Solved Antimalware & Bamatal-AC

Status
Not open for further replies.
C

CMHan15

Posts: 22   +0
Hello there! And first and foremost, thanks in advance. I have been battling this virus, and can't defeat it. I need your help... so again, thanks!

Symptoms: Some redirects in IE (don't seem to have any in Chrome), won't connect to Network right away until Avast blocks CCMExec.exe/explorer.exe/winlogon.exe... but eventually does, and just overall deathly slowness. Programs take forever to open, mouse ticks sometimes... I'm even getting some random restarts, etc. It's brutal.
 
I am following the 8 steps and will post them below. Again, thank you!

1) I am running Avast. It finds several infected Windows files, but can not repair them.
2) TFC. This opens, I click start and it immediately restarts. Not sure if it completes or not, but this happens every time I try it.
3) MalwareBytes. Here is the report:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4747

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/5/2010 10:50:07 AM
mbam-log-2010-10-05 (10-50-07).txt

Scan type: Quick scan
Objects scanned: 142761
Time elapsed: 1 hour(s), 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4) Gmer. I think it ran. It ran for a long time but then the CPU just restarted. I tried to run it again, and within 5 seconds the computer restarted. Not sure what's going on.
 
5) DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by chanson at 12:39:05.02 on Tue 10/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1435 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chanson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://p5i/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\chanson\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229626209516
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cdcsoftware.webex.com/client/T26L/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
 
============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-4 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-4 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-4 40384]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
S0 nvsatf;nvsatf; [x]
S2 MA;TriActive MicroAgent;"c:\program files\triactive\microagent\bin\ma.exe" --> c:\program files\triactive\microagent\bin\ma.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-4 40384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-27 14424]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\plcndis5.sys --> c:\windows\system32\PLCNDIS5.SYS [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

============== File Associations ===============

.txt=
 
=============== Created Last 30 ================

2010-10-05 12:14:12 0 d-sha-r- C:\cmdcons
2010-10-05 12:10:36 98816 ----a-w- c:\windows\sed.exe
2010-10-05 12:10:36 77312 ----a-w- c:\windows\MBR.exe
2010-10-05 12:10:36 256512 ----a-w- c:\windows\PEV.exe
2010-10-05 12:10:36 161792 ----a-w- c:\windows\SWREG.exe
2010-10-04 16:56:19 38848 ----a-w- c:\windows\avastSS.scr
2010-10-04 16:54:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-04 07:16:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-02 18:12:50 0 d-----w- c:\docume~1\chanson\applic~1\Azureus
2010-10-02 15:11:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-02 15:11:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-02 01:32:40 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-10-02 01:32:34 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-02 01:32:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-10-02 01:32:27 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-10-02 01:32:20 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-10-02 01:30:58 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-10-02 01:30:52 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-10-02 01:30:49 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-10-02 01:30:34 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-10-02 01:30:32 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-10-02 01:30:30 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-10-02 01:28:27 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-10-02 01:28:21 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-10-02 01:28:00 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-10-02 01:26:54 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-10-02 01:26:48 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2010-10-02 01:26:39 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-10-02 01:26:31 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-10-02 01:26:24 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-10-02 01:26:18 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-10-02 01:26:11 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-10-02 01:26:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-10-02 01:26:04 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-10-02 01:25:56 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-10-02 01:25:50 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-10-02 01:25:44 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-10-02 01:25:38 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-10-02 01:25:32 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-10-02 01:25:26 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-10-02 01:25:21 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-10-02 01:25:15 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-10-02 01:25:10 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-02 01:25:08 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-10-02 01:25:04 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-10-02 01:24:54 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-10-02 01:24:49 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-10-02 01:24:44 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-10-02 01:24:38 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-10-02 01:24:33 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-10-02 01:24:28 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-10-02 01:24:23 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-10-02 01:24:17 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-10-02 01:24:11 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-10-02 01:24:06 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-10-02 01:24:01 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-10-02 01:23:52 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-10-02 01:23:42 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-10-02 01:23:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2010-10-02 01:23:31 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-10-02 01:23:26 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2010-10-02 01:23:20 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-10-02 01:23:15 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-10-02 01:23:08 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2010-10-02 01:23:03 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2010-10-02 01:23:02 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-10-02 01:22:56 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-10-02 01:22:38 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-10-02 01:22:33 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-10-02 01:22:27 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-10-02 01:22:21 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-10-02 01:22:13 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-10-02 01:22:02 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-10-02 01:21:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-10-02 01:21:54 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-10-02 01:21:47 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-10-02 01:21:42 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-10-02 01:21:33 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-10-02 01:21:25 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-10-02 01:21:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-10-02 01:21:14 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-10-02 01:21:03 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-10-02 01:19:56 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2010-10-02 01:19:50 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-10-02 01:19:40 48736 -c--a-w-
 
