TechSpot

Antimalware & Bamatal-AC

By CMHan15
Oct 5, 2010
  1. Hello there! And first and foremost, thanks in advance. I have been battling this virus, and can't defeat it. I need your help... so again, thanks!

    Symptoms: Some redirects in IE (don't seem to have any in Chrome), won't connect to Network right away until Avast blocks CCMExec.exe/explorer.exe/winlogon.exe... but eventually does, and just overall deathly slowness. Programs take forever to open, mouse ticks sometimes... I'm even getting some random restarts, etc. It's brutal.
     
  2. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    I am following the 8 steps and will post them below. Again, thank you!

    1) I am running Avast. It finds several infected Windows files, but can not repair them.
    2) TFC. This opens, I click start and it immediately restarts. Not sure if it completes or not, but this happens every time I try it.
    3) MalwareBytes. Here is the report:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4747

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/5/2010 10:50:07 AM
    mbam-log-2010-10-05 (10-50-07).txt

    Scan type: Quick scan
    Objects scanned: 142761
    Time elapsed: 1 hour(s), 10 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    4) Gmer. I think it ran. It ran for a long time but then the CPU just restarted. I tried to run it again, and within 5 seconds the computer restarted. Not sure what's going on.
     
  3. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    5) DDS

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by chanson at 12:39:05.02 on Tue 10/05/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1435 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\chanson\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://p5i/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [Google Update] "c:\documents and settings\chanson\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
    DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
    DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
    DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229626209516
    DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
    DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
    DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
    DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
    DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
    DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
    DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
    DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
    DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cdcsoftware.webex.com/client/T26L/event/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
    DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
     
  4. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-4 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-4 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-4 40384]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
    S0 nvsatf;nvsatf; [x]
    S2 MA;TriActive MicroAgent;"c:\program files\triactive\microagent\bin\ma.exe" --> c:\program files\triactive\microagent\bin\ma.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-4 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-4 40384]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-27 14424]
    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]
    S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\plcndis5.sys --> c:\windows\system32\PLCNDIS5.SYS [?]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

    ============== File Associations ===============

    .txt=
     
  5. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    =============== Created Last 30 ================

    2010-10-05 12:14:12 0 d-sha-r- C:\cmdcons
    2010-10-05 12:10:36 98816 ----a-w- c:\windows\sed.exe
    2010-10-05 12:10:36 77312 ----a-w- c:\windows\MBR.exe
    2010-10-05 12:10:36 256512 ----a-w- c:\windows\PEV.exe
    2010-10-05 12:10:36 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-04 16:56:19 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-04 16:54:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-10-04 07:16:24 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-02 18:12:50 0 d-----w- c:\docume~1\chanson\applic~1\Azureus
    2010-10-02 15:11:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-10-02 15:11:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-02 01:32:40 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-10-02 01:32:34 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-10-02 01:32:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-10-02 01:32:27 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-10-02 01:32:20 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-10-02 01:30:58 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2010-10-02 01:30:52 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-10-02 01:30:49 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-10-02 01:30:34 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-10-02 01:30:32 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-10-02 01:30:30 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2010-10-02 01:28:27 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-10-02 01:28:21 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-10-02 01:28:00 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-10-02 01:26:54 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
    2010-10-02 01:26:48 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
    2010-10-02 01:26:39 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
    2010-10-02 01:26:31 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
    2010-10-02 01:26:24 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2010-10-02 01:26:18 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
    2010-10-02 01:26:11 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
    2010-10-02 01:26:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2010-10-02 01:26:04 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-10-02 01:25:56 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2010-10-02 01:25:50 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2010-10-02 01:25:44 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2010-10-02 01:25:38 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-10-02 01:25:32 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
    2010-10-02 01:25:26 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
    2010-10-02 01:25:21 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
    2010-10-02 01:25:15 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
    2010-10-02 01:25:10 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
    2010-10-02 01:25:08 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
    2010-10-02 01:25:04 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
    2010-10-02 01:24:54 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
    2010-10-02 01:24:49 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
    2010-10-02 01:24:44 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
    2010-10-02 01:24:38 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
    2010-10-02 01:24:33 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
    2010-10-02 01:24:28 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
    2010-10-02 01:24:23 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
    2010-10-02 01:24:17 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
    2010-10-02 01:24:11 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
    2010-10-02 01:24:06 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
    2010-10-02 01:24:01 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
    2010-10-02 01:23:52 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
    2010-10-02 01:23:42 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
    2010-10-02 01:23:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
    2010-10-02 01:23:31 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
    2010-10-02 01:23:26 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2010-10-02 01:23:20 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
    2010-10-02 01:23:15 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
    2010-10-02 01:23:08 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
    2010-10-02 01:23:03 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
    2010-10-02 01:23:02 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
    2010-10-02 01:22:56 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
    2010-10-02 01:22:38 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2010-10-02 01:22:33 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2010-10-02 01:22:27 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2010-10-02 01:22:21 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
    2010-10-02 01:22:13 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
    2010-10-02 01:22:02 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
    2010-10-02 01:21:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
    2010-10-02 01:21:54 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
    2010-10-02 01:21:47 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
    2010-10-02 01:21:42 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
    2010-10-02 01:21:33 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
    2010-10-02 01:21:25 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
    2010-10-02 01:21:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
    2010-10-02 01:21:14 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
    2010-10-02 01:21:03 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
    2010-10-02 01:19:56 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
    2010-10-02 01:19:50 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
    2010-10-02 01:19:40 48736 -c--a-w-
     
