fix2

hpmdtab

HpSdpAppCoreApp

HPSystemDiagnostics

InstantShare

Intel® Extreme Graphics 2 Driver

InterVideo WinDVD Player

iTunes

Japanese Language Support

Java 2 Runtime Environment, SE v1.4.1_02

Java Auto Updater

Java Web Start

Java 6 Update 20

JoypadConnect

Junk Mail filter update

KBD

Korean Language Support

LibUSB-Win32-0.1.10.1

LiveUpdate 1.80 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

ManyCam 2.4 (remove only)

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Learning and Research Plus Support Files

Microsoft Money 2003

Microsoft Money 2003 System Pack

Microsoft Office Live Add-in 1.3

Microsoft Office XP Professional with FrontPage

Microsoft Picture It! Express 7.0

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205

Microsoft Works 7.0

Morrowind

Morrowind Enchanted Editor

Mozilla Firefox 8.0 (x86 en-US)

MSN Internet Software

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

Multimedia Card Reader

NETGEAR WG111v3 wireless USB 2.0 adapter

Nintendo Wi-Fi USB Connector Registration Tool

Opera 11.52

Otto

PhotoGallery

Photosmart 140,240,7200,7600,7700,7900 Series

Pidgin

Pokemon Online 1.0.30

PrintScreen

Privoxy (remove only)

Project64 1.6

Proxy Me!

PS2

PSShortcutsP

Python 2.2 combined Win32 extensions

Python 2.2.1

QFolder

QuickProjects

QuickTime

RadLight 4.0 FINAL

Rainmeter

RecordNow!

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Segoe UI

Shockwave

SkinsHP1

SkinsHP2

Skype™ 5.0

SONIC ADVENTURE DX-Director's Cut

Sonic Foundry 5.1 Surround Plug-In Pack 1.0

Sonic Foundry ACID 4.0b

Sonic Foundry Preset Manager 1.0

Sonic Foundry Sound Forge 6.0

Sonic Update Manager

System Requirements Lab CYRI

TES Construction Set

toolkit

TrayApp

TrueCrypt

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB958752)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Updates from HP

VC80CRTRedist - 8.0.50727.6195

VDownloader 3.6.924

Viewpoint Media Player

Visual J# .NET Redistributable Package

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Connect

Windows Media Format Runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows XP Service Pack 3

WinPcap 4.1.1

Zune Desktop Theme

.

==== Event Viewer Messages From Past Week ========

.

11/22/2011 9:50:47 PM, error: Service Control Manager [7001] - The epfwtdir service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.

11/22/2011 9:50:47 PM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

11/22/2011 9:50:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epfwtdir Tcpip

11/22/2011 9:50:37 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

11/22/2011 9:50:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 9:50:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 9:48:31 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

11/22/2011 10:18:07 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.

11/16/2011 8:45:23 AM, error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).

11/15/2011 9:10:26 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

11/15/2011 5:53:37 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/15/2011 5:53:37 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/15/2011 5:53:00 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

11/15/2011 5:51:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/15/2011 4:18:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm truecrypt

11/15/2011 4:16:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

11/15/2011 4:14:29 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

11/15/2011 4:14:27 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).

11/15/2011 4:13:38 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).

11/15/2011 4:13:38 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).

11/15/2011 4:13:38 PM, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

11/15/2011 4:13:38 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

11/15/2011 3:57:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss Tcpip truecrypt

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:55 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 3:57:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/15/2011 3:57:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/15/2011 2:48:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm ohci1394 truecrypt

11/15/2011 2:26:12 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Folder::
c:\program files\157A5
c:\documents and settings\Justin\Application Data\2C715
c:\documents and settings\Justin\Application Data\xlllONNtxA0cSib
c:\documents and settings\Justin\Application Data\HEEEL8ggTZh
c:\documents and settings\Justin\Application Data\PvvvD22onF4mHs
c:\documents and settings\Justin\Application Data\X77ffRLL9gXqjCk

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

I have the new DDS but Combofixed locked up while creating the log file. As in, I let it sit overnight and it didn't finish.