c:\windows\system32\dllcache\srwlnd5.sys
2010-10-02 01:19:34 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-10-02 01:19:24 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-10-02 01:19:15 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-10-02 01:19:10 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-10-02 01:19:05 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-10-02 01:18:59 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-10-02 01:18:54 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-10-02 01:18:49 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-10-02 01:18:45 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-10-02 01:18:43 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-10-02 01:18:37 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-10-02 01:18:25 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-10-02 01:18:20 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-10-02 01:18:15 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-10-02 01:18:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-10-02 01:18:05 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-10-02 01:18:01 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-10-02 01:16:57 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-10-02 01:16:52 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-10-02 01:16:47 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-10-02 01:16:42 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-10-02 01:16:37 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-10-02 01:15:48 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-10-02 01:15:43 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-10-02 01:15:39 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-10-02 01:15:34 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-10-02 01:15:29 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-10-02 01:15:15 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-10-02 01:15:08 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-10-02 01:15:06 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-10-02 01:15:02 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2010-10-02 01:14:56 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2010-10-02 01:14:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-10-02 01:14:45 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-10-02 01:14:40 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-10-02 01:14:37 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-10-02 01:14:32 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2010-10-02 01:14:20 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-10-02 01:14:15 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-10-02 01:14:10 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-10-02 01:14:06 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2010-10-02 01:14:01 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2010-10-02 01:12:53 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-10-02 01:12:47 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-10-02 01:12:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2010-10-02 01:12:35 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-10-02 01:12:28 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-10-02 01:12:14 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-10-02 01:12:06 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-10-02 01:12:01 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-10-02 01:11:55 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-10-02 01:11:50 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-10-02 01:11:35 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-10-02 01:11:30 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-10-02 01:11:26 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-10-02 01:11:21 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-10-02 01:11:16 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2010-10-02 01:11:15 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2010-10-02 01:11:07 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-10-02 01:11:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-10-02 01:09:57 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2010-10-02 01:08:58 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-10-02 01:08:56 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2010-10-02 01:08:51 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2010-10-02 01:08:40 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-10-02 01:08:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-10-02 01:08:30 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-10-02 01:08:21 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-10-02 01:08:16 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-10-02 01:08:09 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-10-02 01:08:04 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2010-10-02 01:07:58 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2010-10-02 01:07:53 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2010-10-02 01:07:47 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-10-02 01:07:40 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-10-02 01:07:35 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-02 01:07:29 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2010-10-02 01:07:24 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-10-02 01:07:18 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-10-02 01:06:53 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-10-02 01:06:48 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-10-02 01:06:22 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-10-02 01:06:13 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-10-02 01:06:09 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-10-02 01:06:08 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-10-02 01:05:58 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-10-02 01:05:53 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-10-02 01:05:33 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-10-02 01:05:32 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-10-02 01:05:20 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2010-10-02 01:05:15 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-10-02 01:05:10 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-10-02 01:05:06 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2010-10-02 01:05:04 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-10-02 01:05:01 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-10-02 01:03:59 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-10-02 01:03:32 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-10-02 01:03:31 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-10-02 01:03:22 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-10-02 01:03:03 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-10-02 01:03:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-10-02 01:02:08 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-10-02 01:02:03 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-10-02 01:02:03 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-10-02 01:02:02 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-10-02 01:01:47 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-10-02 01:01:35 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-10-02 01:01:18 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-10-02 01:01:04 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-10-02 01:00:55 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-10-02 01:00:51 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-10-02 01:00:49 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-10-02 01:00:45 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-10-02 01:00:40 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-10-02 01:00:35 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-10-02 01:00:27 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2010-10-02 01:00:21 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-10-02 01:00:17 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-10-02 01:00:12 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-10-02 01:00:08 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2010-10-02 01:00:07 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-10-02 00:58:53 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-10-02 00:58:52 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2010-10-02 00:58:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-10-02 00:58:32 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-10-02 00:58:17 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-10-02 00:58:14 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-10-02 00:58:10 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-10-02 00:58:06 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-10-02 00:56:25 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-10-02 00:56:21 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-10-02 00:56:18 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-10-02 00:56:14 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2010-10-02 00:56:10 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-10-02 00:56:07 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2010-10-02 00:56:03 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2010-10-02 00:52:32 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-10-02 00:52:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-10-02 00:52:25 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2010-10-02 00:52:21 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2010-10-02 00:52:18 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2010-10-02 00:52:14 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-10-02 00:52:10 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-10-02 00:52:07 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-10-02 00:52:03 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2010-10-02 00:52:00 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-10-02 00:50:58 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2010-10-02 00:49:51 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-10-02 00:49:48 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-10-02 00:49:45 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2010-10-02 00:49:41 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-10-02 00:49:38 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-10-02 00:49:36 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-10-02 00:49:32 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2010-10-02 00:49:17 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-10-02 00:49:14 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-10-02 00:49:11 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-10-02 00:49:03 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-10-02 00:49:00 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-10-02 00:48:57 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-10-02 00:48:55 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-10-02 00:48:52 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-10-02 00:48:48 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-10-02 00:48:39 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-10-02 00:48:34 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-10-02 00:48:30 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-10-02 00:48:26 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-10-02 00:48:22 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-10-02 00:48:10 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-10-02 00:48:05 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2010-10-02 00:46:59 283904 -c--a-w- c:\windows\system32\dllcache\emu10k1m.sys
2010-10-02 00:45:58 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-10-02 00:45:55 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2010-10-02 00:45:39 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-10-02 00:45:35 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-10-02 00:45:23 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2010-10-02 00:45:13 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2010-10-02 00:45:10 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-10-02 00:45:09 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-10-02 00:45:06 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-10-02 00:45:06 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-10-02 00:43:58 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
2010-10-02 00:42:48 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2010-10-02 00:41:56 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
2010-10-02 00:41:47 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2010-10-02 00:41:45 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2010-10-02 00:41:43 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2010-10-02 00:41:41 60970 -c--a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
2010-10-02 00:41:39 21533 -c--a-w- c:\windows\system32\dllcache\cpqndis5.sys
2010-10-02 00:41:38 14976 -c--a-w-
 
