Bad image error upon boot up and opening programs

Resolved
By crimsonheis
Jun 29, 2011
Topic Status:
Not open for further replies.
  1. Hello guys~!

    Just a few days ago I have been having error dialogue boxes popping on my screen, usually when I open a program, or even during startup.

    It usually says:

    [program].exe - Bad Image
    The application or DLL c:\program~1\window~\datamngr\datamngr.dll is not a valid Windows image. Please check this against your installation diskette.

    a number of these would pop-up consecutively it radically hinders my computer usage.

    Also, at one time, I booted up my computer to find my desktop had been changed, it was as if it was reset, all my icons were gone and the wallpaper/theme was back to the windows default. I was able to bring back my old desktop by system restore though, this instance did not occur again.

    I am using a Windows XP pc, SP3.

    I would be most grateful if someone could guide me remove this virus/trojan/malware from my computer.

    Thanks!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Welcome to TechSpot! I'll be glad to help you find the cause of the bad image.

    The first place to look is to see if malware is corrupting files.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    I'll review the log entries and we'll go from there.
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    Thanks! I'm currently doing the full scans right now. I tried doing fast-scans earlier today since I was pressed for time but they all came out clean. I'll post as soon the scans are finished.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Please just follow the directions. I will be having you run additional scans with other programs.
  5. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    I ran a full scan on avast! and it did not detect any threats.

    This is the Malwarebytes log

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6998

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    7/2/2011 2:05:01 PM
    mbam-log-2011-07-02 (14-05-01).txt

    Scan type: Full scan (A:\|C:\|D:\|E:\|)
    Objects scanned: 337389
    Time elapsed: 1 hour(s), 7 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{41312f16-a138-455a-bfd1-effb609b9fd0}\RP14\A0015865.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{41312f16-a138-455a-bfd1-effb609b9fd0}\RP14\A0017399.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{41312f16-a138-455a-bfd1-effb609b9fd0}\RP16\A0022889.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    c:\documents and settings\Pechy\Desktop\dade\applications downloaded\mywebfacesetup2.3.50.62.grman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    ---------------------------------

    GMER log

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-02 21:11:02
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST3160815AS rev.4.AAB
    Running: gmer.exe; Driver: C:\DOCUME~1\Pechy\LOCALS~1\Temp\ugtdypob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4C6EBF2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4C6EA5D]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4CEE902]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\au2k6izw \Device\Scsi\au2k6izw1Port4Path0Target0Lun0 8A4E31F8
    Device \Driver\au2k6izw \Device\Scsi\au2k6izw1 8A4E31F8
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 8A8901F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    I tried running the DDS but I only get a lot of jumbled boxes on notepad, nothing near what the instruction said, does it matter that it said it was saved as an AutoCAD script, we have AutoCAD (my sister is taking up engineering), so I'm not sure if that has anything to do with it.
  6. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    Fixed my dds problem, i tried changing the extension to .exe and it worked! Here are the logs.

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
    Run by Pechy at 13:44:13 on 2011-07-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.733 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\LGScsiCommandService.exe
    C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\WTClient.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MagicTune Premium\GammaTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MagicTune Premium\MagicTune.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-29FRz
    uWindow Title = Internet Explorer
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [WTClient] WTClient.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\pechy\application data\mozilla\firefox\profiles\s9t57nz4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - plugin: c:\documents and settings\pechy\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\pechy\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\pechy\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\pechy\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 200000
    FF - user.js: content.notify.interval - 100000
    FF - user.js: content.switch.threshold - 650000
    FF - user.js: nglayout.initialpaint.delay - 300
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-29 307928]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-29 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-29 42184]
    R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2011-4-28 47616]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-29 366640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-29 22712]
    R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]
    S1 8914083d;8914083d;c:\windows\system32\drivers\8914083d.sys --> c:\windows\system32\drivers\8914083d.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9a086531769f8;Google Update Service (gupdate1c9a086531769f8);c:\program files\google\update\GoogleUpdate.exe [2009-3-9 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-9 133104]
    S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys --> c:\windows\system32\drivers\idmtdi.sys [?]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-22 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-22 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-22 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-22 40552]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-2-27 18432]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-5 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-5 8320]
    S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]
    S3 SQ931;V-Gear TalkCam RX7;c:\windows\system32\drivers\Capt931a.sys [2009-5-9 526464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    .scr=MSScriptControl.ScriptControl
    .
    =============== Created Last 30 ================
    .
    2011-06-30 10:07:21 6708 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-29 22:10:59 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-06-29 22:10:40 40112 ----a-w- c:\windows\avastSS.scr
    2011-06-29 22:10:32 -------- d-----w- c:\program files\AVAST Software
    2011-06-29 22:10:32 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-06-29 21:56:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-29 21:56:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-29 21:56:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-29 19:41:18 -------- d-----w- c:\windows\ERUNT
    2011-06-28 20:53:28 -------- d-----w- c:\program files\WINDOW~4
    2011-06-26 06:15:40 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-06-25 18:28:18 -------- d-----w- c:\program files\Destiny Online
    2011-06-24 14:47:08 -------- d-----w- c:\documents and settings\pechy\application data\AVG10
    2011-06-24 14:43:02 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-06-24 14:02:27 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-06-24 13:33:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-06-24 13:33:04 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-24 13:23:27 -------- d-----w- c:\program files\Application Updater(2)
    2011-06-24 13:23:26 -------- d-----w- c:\program files\YouTube Downloader Toolbar(2)
    2011-06-23 16:19:19 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2011-06-23 16:17:51 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2011-06-23 16:17:51 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-23 16:17:51 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2011-06-23 16:17:51 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2011-06-23 16:17:51 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2011-06-23 16:17:51 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2011-06-23 16:17:32 -------- d-----w- c:\program files\HP
    2011-06-23 16:16:51 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2011-06-23 16:16:51 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2011-06-23 16:16:44 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
    2011-06-23 16:16:43 606208 ----a-w- c:\windows\system32\hpotscl.dll
    2011-06-23 16:16:43 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2011-06-23 16:16:43 258122 ----a-w- c:\windows\system32\hpovst08.dll
    2011-06-23 16:16:33 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2011-06-23 16:16:31 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2011-06-23 16:16:31 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2011-06-23 12:13:45 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-06-23 12:13:45 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-06-20 07:00:50 -------- d-----w- c:\windows\system32\NtmsData
    2011-06-19 22:34:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    ==================== Find3M ====================
    .
    2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 09:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 14:47:19 81920 ------w- c:\windows\system32\ieencode.dll
    2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 14:47:19 61952 ------w- c:\windows\system32\tdc.ocx
    2011-04-25 12:56:44 369664 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
    2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-10-01 16:11:56 462112 ----a-w- c:\program files\common files\ZugoInstaller.exe
    .
    ============= FINISH: 13:45:13.37 ===============