  6. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    c:\windows\system32\dllcache\srwlnd5.sys
    2010-10-02 01:19:34 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
    2010-10-02 01:19:24 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
    2010-10-02 01:19:15 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
    2010-10-02 01:19:10 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
    2010-10-02 01:19:05 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
    2010-10-02 01:18:59 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
    2010-10-02 01:18:54 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
    2010-10-02 01:18:49 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
    2010-10-02 01:18:45 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
    2010-10-02 01:18:43 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
    2010-10-02 01:18:37 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2010-10-02 01:18:25 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-10-02 01:18:20 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
    2010-10-02 01:18:15 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
    2010-10-02 01:18:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
    2010-10-02 01:18:05 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
    2010-10-02 01:18:01 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
    2010-10-02 01:16:57 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2010-10-02 01:16:52 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
    2010-10-02 01:16:47 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
    2010-10-02 01:16:42 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2010-10-02 01:16:37 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
    2010-10-02 01:15:48 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2010-10-02 01:15:43 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
    2010-10-02 01:15:39 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2010-10-02 01:15:34 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
    2010-10-02 01:15:29 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
    2010-10-02 01:15:15 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
    2010-10-02 01:15:08 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2010-10-02 01:15:06 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2010-10-02 01:15:02 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
    2010-10-02 01:14:56 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
    2010-10-02 01:14:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
    2010-10-02 01:14:45 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
    2010-10-02 01:14:40 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
    2010-10-02 01:14:37 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
    2010-10-02 01:14:32 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
    2010-10-02 01:14:20 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
    2010-10-02 01:14:15 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
    2010-10-02 01:14:10 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
    2010-10-02 01:14:06 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
    2010-10-02 01:14:01 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
    2010-10-02 01:12:53 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
    2010-10-02 01:12:47 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
    2010-10-02 01:12:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
    2010-10-02 01:12:35 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2010-10-02 01:12:28 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
    2010-10-02 01:12:14 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
    2010-10-02 01:12:06 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
    2010-10-02 01:12:01 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
    2010-10-02 01:11:55 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
    2010-10-02 01:11:50 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
    2010-10-02 01:11:35 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2010-10-02 01:11:30 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
    2010-10-02 01:11:26 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
    2010-10-02 01:11:21 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
    2010-10-02 01:11:16 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
    2010-10-02 01:11:15 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
    2010-10-02 01:11:07 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
    2010-10-02 01:11:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
    2010-10-02 01:09:57 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
    2010-10-02 01:08:58 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2010-10-02 01:08:56 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
    2010-10-02 01:08:51 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
    2010-10-02 01:08:40 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
    2010-10-02 01:08:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2010-10-02 01:08:30 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
    2010-10-02 01:08:21 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
    2010-10-02 01:08:16 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
    2010-10-02 01:08:09 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
    2010-10-02 01:08:04 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
    2010-10-02 01:07:58 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
    2010-10-02 01:07:53 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
    2010-10-02 01:07:47 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
    2010-10-02 01:07:40 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
    2010-10-02 01:07:35 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
    2010-10-02 01:07:29 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
    2010-10-02 01:07:24 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
    2010-10-02 01:07:18 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
    2010-10-02 01:06:53 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2010-10-02 01:06:48 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
    2010-10-02 01:06:22 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2010-10-02 01:06:13 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2010-10-02 01:06:09 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2010-10-02 01:06:08 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2010-10-02 01:05:58 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2010-10-02 01:05:53 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-10-02 01:05:33 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-10-02 01:05:32 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
    2010-10-02 01:05:20 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
    2010-10-02 01:05:15 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
    2010-10-02 01:05:10 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
    2010-10-02 01:05:06 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
    2010-10-02 01:05:04 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
    2010-10-02 01:05:01 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2010-10-02 01:03:59 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2010-10-02 01:03:32 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2010-10-02 01:03:31 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2010-10-02 01:03:22 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2010-10-02 01:03:03 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2010-10-02 01:03:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2010-10-02 01:02:08 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2010-10-02 01:02:03 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2010-10-02 01:02:03 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
    2010-10-02 01:02:02 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2010-10-02 01:01:47 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2010-10-02 01:01:35 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
    2010-10-02 01:01:18 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
    2010-10-02 01:01:04 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
    2010-10-02 01:00:55 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
    2010-10-02 01:00:51 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
    2010-10-02 01:00:49 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
    2010-10-02 01:00:45 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
    2010-10-02 01:00:40 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
    2010-10-02 01:00:35 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
    2010-10-02 01:00:27 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
    2010-10-02 01:00:21 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
    2010-10-02 01:00:17 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
    2010-10-02 01:00:12 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
    2010-10-02 01:00:08 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
    2010-10-02 01:00:07 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
    2010-10-02 00:58:53 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
    2010-10-02 00:58:52 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
    2010-10-02 00:58:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-10-02 00:58:32 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-10-02 00:58:17 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-10-02 00:58:14 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-10-02 00:58:10 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-10-02 00:58:06 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-10-02 00:56:25 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-10-02 00:56:21 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
    2010-10-02 00:56:18 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
    2010-10-02 00:56:14 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
    2010-10-02 00:56:10 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
    2010-10-02 00:56:07 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
    2010-10-02 00:56:03 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
    2010-10-02 00:52:32 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
    2010-10-02 00:52:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
    2010-10-02 00:52:25 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
    2010-10-02 00:52:21 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
    2010-10-02 00:52:18 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
    2010-10-02 00:52:14 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
    2010-10-02 00:52:10 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
    2010-10-02 00:52:07 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
    2010-10-02 00:52:03 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
    2010-10-02 00:52:00 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
    2010-10-02 00:50:58 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
    2010-10-02 00:49:51 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
    2010-10-02 00:49:48 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
    2010-10-02 00:49:45 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
    2010-10-02 00:49:41 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
    2010-10-02 00:49:38 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
    2010-10-02 00:49:36 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
    2010-10-02 00:49:32 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
    2010-10-02 00:49:17 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
    2010-10-02 00:49:14 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
    2010-10-02 00:49:11 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
    2010-10-02 00:49:03 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
    2010-10-02 00:49:00 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
    2010-10-02 00:48:57 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
    2010-10-02 00:48:55 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
    2010-10-02 00:48:52 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
    2010-10-02 00:48:48 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
    2010-10-02 00:48:39 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
    2010-10-02 00:48:34 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
    2010-10-02 00:48:30 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
    2010-10-02 00:48:26 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
    2010-10-02 00:48:22 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
    2010-10-02 00:48:10 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
    2010-10-02 00:48:05 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
    2010-10-02 00:46:59 283904 -c--a-w- c:\windows\system32\dllcache\emu10k1m.sys
    2010-10-02 00:45:58 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
    2010-10-02 00:45:55 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
    2010-10-02 00:45:39 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
    2010-10-02 00:45:35 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2010-10-02 00:45:23 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
    2010-10-02 00:45:13 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
    2010-10-02 00:45:10 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
    2010-10-02 00:45:09 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
    2010-10-02 00:45:06 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
    2010-10-02 00:45:06 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
    2010-10-02 00:43:58 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
    2010-10-02 00:42:48 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
    2010-10-02 00:41:56 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
    2010-10-02 00:41:47 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
    2010-10-02 00:41:45 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
    2010-10-02 00:41:43 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
    2010-10-02 00:41:41 60970 -c--a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
    2010-10-02 00:41:39 21533 -c--a-w- c:\windows\system32\dllcache\cpqndis5.sys
    2010-10-02 00:41:38 14976 -c--a-w-
     