c:\windows\system32\dllcache\cpqarray.sys
2010-10-02 00:41:18 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-10-02 00:41:16 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2010-10-02 00:41:08 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2010-10-02 00:41:06 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2010-10-02 00:41:02 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-10-02 00:41:01 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2010-10-02 00:39:58 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2010-10-01 23:58:29 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-01 23:58:09 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2010-10-01 23:58:08 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2010-10-01 23:58:07 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2010-10-01 23:58:06 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2010-10-01 23:58:05 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2010-10-01 23:58:04 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2010-10-01 23:58:02 39552 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2010-10-01 23:58:01 3168 -c--a-w- c:\windows\system32\dllcache\brparimg.sys
2010-10-01 23:57:45 41472 -c--a-w- c:\windows\system32\dllcache\brmfusb.dll
2010-10-01 23:57:30 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2010-10-01 23:57:27 29696 -c--a-w- c:\windows\system32\dllcache\brmflpt.dll
2010-10-01 23:57:26 81408 -c--a-w- c:\windows\system32\dllcache\brmfcwia.dll
2010-10-01 23:57:25 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
2010-10-01 23:57:22 3968 -c--a-w- c:\windows\system32\dllcache\brfiltup.sys
2010-10-01 23:57:21 12160 -c--a-w- c:\windows\system32\dllcache\brfiltlo.sys
2010-10-01 23:56:26 2944 -c--a-w- c:\windows\system32\dllcache\brfilt.sys
2010-10-01 23:56:23 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
2010-10-01 23:56:22 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-10-01 23:56:21 19456 -c--a-w- c:\windows\system32\dllcache\brbidiif.dll
2010-10-01 23:54:59 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys
2010-10-01 23:53:59 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-10-01 23:53:58 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-10-01 23:53:57 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2010-10-01 23:53:56 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-10-01 23:53:55 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-10-01 23:53:26 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-10-01 23:46:08 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-01 00:16:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 00:16:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 00:16:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-05-26 12:21:25 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-05-26 12:21:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-05-26 12:21:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010052620100527\index.dat
2010-05-26 12:21:25 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat
2009-03-18 14:59:38 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 12:39:24.60 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2008 5:12:25 PM
System Uptime: 10/5/2010 12:22:12 PM (0 hours ago)