But anyway, it did do the scan it did inform me that userinit.exe was infected and cleaned it up. Also appeared to have deleted the files you specified in the script.

I don't know if you want me to run it again or what, but in the meantime, here are the other two. Sorry about that...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Run by Justin at 15:30:50 on 2011-11-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.121 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\LTMSG.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

svchost.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [backupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [LTMSG] LTMSG.exe 7

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA3ADMAMQAzADIANQAwAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA"&"prod=90"&"ver=9.0.894

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156431290828

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156432135796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\rco19mrx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]

R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [2003-8-15 7040]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 366152]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-5-12 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22216]

S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-21 54752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev usa\pangya\gameguard\dump_wmimmc.sys --> c:\ntreev usa\pangya\gameguard\dump_wmimmc.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-29 02:47:51 -------- d-----w- C:\ComboFix

2011-11-24 20:21:26 -------- d-----w- C:\OEMSettings

2011-11-23 05:39:49 98816 ----a-w- c:\windows\sed.exe

2011-11-23 05:39:49 518144 ----a-w- c:\windows\SWREG.exe

2011-11-23 05:39:49 256000 ----a-w- c:\windows\PEV.exe

2011-11-23 05:39:49 208896 ----a-w- c:\windows\MBR.exe

2011-11-02 04:44:43 -------- d-----w- c:\documents and settings\justin\application data\TrueCrypt

2011-11-02 04:43:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-11-02 04:43:02 -------- d-----w- c:\program files\TrueCrypt

2011-11-02 03:49:14 -------- d-----w- c:\windows\system32\NtmsData

2011-11-01 01:40:26 -------- d-----w- c:\program files\iPod

2011-11-01 01:40:10 -------- d-----w- c:\program files\iTunes

2011-11-01 01:31:10 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-10-29 18:31:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-06 11:17:00 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchmsxml.dll

2011-10-06 11:16:53 36864 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\gnu.dll

2011-10-06 11:16:44 122880 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\SearchCtrl.dll

2011-10-06 11:16:29 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\FDIWrapper.dll

2011-10-06 11:16:27 69632 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\msxmlwrapper.dll

2011-10-06 11:16:20 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\WinVerifyTrust.dll

2011-10-06 11:16:18 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\util.dll

2011-10-06 11:16:05 49152 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\hwinv.dll

2011-10-06 11:16:02 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\pchmsxml.dll

2011-10-06 11:16:00 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchapi.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ------w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ------w- c:\windows\system32\html.iec

2011-09-02 16:13:45 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

.

============= FINISH: 15:32:21.15 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/22/2006 6:44:34 PM

System Uptime: 11/29/2011 3:20:45 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Yale

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 148 GiB total, 82.99 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 0.906 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139/810x Family Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0

Manufacturer: Realtek

Name: Realtek RTL8139/810x Family Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0

Service: rtl8139

.

==== System Restore Points ===================

.

RP366: 9/1/2011 2:20:59 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter

RP367: 9/2/2011 1:39:08 PM - Installed JoypadConnect

RP368: 9/3/2011 2:45:53 PM - System Checkpoint

RP369: 9/3/2011 11:04:15 PM - Installed Windows Installer KB893803v2.