    ATTACH.txt log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/5/2009 2:03:03 PM
    System Uptime: 7/3/2011 6:58:32 AM (7 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5SD2-VM
    Processor: Intel Pentium III Xeon processor | LGA 775 | 2800/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 46.698 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: SiS191 Ethernet Controller
    Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_825E1043&REV_02\3&267A616A&0&20
    Manufacturer: Silicon Integrated Systems Corp.
    Name: SiS191 Ethernet Controller
    PNP Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_825E1043&REV_02\3&267A616A&0&20
    Service: SiSGbeXP
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Apple Mobile Device Ethernet
    Device ID: ROOT\NET\0000
    Manufacturer: Apple
    Name: Apple Mobile Device Ethernet
    PNP Device ID: ROOT\NET\0000
    Service: Netaapl
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: SiS190 100/10 Ethernet Device
    Device ID: ROOT\NET\0001
    Manufacturer: Silicon Integrated Systems Corp.
    Name: SiS190 100/10 Ethernet Device
    PNP Device ID: ROOT\NET\0001
    Service: SiSGbeXP
    .
    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia N97
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP1: 6/1/2011 4:04:04 PM - System Checkpoint
    RP2: 6/2/2011 10:39:51 PM - System Checkpoint
    RP3: 6/4/2011 8:38:51 AM - System Checkpoint
    RP4: 6/6/2011 9:51:33 PM - System Checkpoint
    RP5: 6/8/2011 8:27:52 AM - System Checkpoint
    RP6: 6/9/2011 9:33:59 AM - System Checkpoint
    RP7: 6/10/2011 11:54:02 AM - System Checkpoint
    RP8: 6/11/2011 5:19:53 PM - System Checkpoint
    RP9: 6/14/2011 7:34:20 AM - System Checkpoint
    RP10: 6/15/2011 9:40:02 AM - System Checkpoint
    RP11: 6/18/2011 8:23:30 PM - System Checkpoint
    RP12: 6/21/2011 10:54:03 AM - System Checkpoint
    RP13: 6/23/2011 9:39:45 AM - System Checkpoint
    RP14: 6/24/2011 6:30:41 AM - Restore Operation
    RP15: 6/26/2011 6:52:27 AM - System Checkpoint
    RP16: 6/29/2011 11:22:54 AM - System Checkpoint
    RP17: 6/30/2011 7:42:53 PM - System Checkpoint
    RP18: 7/3/2011 9:22:40 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    !e-library!
    µTorrent
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.2
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AiO_Scan
    Antares Autotune VST v5.09
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Magic-i 3
    AudioConverter Studio 6.0
    AutoCAD Architecture 2009
    avast! Free Antivirus
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.4
    Bonjour
    CCleaner
    CloneDVD2
    Connect
    ConvertXtoDVD 4.1.10.348
    Cool Edit Pro 2.0
    Core Temp version 0.99.7
    dBpoweramp [Arrange Audio] Codec
    dBpoweramp [Audio Info] Codec
    dBpoweramp [Channel Split] Codec
    dBpoweramp [ID Tag Update] Codec
    dBpoweramp [Length Split] Codec
    dBpoweramp [Multi Encoder] Codec
    dBpoweramp [ReplayGain] Codec
    dBpoweramp [Tag From Filename] Codec
    dBpoweramp DSP Effects
    dBpoweramp Music Converter
    DivX Codec
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Web Player
    DVD X Player 5.2 Professional
    Facebook Plug-In
    GOM Player
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP PSC & OfficeJet 5.3.B
    ImagXpress
    Internet Download Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    kuler
    LG USB Modem Drivers
    MagicTune Premium
    Malwarebytes' Anti-Malware version 1.51.0.1200
    ManyCam 2.5.48 (remove only)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.5.9)
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    MXL USB Recorder 1.0
    neroxml
    Nokia Connectivity Cable Driver
    Nokia Home Media Server
    Nokia Map Loader
    Nokia Multimedia Common Components 2.4
    Nokia Music
    Nokia Ovi Application Installer
    Nokia Ovi Application Installer 6.85.3011
    Nokia Ovi Content Copier
    Nokia Ovi Content Copier 6.85.3011
    Nokia Ovi One Touch Access
    Nokia Ovi One Touch Access 6.85.3019
    Nokia Ovi Suite
    Nokia Ovi System Utilities
    Nokia Ovi System Utilities 6.85.3018
    Nokia Photos
    Nokia Software Updater
    NVIDIA Drivers
    NVIDIA DVD Decoder
    PC Connectivity Solution
    PDF Settings CS4
    Photoshop Camera Raw
    Picasa 3
    Primo
    QFolder
    QuickTime
    Realtek High Definition Audio Driver
    RockMelt
    Runtime
    Safari
    Samsung_MonSetup
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sony Picture Utility
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    The Sims Medieval
    Tube Toolbox
    TuneUp Utilities 2008
    UltimateDefrag 2008
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    V-Gear TalkCam RX7
    VC80CRTRedist - 8.0.50727.762
    WebFldrs XP
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Media Format 11 runtime
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/30/2011 8:29:05 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer SICLOT-IAR60G6H using any of the configured protocols.
    6/30/2011 8:29:03 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer BEDROOMPC using any of the configured protocols.
    6/30/2011 3:00:17 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows XP (KB2541763).
    6/29/2011 9:24:24 PM, error: System Error [1003] - Error code 100000d1, parameter1 75927f88, parameter2 00000002, parameter3 00000000, parameter4 b5fc2c1d.
    6/29/2011 3:37:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    6/29/2011 3:17:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSP aswTdi ElbyCDIO Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
    6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 3:17:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/29/2011 3:16:32 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    6/29/2011 3:13:27 PM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).
    6/29/2011 12:41:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ElbyCDIO Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
    6/29/2011 12:40:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/29/2011 11:43:40 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    6/28/2011 8:25:10 PM, error: System Error [1003] - Error code 10000050, parameter1 ffff0000, parameter2 00000000, parameter3 806342c0, parameter4 00000000.
    6/28/2011 2:48:30 PM, error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32.
    6/28/2011 12:33:10 PM, error: System Error [1003] - Error code 10000050, parameter1 ffff0000, parameter2 00000000, parameter3 bf80226f, parameter4 00000000.
    6/28/2011 1:53:36 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b52f02c8, parameter3 b52effc4, parameter4 b9d1389e.
    6/26/2011 3:23:20 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54254 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.202.77.164:123->65.55.56.40:123) is working properly.
    .
    ==== End Of File ===========================
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Okay, I noticed a couple of things in these logs:
    You installed an HP All in one on 6/29. It has a large number of processes running. They are legitimate, but some are big resource users. None of the HP processes need to Start on boot, then run in the background.
    =====================================
    The error message you got:
    AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll>> Bearshare MediaBar