Motherboard: Dell Inc. | | 0HU754
Processor: Intel(R) Core(TM)2 CPU U7600 @ 1.20GHz | Microprocessor | 1197/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 9.164 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
 
==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


µTorrent
Advanced SystemCare 3
avast! Free Antivirus
CDC Software Manager NA12TO1PRODEP01
CDC Software Smart Client Shortcut Handler
Cisco AnyConnect VPN Client
Conexant HDA D330 MDC V.92 Modem
Configuration Manager Client
Critical Update for Windows Media Player 11 (KB959772)
Dell Touchpad
DocProc
DocProcQFolder
Google Calendar Sync
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP_Network_UserGuide
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.1_07
Java Auto Updater
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myPassword GINA
OCR Software by I.R.I.S. 10.0
Office Integration Per-User Installer
PeerBlock 1.0.0 (r181)
Pivotal CRM 6.0 Prerequisites(v6.0.0400)
Pivotal Per-User Client COM Components 6.0
PowerDVD
RDC
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Sonic Activation Module
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.0.1
WebEx
WebFldrs XP
WebSlingPlayer ActiveX
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
 
==== Event Viewer Messages From Past Week ========

9/30/2010 9:27:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/30/2010 8:21:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
9/30/2010 8:21:19 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2010 8:21:01 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/30/2010 7:40:38 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/30/2010 7:00:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/30/2010 5:16:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/30/2010 5:07:11 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
9/30/2010 2:08:55 PM, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&200550d&0&LPT1) disappeared from the system without first being prepared for removal.
9/30/2010 2:08:55 PM, error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPI\PNP0401\4&25e2ff18&0) disappeared from the system without first being prepared for removal.
9/30/2010 2:08:55 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\4&25e2ff18&0) disappeared from the system without first being prepared for removal.
9/30/2010 2:08:34 PM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
9/30/2010 2:08:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/29/2010 5:17:11 PM, error: Dhcp [1002] - The IP address lease 10.42.119.61 for the Network Card with network address 001C266655E4 has been denied by the DHCP server 172.18.193.14 (The DHCP Server sent a DHCPNACK message).
9/29/2010 1:06:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/28/2010 9:37:59 AM, error: Dhcp [1002] - The IP address lease 172.16.1.104 for the Network Card with network address 001C266655E4 has been denied by the DHCP server 10.42.64.2 (The DHCP Server sent a DHCPNACK message).
9/28/2010 8:09:59 PM, error: Dhcp [1002] - The IP address lease 10.42.112.34 for the Network Card with network address 001C266655E4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/28/2010 2:10:47 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001C266655E4. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/5/2010 9:21:00 AM, error: Service Control Manager [7034] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s).
10/5/2010 9:21:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cisco AnyConnect VPN Agent service to connect.
10/5/2010 9:21:00 AM, error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2010 9:20:46 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
10/5/2010 9:20:46 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/5/2010 8:17:50 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
10/5/2010 8:17:50 AM, error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The system cannot find the path specified.
10/5/2010 7:34:53 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/5/2010 12:27:06 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
10/4/2010 7:46:01 PM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service.
10/4/2010 7:14:42 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
10/4/2010 7:13:49 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauclt1.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.4.3790.5512.
10/4/2010 7:11:58 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/4/2010 12:53:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
10/4/2010 12:53:27 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2010 11:21:59 AM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/3/2010 7:35:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/3/2010 12:49:46 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/2/2010 9:03:31 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/2/2010 9:00:48 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
10/2/2010 9:00:48 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
10/2/2010 9:00:48 PM, error: Service Control Manager [7000] - The TriActive MicroAgent service failed to start due to the following error: The system cannot find the path specified.
10/2/2010 9:00:48 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/2/2010 9:00:32 PM, error: NETLOGON [5719] - No Domain Controller is available for domain SWG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/1/2010 9:54:04 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\mrinfo.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
10/1/2010 8:32:44 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
10/1/2010 8:14:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SMS Agent Host service to connect.
10/1/2010 8:14:26 AM, error: Service Control Manager [7000] - The SMS Agent Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2010 7:51:18 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
10/1/2010 7:48:27 PM, information: Windows File Protection [64021] - The system file c:\windows\explorer.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
10/1/2010 7:48:19 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\explorer.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
10/1/2010 7:33:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free WatchDog service to connect.
10/1/2010 7:33:01 AM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2010 7:29:58 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\winlogon.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
10/1/2010 7:29:51 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\winlogon.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
10/1/2010 7:20:44 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
10/1/2010 7:09:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
10/1/2010 7:09:15 AM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2010 7:05:54 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/1/2010 7:05:45 PM, error: Service Control Manager [7024] - The AVG Free WatchDog service terminated with service-specific error 3221684350 (0xC007007E).
10/1/2010 7:00:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/1/2010 6:52:27 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/1/2010 6:51:49 PM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

==== End Of File ===========================


**** I believe Microsoft, Jave and Adobe are all up to date.

THANKS AGAIN!
 