RP370: 9/3/2011 11:04:32 PM - Installed MSXML 4.0 SP2 Parser and SDK

RP371: 9/3/2011 11:09:25 PM - Unsigned driver install

RP372: 9/3/2011 11:14:42 PM - Update to an unsigned driver

RP373: 9/3/2011 11:41:59 PM - Update to an unsigned driver

RP374: 9/3/2011 11:48:07 PM - Unsigned driver install

RP375: 9/5/2011 2:23:56 PM - System Checkpoint

RP376: 9/6/2011 3:21:52 PM - System Checkpoint

RP377: 9/7/2011 8:47:46 PM - System Checkpoint

RP378: 9/8/2011 9:36:23 PM - System Checkpoint

RP379: 9/9/2011 9:53:10 PM - System Checkpoint

RP380: 9/10/2011 11:09:06 PM - System Checkpoint

RP381: 9/12/2011 6:59:51 PM - System Checkpoint

RP382: 9/13/2011 9:27:50 PM - System Checkpoint

RP383: 9/14/2011 11:17:43 PM - System Checkpoint

RP384: 9/17/2011 3:00:25 PM - System Checkpoint

RP385: 9/19/2011 6:06:49 PM - System Checkpoint

RP386: 9/19/2011 7:30:30 PM - Installed AirPort Extreme Admin Utility

RP387: 9/20/2011 9:31:27 PM - System Checkpoint

RP388: 9/21/2011 10:30:40 PM - System Checkpoint

RP389: 9/23/2011 4:31:15 PM - System Checkpoint

RP390: 9/24/2011 11:26:53 PM - System Checkpoint

RP391: 9/26/2011 4:55:45 PM - System Checkpoint

RP392: 9/27/2011 6:08:48 PM - System Checkpoint

RP393: 9/28/2011 7:22:52 PM - System Checkpoint

RP394: 9/29/2011 7:39:42 PM - System Checkpoint

RP395: 9/30/2011 8:56:10 PM - System Checkpoint

RP396: 10/2/2011 1:52:31 AM - System Checkpoint

RP397: 10/3/2011 7:57:57 AM - System Checkpoint

RP398: 10/5/2011 9:06:55 AM - System Checkpoint

RP399: 10/6/2011 2:55:41 AM - avast! Free Antivirus Setup

RP400: 10/6/2011 3:11:11 AM - Installed ESET NOD32 Antivirus

RP401: 10/6/2011 3:41:08 AM - Software Distribution Service 3.0

RP402: 10/6/2011 3:44:30 AM - Software Distribution Service 3.0

RP403: 10/6/2011 3:00:42 PM - Software Distribution Service 3.0

RP404: 10/6/2011 9:03:46 PM - Software Distribution Service 3.0

RP405: 10/7/2011 10:00:22 PM - System Checkpoint

RP406: 10/8/2011 11:57:31 PM - System Checkpoint

RP407: 10/10/2011 8:18:47 AM - System Checkpoint

RP408: 10/11/2011 3:58:34 PM - System Checkpoint

RP409: 10/12/2011 7:17:21 AM - Software Distribution Service 3.0

RP410: 10/13/2011 3:38:34 PM - System Checkpoint

RP411: 10/14/2011 5:49:38 PM - System Checkpoint

RP412: 10/15/2011 10:09:51 PM - System Checkpoint

RP413: 10/16/2011 3:00:24 PM - Software Distribution Service 3.0

RP414: 10/17/2011 5:51:45 PM - System Checkpoint

RP415: 10/18/2011 5:55:07 PM - System Checkpoint

RP416: 10/19/2011 6:45:31 PM - System Checkpoint

RP417: 10/20/2011 7:51:58 PM - System Checkpoint

RP418: 10/21/2011 8:01:19 PM - System Checkpoint

RP419: 10/22/2011 8:11:02 PM - System Checkpoint

RP420: 10/24/2011 4:35:46 PM - System Checkpoint

RP421: 10/25/2011 5:07:08 PM - System Checkpoint

RP422: 10/26/2011 6:09:42 PM - System Checkpoint

RP423: 10/27/2011 9:57:34 PM - System Checkpoint

RP424: 10/29/2011 1:04:14 AM - System Checkpoint

RP425: 10/30/2011 5:30:12 PM - System Checkpoint

RP426: 10/31/2011 6:34:12 PM - Installed iTunes

RP427: 11/1/2011 7:35:30 PM - System Checkpoint

RP428: 11/1/2011 9:43:17 PM - TrueCrypt installation

RP429: 11/2/2011 11:40:17 PM - System Checkpoint

RP430: 11/5/2011 2:16:41 PM - System Checkpoint

RP431: 11/6/2011 1:19:57 PM - System Checkpoint