  7. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    c:\windows\system32\dllcache\cpqarray.sys
    2010-10-02 00:41:18 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
    2010-10-02 00:41:16 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
    2010-10-02 00:41:08 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
    2010-10-02 00:41:06 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
    2010-10-02 00:41:02 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
    2010-10-02 00:41:01 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
    2010-10-02 00:39:58 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
    2010-10-01 23:58:29 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-10-01 23:58:09 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
    2010-10-01 23:58:08 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
    2010-10-01 23:58:07 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
    2010-10-01 23:58:06 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
    2010-10-01 23:58:05 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
    2010-10-01 23:58:04 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
    2010-10-01 23:58:02 39552 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
    2010-10-01 23:58:01 3168 -c--a-w- c:\windows\system32\dllcache\brparimg.sys
    2010-10-01 23:57:45 41472 -c--a-w- c:\windows\system32\dllcache\brmfusb.dll
    2010-10-01 23:57:30 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
    2010-10-01 23:57:27 29696 -c--a-w- c:\windows\system32\dllcache\brmflpt.dll
    2010-10-01 23:57:26 81408 -c--a-w- c:\windows\system32\dllcache\brmfcwia.dll
    2010-10-01 23:57:25 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
    2010-10-01 23:57:22 3968 -c--a-w- c:\windows\system32\dllcache\brfiltup.sys
    2010-10-01 23:57:21 12160 -c--a-w- c:\windows\system32\dllcache\brfiltlo.sys
    2010-10-01 23:56:26 2944 -c--a-w- c:\windows\system32\dllcache\brfilt.sys
    2010-10-01 23:56:23 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
    2010-10-01 23:56:22 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
    2010-10-01 23:56:21 19456 -c--a-w- c:\windows\system32\dllcache\brbidiif.dll
    2010-10-01 23:54:59 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys
    2010-10-01 23:53:59 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
    2010-10-01 23:53:58 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
    2010-10-01 23:53:57 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
    2010-10-01 23:53:56 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
    2010-10-01 23:53:55 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
    2010-10-01 23:53:26 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
    2010-10-01 23:46:08 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-10-01 00:16:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-01 00:16:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-01 00:16:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

    ==================== Find3M ====================

    2010-05-26 12:21:25 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2010-05-26 12:21:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
    2010-05-26 12:21:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010052620100527\index.dat
    2010-05-26 12:21:25 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat
    2009-03-18 14:59:38 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat

    ============= FINISH: 12:39:24.60 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/5/2008 5:12:25 PM
    System Uptime: 10/5/2010 12:22:12 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0HU754
    Processor: Intel(R) Core(TM)2 CPU U7600 @ 1.20GHz | Microprocessor | 1197/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 56 GiB total, 9.164 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0001
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0001
    Service: vpnva
     
  8. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    ĀµTorrent
    Advanced SystemCare 3
    avast! Free Antivirus
    CDC Software Manager NA12TO1PRODEP01
    CDC Software Smart Client Shortcut Handler
    Cisco AnyConnect VPN Client
    Conexant HDA D330 MDC V.92 Modem
    Configuration Manager Client
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Touchpad
    DocProc
    DocProcQFolder
    Google Calendar Sync
    Google Chrome
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP_Network_UserGuide
    Intel(R) Graphics Media Accelerator Driver
    Java 2 Runtime Environment, SE v1.4.1_07
    Java Auto Updater
    Java(TM) 6 Update 21
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    myPassword GINA
    OCR Software by I.R.I.S. 10.0
    Office Integration Per-User Installer
    PeerBlock 1.0.0 (r181)
    Pivotal CRM 6.0 Prerequisites(v6.0.0400)
    Pivotal Per-User Client COM Components 6.0
    PowerDVD
    RDC
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SigmaTel Audio
    Sonic Activation Module
    Trillian
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual Studio 2005 Tools for Office Second Edition Runtime
    VLC media player 1.0.1
    WebEx
    WebFldrs XP
    WebSlingPlayer ActiveX
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
     
  9. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    ==== Event Viewer Messages From Past Week ========

    9/30/2010 9:27:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/30/2010 8:21:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
    9/30/2010 8:21:19 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/30/2010 8:21:01 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    9/30/2010 7:40:38 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    9/30/2010 7:00:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    9/30/2010 5:16:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
    9/30/2010 5:07:11 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
    9/30/2010 2:08:55 PM, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&200550d&0&LPT1) disappeared from the system without first being prepared for removal.
    9/30/2010 2:08:55 PM, error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPI\PNP0401\4&25e2ff18&0) disappeared from the system without first being prepared for removal.
    9/30/2010 2:08:55 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\4&25e2ff18&0) disappeared from the system without first being prepared for removal.
    9/30/2010 2:08:34 PM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
    9/30/2010 2:08:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    9/29/2010 5:17:11 PM, error: Dhcp [1002] - The IP address lease 10.42.119.61 for the Network Card with network address 001C266655E4 has been denied by the DHCP server 172.18.193.14 (The DHCP Server sent a DHCPNACK message).
    9/29/2010 1:06:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    9/28/2010 9:37:59 AM, error: Dhcp [1002] - The IP address lease 172.16.1.104 for the Network Card with network address 001C266655E4 has been denied by the DHCP server 10.42.64.2 (The DHCP Server sent a DHCPNACK message).
    9/28/2010 8:09:59 PM, error: Dhcp [1002] - The IP address lease 10.42.112.34 for the Network Card with network address 001C266655E4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    9/28/2010 2:10:47 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001C266655E4. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    10/5/2010 9:21:00 AM, error: Service Control Manager [7034] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s).
    10/5/2010 9:21:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cisco AnyConnect VPN Agent service to connect.
    10/5/2010 9:21:00 AM, error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/5/2010 9:20:46 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
    10/5/2010 9:20:46 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/5/2010 8:17:50 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
    10/5/2010 8:17:50 AM, error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The system cannot find the path specified.
    10/5/2010 7:34:53 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    10/5/2010 12:27:06 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    10/4/2010 7:46:01 PM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service.
    10/4/2010 7:14:42 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
    10/4/2010 7:13:49 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauclt1.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.4.3790.5512.
    10/4/2010 7:11:58 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    10/4/2010 12:53:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
    10/4/2010 12:53:27 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2010 11:21:59 AM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    10/3/2010 7:35:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    10/3/2010 12:49:46 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/2/2010 9:03:31 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    10/2/2010 9:00:48 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
    10/2/2010 9:00:48 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
    10/2/2010 9:00:48 PM, error: Service Control Manager [7000] - The TriActive MicroAgent service failed to start due to the following error: The system cannot find the path specified.
    10/2/2010 9:00:48 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/2/2010 9:00:32 PM, error: NETLOGON [5719] - No Domain Controller is available for domain SWG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    10/1/2010 9:54:04 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\mrinfo.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/1/2010 8:32:44 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
    10/1/2010 8:14:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SMS Agent Host service to connect.
    10/1/2010 8:14:26 AM, error: Service Control Manager [7000] - The SMS Agent Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2010 7:51:18 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    10/1/2010 7:48:27 PM, information: Windows File Protection [64021] - The system file c:\windows\explorer.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
    10/1/2010 7:48:19 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\explorer.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
    10/1/2010 7:33:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free WatchDog service to connect.
    10/1/2010 7:33:01 AM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2010 7:29:58 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\winlogon.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
    10/1/2010 7:29:51 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\winlogon.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    10/1/2010 7:20:44 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    10/1/2010 7:09:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
    10/1/2010 7:09:15 AM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2010 7:05:54 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    10/1/2010 7:05:45 PM, error: Service Control Manager [7024] - The AVG Free WatchDog service terminated with service-specific error 3221684350 (0xC007007E).
    10/1/2010 7:00:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/1/2010 6:52:27 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    10/1/2010 6:51:49 PM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    ==== End Of File ===========================


    **** I believe Microsoft, Jave and Adobe are all up to date.

    THANKS AGAIN!
     