Attached files
 

Attachments

  • Attach.txt
    24.9 KB · Views: 0
  • DDS.txt
    32.3 KB · Views: 0
  • gmer.log
    2 KB · Views: 1
  • mbam-log-2010-10-05 (10-50-07).txt
    907 bytes · Views: 0
One last thing, I did use Combofix. A friend sent it to me and said to use it, so I did. I know I wasn't supposed to, but that's what I get for listening to him before doing my own research!

Thanks again, and let me know if there is anything else I can provide. I truly appreciate it, thanks.
 
Ha! Thanks, here it is:


ComboFix 10-10-04.02 - chanson 10/05/2010 8:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1589 [GMT -5:00]
Running from: c:\documents and settings\chanson\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-04 16:58 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-04 16:58 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-04 16:58 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-04 16:57 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-04 16:57 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-04 16:57 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-04 16:57 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-04 16:56 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-04 16:56 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\program files\Alwil Software
2010-10-04 07:16 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-02 18:13 . 2010-10-02 18:13 310208 ----a-w- c:\documents and settings\chanson\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-10-02 18:12 . 2010-10-03 01:53 -------- d-----w- c:\documents and settings\chanson\Application Data\Azureus
2010-10-02 15:13 . 2010-10-02 15:13 503808 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcp71.dll
2010-10-02 15:13 . 2010-10-02 15:13 499712 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\jmc.dll
2010-10-02 15:13 . 2010-10-02 15:13 348160 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcr71.dll
2010-10-02 15:13 . 2010-10-02 15:13 61440 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-sse.dll
2010-10-02 15:13 . 2010-10-02 15:13 12800 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-d3d.dll
2010-10-02 15:12 . 2010-10-02 15:12 -------- d-----w- c:\program files\Common Files\Java
2010-10-02 15:11 . 2010-10-02 15:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-02 01:32 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-10-02 01:32 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-02 01:32 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-10-02 01:32 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-10-02 01:32 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-10-02 01:30 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-10-02 01:30 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-10-02 01:30 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-10-02 01:30 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-10-02 01:30 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-10-02 01:30 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-10-02 01:28 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-10-02 01:28 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-10-02 01:28 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-10-02 01:26 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-10-02 01:26 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2010-10-02 01:26 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-10-02 01:26 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-10-02 01:26 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-10-02 01:26 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-10-02 01:26 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-10-02 01:26 . 2008-04-13 17:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-10-02 01:26 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-10-02 01:25 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-10-02 01:25 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-10-02 01:25 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-10-02 01:25 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-10-02 01:25 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-10-02 01:25 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-10-02 01:25 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-10-02 01:25 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-10-02 01:25 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-02 01:25 . 2008-04-13 17:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-10-02 01:25 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-10-02 01:24 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-10-02 01:24 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-10-02 01:24 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-10-02 01:24 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-10-02 01:24 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-10-02 01:24 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-10-02 01:24 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-10-02 01:24 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-10-02 01:24 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-10-02 01:24 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-10-02 01:24 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-10-02 01:23 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-10-02 01:23 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-10-02 01:23 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2010-10-02 01:23 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-10-02 01:23 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2010-10-02 01:23 