RP432: 11/8/2011 2:01:28 PM - System Checkpoint

RP433: 11/9/2011 3:00:24 PM - Software Distribution Service 3.0

RP434: 11/10/2011 7:19:11 PM - System Checkpoint

RP435: 11/10/2011 11:48:25 PM - Software Distribution Service 3.0

RP436: 11/15/2011 4:03:22 PM - Installed Microsoft Fix it 50267

RP437: 11/15/2011 7:16:21 PM - Installed Windows XP KB958752.

RP438: 11/15/2011 9:21:21 PM - Software Distribution Service 3.0

RP439: 11/17/2011 9:04:20 AM - System Checkpoint

RP440: 11/18/2011 12:18:22 PM - System Checkpoint

RP441: 11/19/2011 2:16:14 PM - System Checkpoint

RP442: 11/20/2011 3:43:20 PM - System Checkpoint

RP443: 11/21/2011 3:55:14 PM - System Checkpoint

RP444: 11/22/2011 4:19:06 PM - System Checkpoint

RP445: 11/23/2011 6:20:51 PM - System Checkpoint

RP446: 11/24/2011 12:17:00 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter

RP447: 11/24/2011 12:20:14 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter

RP448: 11/28/2011 6:48:23 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

µTorrent

7-Zip 4.65

AC3Filter (remove only)

Acoustica Effects Pack

Acoustica Mixcraft 5

Adobe Acrobat 6.0 Professional

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

AIM 7

AirPort Extreme Admin Utility

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft ShowBiz 2

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Bitmap Font Writer (remove only)

Bonjour

BootDreams

Camtasia Studio 7

Cheat Engine 6.0

Compatibility Pack for the 2007 Office system

CreativeProjects

Director

DiscJuggler

DivX Setup

Download Updater (AOL LLC)

ESET NOD32 Antivirus

Eye Candy 4000

FLAC 1.2.1b (remove only)

Fraps (remove only)

Fusion's SADX PC Chao Editor

Google Earth

Google Update Helper

GTK+ Runtime 2.14.7 rev a (remove only)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

HP Deskjet Preloaded Printer Drivers

HP Instant Support

HP Photo & Imaging 3.0

HP Photo and Imaging 2.0 - Photosmart Cameras

HP Software Update

HPImageZone

HPIZ Fix2

hpmdtab

HpSdpAppCoreApp

HPSystemDiagnostics

InstantShare

Intel® Extreme Graphics 2 Driver

InterVideo WinDVD Player

iTunes

Japanese Language Support

Java 2 Runtime Environment, SE v1.4.1_02

Java Auto Updater

Java Web Start

Java 6 Update 20

JoypadConnect

Junk Mail filter update

KBD

Korean Language Support

LibUSB-Win32-0.1.10.1

LiveUpdate 1.80 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

ManyCam 2.4 (remove only)

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Learning and Research Plus Support Files

Microsoft Money 2003

Microsoft Money 2003 System Pack

Microsoft Office Live Add-in 1.3

Microsoft Office XP Professional with FrontPage

Microsoft Picture It! Express 7.0

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205

Microsoft Works 7.0

Morrowind

Morrowind Enchanted Editor

Mozilla Firefox 8.0 (x86 en-US)

MSN Internet Software

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

Multimedia Card Reader

NETGEAR WG111v3 wireless USB 2.0 adapter

Nintendo Wi-Fi USB Connector Registration Tool

Opera 11.52

Otto

PhotoGallery

Photosmart 140,240,7200,7600,7700,7900 Series

Pidgin

Pokemon Online 1.0.30

PrintScreen

Privoxy (remove only)

Project64 1.6

Proxy Me!