  10. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    Attached files
     

    Attached Files:

  11. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    One last thing, I did use Combofix. A friend sent it to me and said to use it, so I did. I know I wasn't supposed to, but that's what I get for listening to him before doing my own research!

    Thanks again, and let me know if there is anything else I can provide. I truly appreciate it, thanks.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Bad boy :)

    Please, post Combofix log.
     
  13. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    Ha! Thanks, here it is:


    ComboFix 10-10-04.02 - chanson 10/05/2010 8:39.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1589 [GMT -5:00]
    Running from: c:\documents and settings\chanson\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
    .

    2010-10-04 16:58 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-04 16:58 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-04 16:58 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-04 16:57 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-04 16:57 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-04 16:57 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-04 16:57 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-04 16:56 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-04 16:56 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\program files\Alwil Software
    2010-10-04 07:16 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-02 18:13 . 2010-10-02 18:13 310208 ----a-w- c:\documents and settings\chanson\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
    2010-10-02 18:12 . 2010-10-03 01:53 -------- d-----w- c:\documents and settings\chanson\Application Data\Azureus
    2010-10-02 15:13 . 2010-10-02 15:13 503808 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcp71.dll
    2010-10-02 15:13 . 2010-10-02 15:13 499712 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\jmc.dll
    2010-10-02 15:13 . 2010-10-02 15:13 348160 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcr71.dll
    2010-10-02 15:13 . 2010-10-02 15:13 61440 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-sse.dll
    2010-10-02 15:13 . 2010-10-02 15:13 12800 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-d3d.dll
    2010-10-02 15:12 . 2010-10-02 15:12 -------- d-----w- c:\program files\Common Files\Java
    2010-10-02 15:11 . 2010-10-02 15:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-02 01:32 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-10-02 01:32 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-10-02 01:32 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-10-02 01:32 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-10-02 01:32 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-10-02 01:30 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2010-10-02 01:30 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-10-02 01:30 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-10-02 01:30 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-10-02 01:30 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-10-02 01:30 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2010-10-02 01:28 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-10-02 01:28 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-10-02 01:28 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-10-02 01:26 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
    2010-10-02 01:26 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
    2010-10-02 01:26 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
    2010-10-02 01:26 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
    2010-10-02 01:26 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2010-10-02 01:26 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
    2010-10-02 01:26 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
    2010-10-02 01:26 . 2008-04-13 17:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2010-10-02 01:26 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-10-02 01:25 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2010-10-02 01:25 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2010-10-02 01:25 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2010-10-02 01:25 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-10-02 01:25 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
    2010-10-02 01:25 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
    2010-10-02 01:25 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
    2010-10-02 01:25 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
    2010-10-02 01:25 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
    2010-10-02 01:25 . 2008-04-13 17:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
    2010-10-02 01:25 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
    2010-10-02 01:24 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
    2010-10-02 01:24 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
    2010-10-02 01:24 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
    2010-10-02 01:24 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
    2010-10-02 01:24 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
    2010-10-02 01:24 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
    2010-10-02 01:24 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
    2010-10-02 01:24 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
    2010-10-02 01:24 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
    2010-10-02 01:24 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
    2010-10-02 01:24 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
    2010-10-02 01:23 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
    2010-10-02 01:23 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
    2010-10-02 01:23 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
    2010-10-02 01:23 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
    2010-10-02 01:23 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2010-10-02 01:23 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
    2010-10-02 01:23 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
    2010-10-02 01:23 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
    2010-10-02 01:23 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
    2010-10-02 01:23 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
    2010-10-02 01:22 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
    2010-10-02 01:22 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2010-10-02 01:22 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2010-10-02 01:22 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2010-10-02 01:22 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
    2010-10-02 01:22 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
    2010-10-02 01:22 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
    2010-10-02 01:21 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
    2010-10-02 01:21 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
    2010-10-02 01:21 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
    2010-10-02 01:21 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
    2010-10-02 01:21 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
    2010-10-02 01:21 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
    2010-10-02 01:21 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
    2010-10-02 01:21 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
    2010-10-02 01:21 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
    2010-10-02 01:19 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
    2010-10-02 01:19 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
    2010-10-02 01:19 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
    2010-10-02 01:19 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
    2010-10-02 01:19 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
    2010-10-02 01:19 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
    2010-10-02 01:19 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
    2010-10-02 01:19 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
    2010-10-02 01:18 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
    2010-10-02 01:18 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
    2010-10-02 01:18 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
    2010-10-02 01:18 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
    2010-10-02 01:18 . 2008-04-13 17:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
    2010-10-02 01:18 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2010-10-02 01:18 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-10-02 01:18 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
    2010-10-02 01:18 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
    2010-10-02 01:18 . 2001-08-17 17:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
    2010-10-02 01:18 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
    2010-10-02 01:18 . 2001-08-17 18:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
    2010-10-02 01:16 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2010-10-02 01:16 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
    2010-10-02 01:16 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
    2010-10-02 01:16 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2010-10-02 01:16 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
    2010-10-02 01:15 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2010-10-02 01:15 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
    2010-10-02 01:15 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2010-10-02 01:15 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
    2010-10-02 01:15 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
    2010-10-02 01:15 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
    2010-10-02 01:15 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2010-10-02 01:15 . 2008-04-13 17:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
     