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-10-02 01:23 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-10-02 01:23 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2010-10-02 01:23 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2010-10-02 01:23 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-10-02 01:22 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-10-02 01:22 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-10-02 01:22 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-10-02 01:22 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-10-02 01:22 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-10-02 01:22 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-10-02 01:22 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-10-02 01:21 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-10-02 01:21 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-10-02 01:21 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-10-02 01:21 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-10-02 01:21 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-10-02 01:21 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-10-02 01:21 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-10-02 01:21 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-10-02 01:21 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-10-02 01:19 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2010-10-02 01:19 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-10-02 01:19 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-10-02 01:19 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-10-02 01:19 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-10-02 01:19 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-10-02 01:19 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-10-02 01:19 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-10-02 01:18 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-10-02 01:18 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-10-02 01:18 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-10-02 01:18 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-10-02 01:18 . 2008-04-13 17:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-10-02 01:18 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-10-02 01:18 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-10-02 01:18 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-10-02 01:18 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-10-02 01:18 . 2001-08-17 17:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-10-02 01:18 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-10-02 01:18 . 2001-08-17 18:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-10-02 01:16 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-10-02 01:16 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-10-02 01:16 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-10-02 01:16 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-10-02 01:16 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-10-02 01:15 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-10-02 01:15 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-10-02 01:15 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-10-02 01:15 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-10-02 01:15 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-10-02 01:15 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-10-02 01:15 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-10-02 01:15 . 2008-04-13 17:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 13:36 . 2008-11-06 16:09 -------- d-----w- c:\documents and settings\chanson\Application Data\U3
2010-10-05 00:59 . 2008-11-11 02:22 -------- d-----w- c:\documents and settings\chanson\Application Data\uTorrent
2010-10-04 22:51 . 2008-11-06 16:15 -------- d-----w- c:\program files\Trillian
2010-10-04 21:59 . 2008-11-06 19:39 -------- d-----w- c:\documents and settings\chanson\Application Data\Webex
2010-10-04 18:44 . 2010-05-27 21:33 -------- d-----w- c:\program files\PeerBlock
2010-10-02 02:46 . 2009-09-10 02:22 -------- d-----w- c:\program files\uTorrent
2010-10-02 00:11 . 2009-11-03 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-10-01 18:42 . 2010-04-26 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-27 16:09 . 2009-09-10 00:15 -------- d-----w- c:\documents and settings\chanson\Application Data\vlc
2010-09-23 20:48 . 2010-06-24 17:09 649304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-28 12:41 . 2008-11-05 22:44 -------- d-----w- c:\program files\Citrix
2010-08-28 12:41 . 2010-08-12 21:53 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-12 12:55 . 2008-11-05 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-18 14:59 . 2009-03-04 15:58 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 507904 . . [------] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 21:26 303104 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27721:TCP"= 27721:TCP:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2010 11:58 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2010 11:58 AM 17744]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
S0 nvsatf;nvsatf; [x]
S2 MA;TriActive MicroAgent;"c:\program files\TriActive\MicroAgent\bin\ma.exe" --> c:\program files\TriActive\MicroAgent\bin\ma.exe [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/27/2010 4:33 PM 14424]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-04 19:11]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489Core.job
- c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489UA.job
- c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]
.
 