PS2

PSShortcutsP

Python 2.2 combined Win32 extensions

Python 2.2.1

QFolder

QuickProjects

QuickTime

RadLight 4.0 FINAL

Rainmeter

RecordNow!

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Segoe UI

Shockwave

SkinsHP1

SkinsHP2

Skype™ 5.0

SONIC ADVENTURE DX-Director's Cut

Sonic Foundry 5.1 Surround Plug-In Pack 1.0

Sonic Foundry ACID 4.0b

Sonic Foundry Preset Manager 1.0

Sonic Foundry Sound Forge 6.0

Sonic Update Manager

System Requirements Lab CYRI

TES Construction Set

toolkit

TrayApp

TrueCrypt

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB958752)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Updates from HP

VC80CRTRedist - 8.0.50727.6195

VDownloader 3.6.924

Viewpoint Media Player

Visual J# .NET Redistributable Package

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Connect

Windows Media Format Runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows XP Service Pack 3

WinPcap 4.1.1

Zune Desktop Theme

.

==== Event Viewer Messages From Past Week ========

.

11/26/2011 1:10:26 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.

11/26/2011 1:10:26 PM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

11/26/2011 1:10:23 PM, error: Service Control Manager [7001] - The epfwtdir service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.

11/26/2011 1:10:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epfwtdir Tcpip

11/26/2011 1:10:07 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

11/26/2011 1:10:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/26/2011 1:10:07 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/26/2011 1:10:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/26/2011 1:10:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/26/2011 1:10:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/26/2011 1:10:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/26/2011 1:10:07 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/26/2011 1:08:03 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

11/24/2011 12:21:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.

11/22/2011 9:25:23 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/22/2011 9:15:35 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

.

==== End Of File ===========================

Link to post
Share on other sites

ComboFix 11-12-06.02 - Justin 12/07/2011 19:52:50.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.142 [GMT -8:00]

Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Justin\Application Data\2C715\57A5.C71

c:\windows\dasetup.log

c:\windows\help\wmplayer.bak

.

-- Previous Run --

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

--------

.

.

((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))

.

.

2011-11-24 20:21 . 2011-11-24 20:21 -------- d-----w- C:\OEMSettings

2011-11-13 22:29 . 2011-11-13 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-02 04:43 . 2011-11-02 04:43 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-10-29 18:31 . 2011-05-19 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2004-10-24 22:40 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-06 11:17 . 2011-10-06 11:17 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchmsxml.dll

2011-10-06 11:16 . 2011-10-06 11:16 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\gnu.dll

2011-10-06 11:16 . 2011-10-06 11:16 122880 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\SearchCtrl.dll

2011-10-06 11:16 . 2011-10-06 11:16 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\FDIWrapper.dll

2011-10-06 11:16 . 2011-10-06 11:16 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\msxmlwrapper.dll

2011-10-06 11:16 . 2011-10-06 11:16 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\WinVerifyTrust.dll

2011-10-06 11:16 . 2011-10-06 11:16 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\util.dll

2011-10-06 11:16 . 2011-10-06 11:16 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\hwinv.dll

2011-10-06 11:16 . 2011-10-06 11:16 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchmsxml.dll

2011-10-06 11:16 . 2011-10-06 11:16 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchapi.dll

2011-10-06 11:15 . 2011-10-06 11:15 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\ZipLib.dll

2011-10-06 11:15 . 2011-10-06 11:15 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\asst_ui.dll

2011-10-06 11:15 . 2011-10-06 11:15 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\motivede.dll

2011-10-06 11:15 . 2011-10-06 11:15 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\msxmlwrapper.dll

2011-10-06 11:15 . 2011-10-06 11:15 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\GUI.dll

2011-10-06 11:15 . 2011-10-06 11:15 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PluginCtrl.dll