    This category loads a DLL into memory when the user logs in, after which it stays in memory
    until logoff. Very few legitimate programs use it most often it is used by trojans or aggressive browser hijackers.

    So I strongly recommend that if you deliberately downloaded this MediaBar, remove it from the Startup Menu and uninstall it. I will removed any left over entries after you've run Combofix.
    ===================================
    Please run the following to check out a GMER entry:
    Download aswMBR to your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan:
      Note: You will get a black screen- this is normal.
      [*]On completion of the scan click "Save log", save it to your desktop
      [*]Post in your next reply:

    =====================================
    When the above has finished, please go on to the following:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

    Please leve the logs in your next reply.
  8. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    I couldn't find the Bearshare Mediabar you were talking about... I don't recall installing such program. I also tried locating it but to no avail...

    I was worried though when you mentioned about the HP processes, do you think it has a link to what I'm experiencing now? come to think of it, all the symptoms started after I installed the driver. I just uninstalled it for now, I'll go find my cd driver for the printer (and not the one I DLed online), just to be sure.

    -----------------------------------------------------------------------------------

    This is the aswMBR log

    aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
    Run date: 2011-07-05 22:55:04
    -----------------------------
    22:55:04.500 OS Version: Windows 5.1.2600 Service Pack 3
    22:55:04.500 Number of processors: 2 586 0x170A
    22:55:04.500 ComputerName: SICLOT UserName: Pechy
    22:55:05.281 Initialize success
    22:55:05.421 AVAST engine defs: 11070500
    22:55:16.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
    22:55:16.187 Disk 0 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
    22:55:16.187 Disk 0 MBR read error 0
    22:55:16.187 Disk 0 MBR scan
    22:55:16.187 Disk 0 unknown MBR code
    22:55:16.187 MBR BIOS signature not found 0
    22:55:16.187 Disk 0 scanning sectors +312560640
    22:55:16.187 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:55:19.187 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
    22:55:29.234 Service scanning
    22:55:30.078 Disk 0 trace - called modules:
    22:55:30.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkb.sys >>UNKNOWN [0x8a841938]<<
    22:55:30.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e7ab8]
    22:55:30.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8a884f18]
    22:55:30.078 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a889d98]
    22:55:30.640 AVAST engine scan C:\WINDOWS
    22:57:00.906 AVAST engine scan C:\Documents and Settings\Pechy
    22:57:00.921 AVAST engine scan C:\Documents and Settings\All Users
    22:57:00.921 Scan finished successfully
    22:59:11.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pechy\Desktop\MBR.dat"
    22:59:11.093 The log file has been saved successfully to "C:\Documents and Settings\Pechy\Desktop\aswMBR.txt"