  14. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 13:36 . 2008-11-06 16:09 -------- d-----w- c:\documents and settings\chanson\Application Data\U3
    2010-10-05 00:59 . 2008-11-11 02:22 -------- d-----w- c:\documents and settings\chanson\Application Data\uTorrent
    2010-10-04 22:51 . 2008-11-06 16:15 -------- d-----w- c:\program files\Trillian
    2010-10-04 21:59 . 2008-11-06 19:39 -------- d-----w- c:\documents and settings\chanson\Application Data\Webex
    2010-10-04 18:44 . 2010-05-27 21:33 -------- d-----w- c:\program files\PeerBlock
    2010-10-02 02:46 . 2009-09-10 02:22 -------- d-----w- c:\program files\uTorrent
    2010-10-02 00:11 . 2009-11-03 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-10-01 18:42 . 2010-04-26 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-27 16:09 . 2009-09-10 00:15 -------- d-----w- c:\documents and settings\chanson\Application Data\vlc
    2010-09-23 20:48 . 2010-06-24 17:09 649304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-08-28 12:41 . 2008-11-05 22:44 -------- d-----w- c:\program files\Citrix
    2010-08-28 12:41 . 2010-08-12 21:53 -------- d-----w- c:\program files\AviSynth 2.5
    2010-08-12 12:55 . 2008-11-05 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-18 14:59 . 2009-03-04 15:58 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat
    .

    ------- Sigcheck -------

    [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 507904 . . [------] . . c:\windows\system32\winlogon.exe
    [7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

    [-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
    [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-02-19 21:26 303104 ----a-w- c:\windows\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "stllssvr"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Trillian\\trillian.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27721:TCP"= 27721:TCP:uTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2010 11:58 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2010 11:58 AM 17744]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
    S0 nvsatf;nvsatf; [x]
    S2 MA;TriActive MicroAgent;"c:\program files\TriActive\MicroAgent\bin\ma.exe" --> c:\program files\TriActive\MicroAgent\bin\ma.exe [?]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/27/2010 4:33 PM 14424]
    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
    S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-05 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-04 19:11]

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489Core.job
    - c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489UA.job
    - c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]
    .
     
  15. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://p5i/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
    DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
    DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
    DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
    DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
    DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
    DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
    DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
    DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
    DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
    DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
    DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
    DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
    DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
    DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
    DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
    DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    "MtuAdjustment"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(952)
    c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL
    .
    Completion time: 2010-10-05 08:54:47
    ComboFix-quarantined-files.txt 2010-10-05 13:54
    ComboFix2.txt 2010-10-05 12:49

    Pre-Run: 9,822,998,528 bytes free
    Post-Run: 9,806,729,216 bytes free

    - - End Of File - - B0D92A0C8E5E0AD722D9E611467F24EB
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, navigate to C:\Qoobox folder and post ComboFix2.txt content.
     
  17. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    ComboFix 10-10-04.02 - chanson 10/05/2010 7:16.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1437 [GMT -5:00]
    Running from: c:\documents and settings\chanson\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\chanson\g2mdlhlpx.exe
    C:\Install.exe

    ----- BITS: Possible infected sites -----

    hxxp://NASCCM01.SWG.CDC.ROOT:80
    hxxp://nawsus01.swg.cdc.root
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
    .

    2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-02 18:13 . 2010-10-02 18:13 310208 ----a-w- c:\documents and settings\chanson\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
    2010-10-02 18:12 . 2010-10-03 01:53 -------- d-----w- c:\documents and settings\chanson\Application Data\Azureus
    2010-10-02 15:13 . 2010-10-02 15:13 503808 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcp71.dll
    2010-10-02 15:13 . 2010-10-02 15:13 499712 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\jmc.dll
    2010-10-02 15:13 . 2010-10-02 15:13 348160 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcr71.dll
    2010-10-02 15:13 . 2010-10-02 15:13 61440 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-sse.dll
    2010-10-02 15:13 . 2010-10-02 15:13 12800 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-d3d.dll
    2010-09-23 14:47 . 2010-09-23 14:47 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    2010-09-23 14:47 . 2010-09-23 14:47 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-09-23 14:47 . 2010-09-23 14:47 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
    2010-09-23 14:47 . 2010-09-23 14:47 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    2010-09-23 14:47 . 2010-09-23 14:47 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
    2010-09-23 14:47 . 2010-09-23 14:47 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    2010-09-23 14:47 . 2010-09-23 14:47 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-09-23 14:47 . 2010-09-23 14:47 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
    2010-09-23 14:45 . 2010-09-23 14:45 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 01:29 . 2008-11-06 16:09 -------- d-----w- c:\documents and settings\chanson\Application Data\U3
    2010-10-05 00:59 . 2008-11-11 02:22 -------- d-----w- c:\documents and settings\chanson\Application Data\uTorrent
    2010-10-04 22:51 . 2008-11-06 16:15 -------- d-----w- c:\program files\Trillian
    2010-10-04 21:59 . 2008-11-06 19:39 -------- d-----w- c:\documents and settings\chanson\Application Data\Webex
    2010-10-04 18:44 . 2010-05-27 21:33 -------- d-----w- c:\program files\PeerBlock
    2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\program files\Alwil Software
    2010-10-02 15:12 . 2010-10-02 15:12 -------- d-----w- c:\program files\Common Files\Java
    2010-10-02 15:09 . 2010-10-02 15:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-02 02:46 . 2009-09-10 02:22 -------- d-----w- c:\program files\uTorrent
    2010-10-02 00:11 . 2009-11-03 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-10-01 18:42 . 2010-04-26 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-10-01 00:16 . 2010-10-01 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-27 16:09 . 2009-09-10 00:15 -------- d-----w- c:\documents and settings\chanson\Application Data\vlc
    2010-09-23 20:48 . 2010-06-24 17:09 649304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-09-07 15:12 . 2010-10-04 16:56 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-10-04 16:56 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-10-04 16:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-10-04 16:58 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-10-04 16:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-10-04 16:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-10-04 16:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-10-04 16:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-10-04 16:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-08-28 12:41 . 2008-11-05 22:44 -------- d-----w- c:\program files\Citrix
    2010-08-28 12:41 . 2010-08-12 21:53 -------- d-----w- c:\program files\AviSynth 2.5
    2010-08-12 12:55 . 2008-11-05 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-18 14:59 . 2009-03-04 15:58 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat
    .