.
------- Supplementary Scan -------
.
uStart Page = hxxp://p5i/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
.
.
------- File Associations -------
.
.txt=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
"MtuAdjustment"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL
.
Completion time: 2010-10-05 08:54:47
ComboFix-quarantined-files.txt 2010-10-05 13:54
ComboFix2.txt 2010-10-05 12:49

Pre-Run: 9,822,998,528 bytes free
Post-Run: 9,806,729,216 bytes free

- - End Of File - - B0D92A0C8E5E0AD722D9E611467F24EB
 
ComboFix 10-10-04.02 - chanson 10/05/2010 7:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1437 [GMT -5:00]
Running from: c:\documents and settings\chanson\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\chanson\g2mdlhlpx.exe
C:\Install.exe

----- BITS: Possible infected sites -----

hxxp://NASCCM01.SWG.CDC.ROOT:80
hxxp://nawsus01.swg.cdc.root
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-02 18:13 . 2010-10-02 18:13 310208 ----a-w- c:\documents and settings\chanson\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-10-02 18:12 . 2010-10-03 01:53 -------- d-----w- c:\documents and settings\chanson\Application Data\Azureus
2010-10-02 15:13 . 2010-10-02 15:13 503808 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcp71.dll
2010-10-02 15:13 . 2010-10-02 15:13 499712 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\jmc.dll
2010-10-02 15:13 . 2010-10-02 15:13 348160 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcr71.dll
2010-10-02 15:13 . 2010-10-02 15:13 61440 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-sse.dll
2010-10-02 15:13 . 2010-10-02 15:13 12800 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-d3d.dll
2010-09-23 14:47 . 2010-09-23 14:47 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 14:47 . 2010-09-23 14:47 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 14:47 . 2010-09-23 14:47 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 14:47 . 2010-09-23 14:47 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 14:47 . 2010-09-23 14:47 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 14:47 . 2010-09-23 14:47 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 14:47 . 2010-09-23 14:47 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 14:47 . 2010-09-23 14:47 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 14:45 . 2010-09-23 14:45 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 01:29 . 2008-11-06 16:09 -------- d-----w- c:\documents and settings\chanson\Application Data\U3
2010-10-05 00:59 . 2008-11-11 02:22 -------- d-----w- c:\documents and settings\chanson\Application Data\uTorrent
2010-10-04 22:51 . 2008-11-06 16:15 -------- d-----w- c:\program files\Trillian
2010-10-04 21:59 . 2008-11-06 19:39 -------- d-----w- c:\documents and settings\chanson\Application Data\Webex
2010-10-04 18:44 . 2010-05-27 21:33 -------- d-----w- c:\program files\PeerBlock
2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\program files\Alwil Software
2010-10-02 15:12 . 2010-10-02 15:12 -------- d-----w- c:\program files\Common Files\Java
2010-10-02 15:09 . 2010-10-02 15:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-02 02:46 . 2009-09-10 02:22 -------- d-----w- c:\program files\uTorrent
2010-10-02 00:11 . 2009-11-03 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-10-01 18:42 . 2010-04-26 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-01 00:16 . 2010-10-01 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 16:09 . 2009-09-10 00:15 -------- d-----w- c:\documents and settings\chanson\Application Data\vlc
2010-09-23 20:48 . 2010-06-24 17:09 649304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-07 15:12 . 2010-10-04 16:56 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-04 16:56 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-04 16:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-04 16:58 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-04 16:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-04 16:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-10-04 16:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-10-04 16:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-10-04 16:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-28 12:41 . 2008-11-05 22:44 -------- d-----w- c:\program files\Citrix
2010-08-28 12:41 . 2010-08-12 21:53 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-12 12:55 . 2008-11-05 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-18 14:59 . 2009-03-04 15:58 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 507904 . . [------] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 21:26 303104 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27721:TCP"= 27721:TCP:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2010 11:58 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2010 11:58 AM 17744]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
S0 nvsatf;nvsatf; [x]
S2 MA;TriActive MicroAgent;"c:\program files\TriActive\MicroAgent\bin\ma.exe" --> c:\program files\TriActive\MicroAgent\bin\ma.exe [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/27/2010 4:33 PM 14424]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-04 19:11]

2010-10-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-10-04 16:08]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489Core.job
- c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489UA.job
- c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://p5i/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
.
.
------- File Associations -------
.
.txt=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
"MtuAdjustment"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-10-05 07:49:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-05 12:49

Pre-Run: 7,314,370,560 bytes free
Post-Run: 7,420,125,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6FFC10B11E2EE1B33F857B90376EC3D6
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\documents and settings\All Users\Application Data\avg9

FCopy::
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe

Driver::
nvsatf

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Thanks again!!! Here is what it gave me:


ComboFix 10-10-05.04 - chanson 10/06/2010 7:28.4.2 - x86
Running from: c:\documents and settings\chanson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\chanson\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Cfg\admin.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\setup.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\updatecomps.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avguilog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\cfgexlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\cfglog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\corelog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\ldrlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\lnglog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\nslog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\privlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\publog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\rslog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\scanlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\schedlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\srmlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\updlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\vaultlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\wdlog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\Log\wdsvclog.cfg.install_backup
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000127.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000128.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000129.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000130.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000131.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000133.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000134.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000135.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000136.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000137.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000138.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000139.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000140.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000141.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000142.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000143.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000144.log
c:\documents and settings\All Users\Application
 
Data\avg9\scanlogs\I_00000145.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000146.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000147.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000148.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000149.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000150.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000151.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000152.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000153.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000154.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000155.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000156.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000157.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000158.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000159.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000160.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000161.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000162.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000163.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000164.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000165.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000166.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000167.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000168.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000169.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000170.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000171.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000172.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000173.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000174.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000175.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000176.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000177.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000178.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000179.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000180.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000181.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000182.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000183.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000184.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000185.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000186.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000187.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000188.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000189.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000190.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000191.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000192.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000193.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000194.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000195.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000196.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000197.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000198.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000199.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000200.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000201.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000202.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000203.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000204.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000205.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000206.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000207.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000208.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000209.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000210.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000211.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000212.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000213.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000214.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000215.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000216.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000217.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000218.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\update\backup\avg9us.lng
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
c:\documents and settings\All Users\Application Data\avg9\update\backup\cty.cty
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
 
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NVSATF
-------\Service_nvsatf