    ---------------------------------------------

    and the combofix log

    ComboFix 11-07-05.02 - Pechy 07/05/2011 23:53:46.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1413 [GMT -7:00]
    Running from: c:\documents and settings\Pechy\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Pechy\Application Data\inst.exe
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchplugins\SearchquWebSearch.xml
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\GameCategories.xml
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\GameTypes.xml
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\guid.dat
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\preferences.dat
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\stats.dat
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\uninstallFF.dat
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\category_cache.xml
    c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\widget_cache.xml
    C:\Install.exe
    c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    C:\Thumbs.db
    c:\windows\epedebol.exe
    c:\windows\jibykulaly._sy
    c:\windows\system32\detoured.dll
    c:\windows\system32\Thumbs.db
    c:\windows\ytyfibofo.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-30 10:07 . 2011-06-30 10:07 6708 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-29 22:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-06-29 22:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-29 22:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-06-29 22:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-06-29 22:10 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-06-29 22:10 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-06-29 22:10 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-06-29 22:10 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-06-29 22:10 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-06-29 22:10 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\program files\AVAST Software
    2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-06-29 21:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-29 21:56 . 2011-06-29 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-29 21:56 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-29 19:41 . 2011-06-29 19:41 -------- d-----w- c:\windows\ERUNT
    2011-06-28 20:53 . 2011-06-28 20:53 -------- d-----w- c:\program files\WINDOW~4
    2011-06-26 06:15 . 2011-07-02 21:09 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-06-25 18:28 . 2011-06-26 01:18 -------- d-----w- c:\program files\Destiny Online
    2011-06-24 14:47 . 2011-06-24 14:47 -------- d-----w- c:\documents and settings\Pechy\Application Data\AVG10
    2011-06-24 14:43 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-24 14:02 . 2011-06-29 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-24 13:33 . 2011-06-24 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-24 13:23 . 2011-06-24 13:31 -------- d-----w- c:\program files\Application Updater(2)
    2011-06-24 13:23 . 2011-06-24 13:31 -------- d-----w- c:\program files\YouTube Downloader Toolbar(2)
    2011-06-24 13:16 . 2011-06-24 13:31 -------- d-s---w- c:\documents and settings\TEMP
    2011-06-23 16:19 . 2011-06-23 16:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2011-06-23 16:17 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2011-06-23 16:17 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-23 16:17 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2011-06-23 16:17 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2011-06-23 16:17 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2011-06-23 16:17 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2011-06-23 16:17 . 2011-06-23 16:17 -------- d-----w- c:\program files\HP
    2011-06-23 16:16 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2011-06-23 16:16 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2011-06-23 16:16 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
    2011-06-23 16:16 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2011-06-23 16:16 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
    2011-06-23 16:16 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
    2011-06-23 16:16 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2011-06-23 16:16 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2011-06-23 12:13 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-06-23 12:13 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-06-20 07:00 . 2011-06-20 19:39 -------- d-----w- c:\windows\system32\NtmsData
    2011-06-19 22:34 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-14 06:24 . 2011-06-14 06:24 -------- d-----w- c:\program files\Common Files\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-04 11:52 . 2010-12-21 22:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 09:25 . 2009-03-15 19:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31 . 2009-03-05 21:59 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2009-06-23 13:39 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2009-06-23 13:39 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 14:47 . 2009-03-05 22:16 81920 ------w- c:\windows\system32\ieencode.dll
    2011-04-25 14:47 . 2004-02-18 18:02 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 14:47 . 2004-02-18 18:02 61952 ------w- c:\windows\system32\tdc.ocx
    2011-04-25 12:56 . 2009-03-05 22:16 369664 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-02-16 19:09 105472 ------w- c:\windows\system32\drivers\mup.sys
    2010-10-01 16:11 . 2010-11-03 04:10 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2010-12-21 16:29 66656 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "WTClient"="WTClient.exe" [2009-08-19 32768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2011-3-12 36864]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ManyCam"="c:\documents and settings\Pechy\My Documents\ManyCam\Bin\ManyCam.exe" /silent
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    "RockMelt Update"="c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SQ931STI"=c:\windows\SQ931STI.EXE
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14277:TCP"= 14277:TCP:BitCometLite 14277 TCP
    "14277:UDP"= 14277:UDP:BitCometLite 14277 UDP
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/4/2010 11:17 AM 691696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/29/2011 3:10 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/29/2011 3:11 PM 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2011 3:11 PM 19544]
    R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [4/28/2011 11:50 PM 47616]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/29/2011 2:56 PM 366640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/29/2011 2:56 PM 22712]
    R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/22/2009 2:58 AM 23208]
    S1 8914083d;8914083d;c:\windows\system32\drivers\8914083d.sys --> c:\windows\system32\drivers\8914083d.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate1c9a086531769f8;Google Update Service (gupdate1c9a086531769f8);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
    S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2/27/2011 8:37 AM 18432]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/5/2010 11:38 PM 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/5/2010 11:38 PM 8320]
    S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [6/22/2009 2:58 AM 14504]
    S3 SQ931;V-Gear TalkCam RX7;c:\windows\system32\drivers\Capt931a.sys [5/9/2009 6:59 PM 526464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-06 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 17:09]
    .
    2011-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
    .
    2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacf61f525d99a.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
    .
    2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
    .
    2011-07-04 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003Core.job
    - c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
    .
    2011-07-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003UA.job
    - c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
    .
    2010-01-07 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-06-30 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-29FRz
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 124.106.4.2 124.106.7.2
    FF - ProfilePath - c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 200000
    FF - user.js: content.notify.interval - 100000
    FF - user.js: content.switch.threshold - 650000
    FF - user.js: nglayout.initialpaint.delay - 300
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
    MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-06 00:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC9704A2-2DED-221C-EE67-50A8DF3B68C2}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iafknnbjgamndbamad"=hex:6a,61,69,62,68,6d,6a,6f,63,68,6f,70,6f,6e,65,64,6f,61,
    67,64,00,f1
    "haledimobiflmjme"=hex:6a,61,65,64,63,6a,67,67,6b,6d,6a,65,6f,65,70,67,6d,63,
    70,6e,00,00
    .
    [HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:ea,3c,e5,df,3b,ef,00,de,68,a3,da,9a,62,a5,25,c9,b2,15,9b,3f,13,39,28,
    6a,fb,99,31,4e,88,c0,f1,a2,bb,13,fc,55,87,fc,9e,07,27,b0,1d,fe,c1,9a,8e,59,\
    "??"=hex:a3,a6,29,32,d1,75,f6,5a,ea,b3,d6,26,80,45,6f,b5
    .
    [HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:43,d8,7f,dc,e6,e5,02,28,94,c6,2f,bb,2a,a2,b3,d0,a3,5b,65,b5,9f,
    b7,92,7f,f1,d9,8e,c8,e2,83,ed,c3,67,50,60,77,db,14,f6,cd,51,a4,cc,c1,9b,d0,\
    "rkeysecu"=hex:01,24,52,71,c9,94,ed,27,55,2a,be,33,f4,47,bb,85
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3dd4e7d9-3c38-4eee-a7b3-38cb0bbbbaab}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000055
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0f,e3,0d,38,9a,76,69,d2,05,ac,af,36,fa,e1,a8,45,db,f1,49,e8,00,
    ae,01,1f,4d,5e,cc,51,de,0a,3f,af,73,a5,83,f5,e0,d6,12,37,00,00,00,00,00,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1740)
    c:\program files\Internet Download Manager\IDMShellExt.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\MagicTune Premium\MagicTuneEngine.exe
    c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    c:\program files\ArcSoft\Magic-i 3\uMgiSvr.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\WTClient.exe
    c:\windows\system32\WISPTIS.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\MagicTune Premium\MagicTune.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-06 00:11:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-06 07:11
    .
    Pre-Run: 49,657,384,960 bytes free
    Post-Run: 50,111,275,008 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 73F4DD2AC71966AED253DC1339A07E61


    to note though, when combofix restarted my pc, I noticed that I didn't get the pop ups anymore during boot-up. That's a good sign~

    Thank you anyway for being so patient with me~ haha. >.< I know you have a lot in your hands...