    ------- Sigcheck -------

    [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 507904 . . [------] . . c:\windows\system32\winlogon.exe
    [7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

    [-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
    [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-02-19 21:26 303104 ----a-w- c:\windows\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "stllssvr"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Trillian\\trillian.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27721:TCP"= 27721:TCP:uTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2010 11:58 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2010 11:58 AM 17744]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
    S0 nvsatf;nvsatf; [x]
    S2 MA;TriActive MicroAgent;"c:\program files\TriActive\MicroAgent\bin\ma.exe" --> c:\program files\TriActive\MicroAgent\bin\ma.exe [?]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/27/2010 4:33 PM 14424]
    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
    S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-04 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-04 19:11]

    2010-10-04 c:\windows\Tasks\AWC Update.job
    - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-10-04 16:08]

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489Core.job
    - c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489UA.job
    - c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://p5i/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
    DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
    DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
    DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
    DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
    DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
    DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
    DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
    DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
    DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
    DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
    DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
    DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
    DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
    DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
    DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
    DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    "MtuAdjustment"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(940)
    c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Apoint\ApMsgFwd.exe
    c:\windows\system32\igfxsrvc.exe
    c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Apoint\HidFind.exe
    c:\program files\Apoint\Apntex.exe
    c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-05 07:49:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-05 12:49

    Pre-Run: 7,314,370,560 bytes free
    Post-Run: 7,420,125,184 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 6FFC10B11E2EE1B33F857B90376EC3D6
     
  18. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\All Users\Application Data\avg9
    
    FCopy::
    c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
    c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
    
    Driver::
    nvsatf
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    Thanks again!!! Here is what it gave me:


    ComboFix 10-10-05.04 - chanson 10/06/2010 7:28.4.2 - x86
    Running from: c:\documents and settings\chanson\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\chanson\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\avg9
    c:\documents and settings\All Users\Application Data\avg9\Cfg\admin.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\setup.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\updatecomps.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avguilog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.10
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.2
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.3
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.4
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.5
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.6
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.7
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.8
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.9
    c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\cfgexlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\cfglog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
    c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log
    c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\corelog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
    c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
    c:\documents and settings\All Users\Application Data\avg9\Log\ldrlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\lnglog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\nslog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\privlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\publog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\rslog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\scanlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\schedlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\srmlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\updlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
    c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.1
    c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
    c:\documents and settings\All Users\Application Data\avg9\Log\vaultlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\wdlog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\Log\wdsvclog.cfg.install_backup
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000127.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000128.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000129.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000130.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000131.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000133.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000134.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000135.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000136.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000137.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000138.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000139.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000140.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000141.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000142.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000143.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000144.log
    c:\documents and settings\All Users\Application
     
  20. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    Data\avg9\scanlogs\I_00000145.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000146.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000147.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000148.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000149.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000150.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000151.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000152.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000153.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000154.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000155.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000156.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000157.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000158.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000159.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000160.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000161.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000162.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000163.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000164.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000165.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000166.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000167.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000168.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000169.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000170.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000171.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000172.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000173.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000174.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000175.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000176.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000177.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000178.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000179.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000180.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000181.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000182.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000183.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000184.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000185.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000186.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000187.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000188.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000189.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000190.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000191.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000192.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000193.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000194.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000195.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000196.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000197.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000198.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000199.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000200.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000201.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000202.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000203.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000204.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000205.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000206.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000207.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000208.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000209.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000210.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000211.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000212.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000213.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000214.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000215.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000216.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000217.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000218.log
    c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avg9us.lng
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\cty.cty
    c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
    c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.dat
    c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
    c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
    .
     
  21. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    --------------- FCopy ---------------

    c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
    c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NVSATF
    -------\Service_nvsatf


    ((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
    .