2011-10-06 11:15 . 2011-10-06 11:15 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchealthplugin.dll

2011-10-06 11:15 . 2011-10-06 11:15 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\clientutil52.dll

2011-10-06 11:15 . 2011-10-06 11:15 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\client_motkt.dll

2011-10-06 11:15 . 2011-10-06 11:15 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHI18N.dll

2011-10-06 11:15 . 2011-10-06 11:15 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchealthde.exe

2011-10-06 11:15 . 2011-10-06 11:15 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchnotify.exe

2011-10-06 11:15 . 2011-10-06 11:15 135168 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\ContentUpdater.exe

2011-10-06 11:15 . 2011-10-06 11:15 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\INV16.dll

2011-10-06 11:15 . 2011-10-06 11:15 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pcdapi.dll

2011-10-06 11:15 . 2011-10-06 11:15 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\winverifytrustwrapper.dll

2011-10-06 11:15 . 2011-10-06 11:15 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\api.dll

2011-10-06 11:15 . 2011-10-06 11:15 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\jsharpinterp.dll

2011-10-06 11:15 . 2011-10-06 11:15 155648 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHButton.exe

2011-09-28 07:06 . 2004-10-24 22:39 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2004-10-24 22:41 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2004-10-24 22:41 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2010-01-26 18:11 . 2011-09-18 21:22 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2011-11-10 23:32 . 2011-10-06 10:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]

"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-20 335872]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAA3ADMAMQAzADIANQAwAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA∏=90&ver=9.0.894" [?]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-22 113664]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]

Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2010-9-7 1175552]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Privoxy\\privoxy.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2011 12:42 PM 436792]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 8:20 AM 118104]

R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [8/15/2003 8:20 PM 7040]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 12:13 PM 38144]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 11:03 AM 974944]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/14/2011 6:29 PM 366152]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 6:09 PM 50704]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/12/2010 1:11 PM 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 2:06 AM 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/14/2011 6:29 PM 22216]

S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 8:20 AM 103112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 1:09 PM 136176]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys --> c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 1:09 PM 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 2:12 PM 341504]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 21:09]

.

2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 21:09]

.

2006-09-16 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-16 23:04]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\rco19mrx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-07 20:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3488836725-3771021564-3911274412-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\m0S0K0“0[*+s]*×*f0d0O0Z0J0M0p0 ÿ]

@Class="Shell"

"a"="c:\\Documents and Settings\\Justin\\My Documents\\My Videos\\?Sylpheed?(Team.????[?]×???????)"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3488836725-3771021564-3911274412-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m0S0K0“0[*+s]*×*f0d0O0Z0J0M0p0 ÿ]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3488836725-3771021564-3911274412-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m0S0K0“0[*+s]*×*f0d0O0Z0J0M0p0 ÿ\OpenWithList]

@Class="Shell"

"a"="VDownloader.exe"

"MRUList"="a"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(484)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-12-07 20:12:07

ComboFix-quarantined-files.txt 2011-12-08 04:11

ComboFix2.txt 2011-11-23 06:23

.

Pre-Run: 110,101,442,560 bytes free

Post-Run: 110,083,682,304 bytes free

.

- - End Of File - - 513C75E109EB64F5E102D213C5D38361

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

I can't run the online scanner because the program for my netgear wireless adapter crashes as soon as it's plugged in(i.e I have no internet access). This started happening after the infection so maybe it's correlated with it or some other system file is broken, I don't know. Tried re-installing and calling customer support but neither worked. Any suggestions on that?

Anyway though, I did run security check from a flash drive so here's the log for that.

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

ESET NOD32 Antivirus

Sonic Foundry Preset Manager 1.0

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java Web Start

Java 6 Update 20

Java 2 Runtime Environment, SE v1.4.1_02

Java version out of date!

Adobe Flash Player 11.0.1.152

Adobe Reader X (10.1.1)

Mozilla Firefox (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.