    Hope to hear from you soon!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    If you were searching for the BearshareMediaBar You could have missed it's entry:
    From Systemlook:
    File Name: datamngr.dll
    Description: Bearshare MediaBar
    Note: Usually found in the folder %ProgramFiles%\BearShare Applications\BearShare
    I have included this in the script below for you to run through Combofix
    ===============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\PerfStringBackup.TMP
    c:\program files\Common Files\ZugoInstaller.exe
    c:\windows\system32\drivers\8914083d.sys
    Folder::
    c:\program files\Application Updater(2)
    c:\program files\YouTube Downloader Toolbar(2)
    c:\documents and settings\TEMP
    DDS::
    uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-29FRz
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll
    DirLook:: 
    c:\program files\WINDOW~4
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "RockMelt Update"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "14277:TCP"=-
    "14277:UDP"=- 
    RegNull::
    [HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC9704A2-2DED-221C-EE67-50A8DF3B68C2}*]
    [HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    [HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\License information*]
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3dd4e7d9-3c38-4eee-a7b3-38cb0bbbbaab}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    Driver::
    8914083d;8914083d
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ==================================================
    Remove from Firefox: Tools> Addons> Extensions or plugins:
    Java v6u12, v6u23, v6u24, v6u26.
    You do not have to add a separate extenion to Firefox when you update Java.
    =================================================
    All of my printers/scanners/copiers have been from HP. SO I'm familiar with all the processes they put on the system. NONE need to start on boot! The Print function can be opened by clicking on File> Print when you need it
    ================================================
    There is way to much going on in the system! You need to be a bit more particular about all the warm, fuzzy addons and downloads. File sharing is a road to malware! You share files- you share malware> plain and simple! And you have almost no security!
    ===============================================
    Your network is not configured correctly:
    Computer SICLOT-IAR60G6H and Computer BEDROOMPC can't talk or see each other because the network protocol isn't correct.using any of the configured protocols.
    =================================
    I recommend that you stop these scheduled Tasks:
    To stop the Tasks: Click on All Programs> Accessorite> System Tools> Scheduled Tasks> Find each Task and remove it.
    ======================================
    Please go on to my next reply when finished.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    When finished handling previous reply, please go on to this:

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =================================
    Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  11. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    HAHA. its a family computer that's why... so that would explain all the mumbo jumbo in the system.. I don't use this pc much unless they complain somethin wrong..

    We just moved into a new house so its still a mess all of it.. We had a 2 pcs in a network before hence the BEDROOMPC thing.. we're just using pc atm...

    (WE DON'T EVEN HAVE NET YET!) I'm using another pc right now so I'm just going to put this file in the usb... ill post results after I do those things ^^ up there. hahaha.

    Truth be told. I really want to just reformat the pc but they didn't want to. blah.. so im stuck with this. lol.
  12. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    here ya go~