    2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-02 18:13 . 2010-10-02 18:13 310208 ----a-w- c:\documents and settings\chanson\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
    2010-10-02 18:12 . 2010-10-03 01:53 -------- d-----w- c:\documents and settings\chanson\Application Data\Azureus
    2010-10-02 15:13 . 2010-10-02 15:13 503808 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcp71.dll
    2010-10-02 15:13 . 2010-10-02 15:13 499712 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\jmc.dll
    2010-10-02 15:13 . 2010-10-02 15:13 348160 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a1811fb-n\msvcr71.dll
    2010-10-02 15:13 . 2010-10-02 15:13 61440 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-sse.dll
    2010-10-02 15:13 . 2010-10-02 15:13 12800 ----a-w- c:\documents and settings\chanson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33e791e6-n\decora-d3d.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 14:51 . 2008-11-05 22:41 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-05 13:36 . 2008-11-06 16:09 -------- d-----w- c:\documents and settings\chanson\Application Data\U3
    2010-10-05 00:59 . 2008-11-11 02:22 -------- d-----w- c:\documents and settings\chanson\Application Data\uTorrent
    2010-10-04 22:51 . 2008-11-06 16:15 -------- d-----w- c:\program files\Trillian
    2010-10-04 21:59 . 2008-11-06 19:39 -------- d-----w- c:\documents and settings\chanson\Application Data\Webex
    2010-10-04 18:44 . 2010-05-27 21:33 -------- d-----w- c:\program files\PeerBlock
    2010-10-04 16:54 . 2010-10-04 16:54 -------- d-----w- c:\program files\Alwil Software
    2010-10-02 15:12 . 2010-10-02 15:12 -------- d-----w- c:\program files\Common Files\Java
    2010-10-02 15:09 . 2010-10-02 15:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-02 02:46 . 2009-09-10 02:22 -------- d-----w- c:\program files\uTorrent
    2010-10-01 18:42 . 2010-04-26 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-10-01 00:16 . 2010-10-01 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-27 16:09 . 2009-09-10 00:15 -------- d-----w- c:\documents and settings\chanson\Application Data\vlc
    2010-09-23 20:48 . 2010-06-24 17:09 649304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-09-07 15:12 . 2010-10-04 16:56 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-10-04 16:56 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-10-04 16:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-10-04 16:58 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-10-04 16:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-10-04 16:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-10-04 16:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-10-04 16:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-10-04 16:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-08-28 12:41 . 2008-11-05 22:44 -------- d-----w- c:\program files\Citrix
    2010-08-28 12:41 . 2010-08-12 21:53 -------- d-----w- c:\program files\AviSynth 2.5
    2010-08-12 12:55 . 2008-11-05 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-18 14:59 . 2009-03-04 15:58 102815776 -csha-w- c:\windows\system32\drivers\fidbox.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-02-19 21:26 303104 ----a-w- c:\windows\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "stllssvr"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Trillian\\trillian.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27721:TCP"= 27721:TCP:uTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2010 11:58 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2010 11:58 AM 17744]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
    S2 MA;TriActive MicroAgent;"c:\program files\TriActive\MicroAgent\bin\ma.exe" --> c:\program files\TriActive\MicroAgent\bin\ma.exe [?]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/27/2010 4:33 PM 14424]
    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
    S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS --> c:\windows\system32\PLCNDIS5.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-06 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-04 19:11]

    2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489Core.job
    - c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]

    2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211901429-4127454929-894062573-5489UA.job
    - c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 03:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://p5i/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    Trusted Zone: cdc.root\*.swg
    Trusted Zone: cdcsoftware.com
    Trusted Zone: cdcsoftware.com\cdcnet
    Trusted Zone: pivotal.local\*.corporate
    Trusted Zone: rossinc.com
    DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
    DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
    DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
    DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
    DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
    DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
    DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
    DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
    DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
    DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
    DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
    DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
    DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
    DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
    DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
    DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
    DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    "MtuAdjustment"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(984)
    c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL

    - - - - - - - > 'explorer.exe'(3200)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\docume~1\chanson\LOCALS~1\Temp\catchme.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\Apoint\ApMsgFwd.exe
    c:\program files\Apoint\HidFind.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Apoint\Apntex.exe
    c:\documents and settings\chanson\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-06 07:59:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-06 12:59
    ComboFix2.txt 2010-10-05 13:54
    ComboFix3.txt 2010-10-05 12:49

    Pre-Run: 11,177,885,696 bytes free
    Post-Run: 11,968,901,120 bytes free

    - - End Of File - - B83488A8814E6121FB219A35F9EBBCF1
     
  22. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    It looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    I ran Avast shortly after Combofix, and it caught maybe 10 or so Bamital-AC viruses in the Restore folder. It was able to delete them all, and so far everything is going well. Can't thank you enough. I'll pop back in if I see any more symptoms, but again... awesome work. I appreciate it greatly.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Firstly, my instructions say NOT to do anything else, than what I ask for.
    Secondly, cleaning process has to be finished, or you'll be back here very soon.
    That will make me angry, as it'll be nothing else but wasting my time.

    Please, proceed with OTL log.
     
  25. CMHan15

    CMHan15 TS Rookie Topic Starter Posts: 22

    Sorry for the mix-up, I apologize. Here are the logs:
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...