((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-02 18:13 . 2010-10-02 18:13 310208 ----a-w- c:\documents and settings\chanson\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-10-02 18:12 . 2010-10-03 01:53 -------- d-----w- c:\documents and settings\chanson\Application Data\Azureus
2010-10-02 15:13 . 2010-10-02 15:13 503808 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcp71.dll
2010-10-02 15:13 . 2010-10-02 15:13 499712 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\jmc.dll
2010-10-02 15:13 . 2010-10-02 15:13 348160 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcr71.dll
2010-10-02 15:13 . 2010-10-02 15:13 61440 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-sse.dll
2010-10-02 15:13 . 2010-10-02 15:13 12800 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 14:51 . 2008-11-05 22:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-05 13:36 . 2008-11-06 16:09 -------- d-----w- c:\documents and settings\chanson\Application Data\U3
2010-10-05 00:59 . 2008-11-11 02:22 -------- d-----w- c:\documents and settings\chanson\Application Data\uTorrent
2010-10-04 22:51 . 2008-11-06 16:15 -------- d-----w- c:\program files\Trillian
2010-10-04 21:59 . 2008-11-06 19:39 -------- d-----w- c:\documents and settings\chanson\Application Data\Webex
2010-10-04 18:44 . 2010-05-27 21:33 -------- d-----w- c:\program files\PeerBlock
2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\program files\Alwil Software
2010-10-02 15:12 . 2010-10-02 15:12 -------- d-----w- c:\program files\Common Files\Java
2010-10-02 15:09 . 2010-10-02 15:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-02 02:46 . 2009-09-10 02:22 -------- d-----w- c:\program files\uTorrent
2010-10-01 18:42 . 2010-04-26 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-01 00:16 . 2010-10-01 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 16:09 . 2009-09-10 00:15 -------- d-----w- c:\documents and settings\chanson\Application Data\vlc
2010-09-23 20:48 . 2010-06-24 17:09 649304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-07 15:12 . 2010-10-04 16:56 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-04 16:56 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-04 16:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-04 16:58 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-04 16:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-04 16:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-10-04 16:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-10-04 16:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-10-04 16:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-28 12:41 . 2008-11-05 22:44 -------- d-----w- c:\program files\Citrix
2010-08-28 12:41 . 2010-08-12 21:53 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-12 12:55 . 2008-11-05 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-18 14:59 . 2009-03-04 15:58 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 21:26 303104 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27721:TCP"= 27721:TCP:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2010 11:58 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2010 11:58 AM 17744]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
S2 MA;TriActive MicroAgent;"c:\program files\TriActive\MicroAgent\bin\ma.exe" --> c:\program files\TriActive\MicroAgent\bin\ma.exe [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/27/2010 4:33 PM 14424]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-04 19:11]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489Core.job
- c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489UA.job
- c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://p5i/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
"MtuAdjustment"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL

- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\docume~1\chanson\LOCALS~1\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-10-06 07:59:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 12:59
ComboFix2.txt 2010-10-05 13:54
ComboFix3.txt 2010-10-05 12:49

Pre-Run: 11,177,885,696 bytes free
Post-Run: 11,968,901,120 bytes free

- - End Of File - - B83488A8814E6121FB219A35F9EBBCF1
 
It looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I ran Avast shortly after Combofix, and it caught maybe 10 or so Bamital-AC viruses in the Restore folder. It was able to delete them all, and so far everything is going well. Can't thank you enough. I'll pop back in if I see any more symptoms, but again... awesome work. I appreciate it greatly.
 
I ran Avast shortly after Combofix, and it caught maybe 10 or so Bamital-AC viruses in the Restore folder. It was able to delete them all
Click to expand...
Firstly, my instructions say NOT to do anything else, than what I ask for.
Secondly, cleaning process has to be finished, or you'll be back here very soon.
That will make me angry, as it'll be nothing else but wasting my time.

Please, proceed with OTL log.
 
Sorry for the mix-up, I apologize. Here are the logs:
 

Attachments

  • Extras.Txt
    63.7 KB · Views: 1
  • OTL.Txt
    152.4 KB · Views: 1
Status
Not open for further replies.

Similar threads

learninmypc
Solved Infected W7 Pro
2 3
Replies
51
Views
5K
Broni
Broni
N
Solved Computer system infected
Replies
19
Views
9K
Broni
Broni
R
  • Locked
Inactive-A Occasional redirects
Replies
7
Views
2K
Broni
Broni

Latest posts

Back