    combofix log:
    ComboFix 11-07-09.03 - Pechy 07/10/2011 14:38:09.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1370 [GMT -7:00]
    Running from: c:\documents and settings\Pechy\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Pechy\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\program files\Common Files\ZugoInstaller.exe"
    "c:\windows\system32\drivers\8914083d.sys"
    "c:\windows\system32\PerfStringBackup.TMP"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Application Updater(2)
    c:\program files\Application Updater(2)\ApplicationUpdater(2).exe
    c:\program files\Common Files\ZugoInstaller.exe
    c:\program files\YouTube Downloader Toolbar(2)
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\chevron.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\chevron.xul
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\login.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\login.xul
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\parser.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\RssTickerWidget.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\searchbox.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\searchbox.xul
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\utils.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgichevron.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgicomm.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgihandling.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgilisteners.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgitoolbarplugin.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgitoolbarplugin.xul
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgiui.js
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\locale(2)\EN-US(2)\searchbox.dtd
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\locale(2)\EN-US(2)\widgitoolbarplugin.dtd
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\locale(2)\EN-US(2)\yahoo-search.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\amazon.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\chevron.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\dailymotion.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ebay.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\hulu.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\icon_settings.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\metacafe.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-button-hover.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-button.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-chevron-hover.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-chevron.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_amazon.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_ebay.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_yahoo.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_youtube.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\searchbox.css
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\splitter.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\veoh.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\widgitoolbarplugin.css
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\youtube.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ytd.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ytd_logo.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ytd_logo_hover.gif
    c:\program files\YouTube Downloader Toolbar(2)\FF(2)\install.rdf
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\amazon.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\dailymotion.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ebay.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\hulu.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\icon_settings.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\metacafe.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-button-hover.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-button.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-chevron-hover.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-chevron.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_amazon.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_ebay.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_yahoo.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_youtube.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\veoh.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\widgets.xml
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\youtube.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ytd.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ytd_logo.gif
    c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ytd_logo_hover.gif
    C:\Thumbs.db
    c:\windows\system32\$winnt$.inf
    c:\windows\system32\PerfStringBackup.TMP
    c:\windows\vb.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-10 20:06 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2011-06-29 22:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-06-29 22:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-29 22:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-06-29 22:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-06-29 22:10 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-06-29 22:10 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-06-29 22:10 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-06-29 22:10 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-06-29 22:10 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-06-29 22:10 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\program files\AVAST Software
    2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-06-29 21:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-29 21:56 . 2011-06-29 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-29 21:56 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-29 19:41 . 2011-06-29 19:41 -------- d-----w- c:\windows\ERUNT
    2011-06-26 06:15 . 2011-07-02 21:09 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-06-25 18:28 . 2011-06-26 01:18 -------- d-----w- c:\program files\Destiny Online
    2011-06-24 14:47 . 2011-06-24 14:47 -------- d-----w- c:\documents and settings\Pechy\Application Data\AVG10
    2011-06-24 14:43 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-24 14:02 . 2011-06-29 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-24 13:33 . 2011-06-24 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-24 13:16 . 2011-06-24 13:31 -------- d-s---w- c:\documents and settings\TEMP
    2011-06-23 16:19 . 2011-06-23 16:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2011-06-23 16:17 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2011-06-23 16:17 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-23 16:17 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2011-06-23 16:17 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2011-06-23 16:17 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2011-06-23 16:17 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2011-06-23 16:17 . 2011-06-23 16:17 -------- d-----w- c:\program files\HP
    2011-06-23 16:16 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2011-06-23 16:16 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2011-06-23 16:16 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
    2011-06-23 16:16 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2011-06-23 16:16 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
    2011-06-23 16:16 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
    2011-06-23 16:16 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2011-06-23 16:16 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2011-06-23 12:13 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-06-23 12:13 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-06-20 07:00 . 2011-06-20 19:39 -------- d-----w- c:\windows\system32\NtmsData
    2011-06-19 22:34 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-14 06:24 . 2011-06-14 06:24 -------- d-----w- c:\program files\Common Files\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-04 11:52 . 2010-12-21 22:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 09:25 . 2009-03-15 19:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31 . 2009-03-05 21:59 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2009-06-23 13:39 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2009-06-23 13:39 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 14:47 . 2009-03-05 22:16 81920 ------w- c:\windows\system32\ieencode.dll
    2011-04-25 14:47 . 2004-02-18 18:02 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 14:47 . 2004-02-18 18:02 61952 ------w- c:\windows\system32\tdc.ocx
    2011-04-25 12:56 . 2009-03-05 22:16 369664 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-02-16 19:09 105472 ------w- c:\windows\system32\drivers\mup.sys
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\program files\WINDOW~4 ----
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-07-06_07.07.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-07-10 21:35 . 2011-07-10 21:35 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
    + 2011-06-23 16:16 . 2005-03-08 19:42 61440 c:\windows\system32\spool\drivers\w32x86\3\hpztbi12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 69632 c:\windows\system32\spool\drivers\w32x86\3\hpzflt12.dll
    - 2011-06-23 13:17 . 2001-08-18 05:36 32768 c:\windows\system32\spool\drivers\w32x86\3\HPFUI50.DLL
    + 2011-07-10 18:39 . 2001-08-18 05:36 32768 c:\windows\system32\spool\drivers\w32x86\3\HPFUI50.DLL
    - 2011-06-23 13:17 . 2008-04-14 12:41 87552 c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
    + 2011-07-10 18:39 . 2008-04-14 12:41 87552 c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
    + 2011-07-10 18:21 . 2005-06-22 14:03 17505 c:\windows\hpomdl07.dat
    + 2011-06-23 16:16 . 2005-03-08 19:42 176188 c:\windows\system32\spool\drivers\w32x86\3\hpzvip12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:42 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztbu12.exe
    + 2011-06-23 16:16 . 2005-03-08 19:42 180224 c:\windows\system32\spool\drivers\w32x86\3\hpzstw12.exe
    + 2011-06-23 16:16 . 2005-03-08 19:42 401408 c:\windows\system32\spool\drivers\w32x86\3\hpzstc12.exe
    + 2011-06-23 16:16 . 2005-03-18 18:32 180315 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:42 679936 c:\windows\system32\spool\drivers\w32x86\3\hpzslk12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:42 372736 c:\windows\system32\spool\drivers\w32x86\3\hpzres12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:42 331776 c:\windows\system32\spool\drivers\w32x86\3\hpzpre12.exe
    + 2011-06-23 16:16 . 2005-03-08 19:41 507904 c:\windows\system32\spool\drivers\w32x86\3\hpzpm312.dll
    + 2011-06-23 16:16 . 2005-03-08 19:42 143360 c:\windows\system32\spool\drivers\w32x86\3\hpzpcl12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 139345 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:42 225280 c:\windows\system32\spool\drivers\w32x86\3\hpzjui12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 352256 c:\windows\system32\spool\drivers\w32x86\3\hpzime12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 659456 c:\windows\system32\spool\drivers\w32x86\3\hpzeng12.exe
    + 2011-06-23 16:16 . 2005-03-08 19:41 393216 c:\windows\system32\spool\drivers\w32x86\3\hpzcon12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 196608 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 299008 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg12.exe
    + 2011-06-23 16:16 . 2005-03-08 19:41 212992 c:\windows\system32\spool\drivers\w32x86\3\hpz2ku12.dll
    + 2011-06-23 16:16 . 2005-04-13 02:50 179931 c:\windows\system32\spool\drivers\w32x86\3\hpop1512.dat
    + 2011-07-10 18:39 . 2001-08-18 05:36 435200 c:\windows\system32\spool\drivers\w32x86\3\HPF900AL.DLL
    - 2011-06-23 13:17 . 2001-08-18 05:36 435200 c:\windows\system32\spool\drivers\w32x86\3\HPF900AL.DLL
    + 2011-07-10 20:11 . 2011-07-10 20:11 728064 c:\windows\Installer\5a7f74.msi
    + 2011-07-10 20:10 . 2011-07-10 20:10 136704 c:\windows\Installer\5a7f6f.msi
    + 2011-07-10 20:07 . 2011-07-10 20:11 102262 c:\windows\hpoins05.dat
    - 2011-06-23 16:16 . 2011-06-23 16:19 102262 c:\windows\hpoins05.dat
    + 2011-06-23 16:16 . 2005-03-08 19:42 7348224 c:\windows\system32\spool\drivers\w32x86\3\hpztbx12.exe
    + 2011-06-23 16:16 . 2005-03-08 19:44 1761280 c:\windows\system32\spool\drivers\w32x86\3\hpzrm312.dll
    + 2011-06-23 16:16 . 2005-03-08 19:44 3203072 c:\windows\system32\spool\drivers\w32x86\3\hpzr3212.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 2150400 c:\windows\system32\spool\drivers\w32x86\3\hpzims12.dll
    + 2011-06-23 16:16 . 2005-03-08 19:41 1597440 c:\windows\system32\spool\drivers\w32x86\3\hpzimc12.dll
    + 2011-07-10 18:39 . 2001-08-18 05:36 1853952 c:\windows\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
    - 2011-06-23 13:17 . 2001-08-18 05:36 1853952 c:\windows\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2010-12-21 16:29 66656 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "WTClient"="WTClient.exe" [2009-08-19 32768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2011-3-12 36864]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ManyCam"="c:\documents and settings\Pechy\My Documents\ManyCam\Bin\ManyCam.exe" /silent
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SQ931STI"=c:\windows\SQ931STI.EXE
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14277:TCP"= 14277:TCP:BitCometLite 14277 TCP
    "14277:UDP"= 14277:UDP:BitCometLite 14277 UDP
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/4/2010 11:17 AM 691696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/29/2011 3:10 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/29/2011 3:11 PM 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2011 3:11 PM 19544]
    R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [4/28/2011 11:50 PM 47616]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/29/2011 2:56 PM 366640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/29/2011 2:56 PM 22712]
    R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/22/2009 2:58 AM 23208]
    S1 8914083d;8914083d;c:\windows\system32\drivers\8914083d.sys --> c:\windows\system32\drivers\8914083d.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate1c9a086531769f8;Google Update Service (gupdate1c9a086531769f8);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
    S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2/27/2011 8:37 AM 18432]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/5/2010 11:38 PM 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/5/2010 11:38 PM 8320]
    S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [6/22/2009 2:58 AM 14504]
    S3 SQ931;V-Gear TalkCam RX7;c:\windows\system32\drivers\Capt931a.sys [5/9/2009 6:59 PM 526464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-10 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 17:09]
    .
    2011-07-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 00:44]
    .
    2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacf61f525d99a.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
    .
    2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
    .
    2011-07-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003UA.job
    - c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
    .
    2011-07-10 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-06-30 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.162.1.1
    FF - ProfilePath - c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 200000
    FF - user.js: content.notify.interval - 100000
    FF - user.js: content.switch.threshold - 650000
    FF - user.js: nglayout.initialpaint.delay - 300
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-10 14:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-07-10 14:57:50
    ComboFix-quarantined-files.txt 2011-07-10 21:57
    ComboFix2.txt 2011-07-06 07:11
    .
    Pre-Run: 49,754,464,256 bytes free
    Post-Run: 49,910,697,984 bytes free
    .
    - - End Of File - - 15A3AC6F5D06EDC1A7F31E144B6072AA

    ESET LOG:

    C:\Documents and Settings\Pechy\My Documents\Downloads\Facemoods.exe a variant of Win32/SweetIM.B application
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20091023-164934-239.dll probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\Qoobox\Quarantine\C\Program Files\Application Updater(2)\ApplicationUpdater(2).exe.vir probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\Qoobox\Quarantine\C\Program Files\Common Files\ZugoInstaller.exe.vir Win32/Toolbar.Zugo application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP13\A0015824.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP13\A0015829.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP13\A0015830.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0015857.dll a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0015872.exe a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0017374.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0017379.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0017380.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP16\A0022883.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP16\A0022888.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP16\A0022890.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP20\A0034428.exe probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP20\A0034429.exe Win32/Toolbar.Zugo application
    ----------------------------

    SECURITY LOG:

    Results of screen317's Security Check version 0.99.17
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    TuneUp Utilities 2008
    CCleaner
    Java(TM) 6 Update 26
    Flash Player Out of Date!
    Adobe Flash Player 10.2.159.1
    Mozilla Firefox (3.5.9) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    I kind of think we may both be wasting our time! Back up the files and folders THEY want to keep and then do a reformat/reinstall! Don't add everything back. Be selective. Then get the network set up. If you think there may be malware problems at that point, start a new thread for the R/R system.

    Don't do any System Restore. Too many of the rstore points are infected.
     
  14. crimsonheis

    crimsonheis Newcomer, in training Topic Starter Posts: 25

    oh okay... really? @_@ then I'll just have to do that then... I think i'll just put a vista on this one...
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Be sure to do a Compatibility Check first. And don't just put everything back on the system!

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    Be sure to drop all of the restore points.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    ===========================================
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.