Resolved Bad image error upon boot up and opening programs

Status
Not open for further replies.
C

crimsonheis

Posts: 25   +0
Hello guys~!

Just a few days ago I have been having error dialogue boxes popping on my screen, usually when I open a program, or even during startup.

It usually says:

[program].exe - Bad Image
The application or DLL c:\program~1\window~\datamngr\datamngr.dll is not a valid Windows image. Please check this against your installation diskette.

a number of these would pop-up consecutively it radically hinders my computer usage.

Also, at one time, I booted up my computer to find my desktop had been changed, it was as if it was reset, all my icons were gone and the wallpaper/theme was back to the windows default. I was able to bring back my old desktop by system restore though, this instance did not occur again.

I am using a Windows XP pc, SP3.

I would be most grateful if someone could guide me remove this virus/trojan/malware from my computer.

Thanks!
 
Welcome to TechSpot! I'll be glad to help you find the cause of the bad image.

The first place to look is to see if malware is corrupting files.

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

I'll review the log entries and we'll go from there.
=========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Thanks! I'm currently doing the full scans right now. I tried doing fast-scans earlier today since I was pressed for time but they all came out clean. I'll post as soon the scans are finished.
 
Please just follow the directions. I will be having you run additional scans with other programs.
 
I ran a full scan on avast! and it did not detect any threats.

This is the Malwarebytes log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6998

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/2/2011 2:05:01 PM
mbam-log-2011-07-02 (14-05-01).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 337389
Time elapsed: 1 hour(s), 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{41312f16-a138-455a-bfd1-effb609b9fd0}\RP14\A0015865.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{41312f16-a138-455a-bfd1-effb609b9fd0}\RP14\A0017399.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{41312f16-a138-455a-bfd1-effb609b9fd0}\RP16\A0022889.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\documents and settings\Pechy\Desktop\dade\applications downloaded\mywebfacesetup2.3.50.62.grman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
---------------------------------

GMER log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-02 21:11:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST3160815AS rev.4.AAB
Running: gmer.exe; Driver: C:\DOCUME~1\Pechy\LOCALS~1\Temp\ugtdypob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4C6EBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4C6EA5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4CEE902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\au2k6izw \Device\Scsi\au2k6izw1Port4Path0Target0Lun0 8A4E31F8
Device \Driver\au2k6izw \Device\Scsi\au2k6izw1 8A4E31F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A8901F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

I tried running the DDS but I only get a lot of jumbled boxes on notepad, nothing near what the instruction said, does it matter that it said it was saved as an AutoCAD script, we have AutoCAD (my sister is taking up engineering), so I'm not sure if that has anything to do with it.
 
Fixed my dds problem, i tried changing the extension to .exe and it worked! Here are the logs.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Pechy at 13:44:13 on 2011-07-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.733 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-29FRz
uWindow Title = Internet Explorer
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WTClient] WTClient.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pechy\application data\mozilla\firefox\profiles\s9t57nz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - plugin: c:\documents and settings\pechy\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\pechy\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\pechy\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\pechy\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-29 307928]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-29 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-29 42184]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2011-4-28 47616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-29 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-29 22712]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]
S1 8914083d;8914083d;c:\windows\system32\drivers\8914083d.sys --> c:\windows\system32\drivers\8914083d.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a086531769f8;Google Update Service (gupdate1c9a086531769f8);c:\program files\google\update\GoogleUpdate.exe [2009-3-9 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-9 133104]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys --> c:\windows\system32\drivers\idmtdi.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-22 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-22 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-22 40552]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-2-27 18432]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-5 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-5 8320]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]
S3 SQ931;V-Gear TalkCam RX7;c:\windows\system32\drivers\Capt931a.sys [2009-5-9 526464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=MSScriptControl.ScriptControl
.
=============== Created Last 30 ================
.
2011-06-30 10:07:21 6708 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-29 22:10:59 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-29 22:10:40 40112 ----a-w- c:\windows\avastSS.scr
2011-06-29 22:10:32 -------- d-----w- c:\program files\AVAST Software
2011-06-29 22:10:32 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-29 21:56:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-29 21:56:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 21:56:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-29 19:41:18 -------- d-----w- c:\windows\ERUNT
2011-06-28 20:53:28 -------- d-----w- c:\program files\WINDOW~4
2011-06-26 06:15:40 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-25 18:28:18 -------- d-----w- c:\program files\Destiny Online
2011-06-24 14:47:08 -------- d-----w- c:\documents and settings\pechy\application data\AVG10
2011-06-24 14:43:02 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-06-24 14:02:27 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-24 13:33:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-24 13:33:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-24 13:23:27 -------- d-----w- c:\program files\Application Updater(2)
2011-06-24 13:23:26 -------- d-----w- c:\program files\YouTube Downloader Toolbar(2)
2011-06-23 16:19:19 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-06-23 16:17:51 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-06-23 16:17:51 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-06-23 16:17:51 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-06-23 16:17:51 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-06-23 16:17:51 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-06-23 16:17:51 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-06-23 16:17:32 -------- d-----w- c:\program files\HP
2011-06-23 16:16:51 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-06-23 16:16:51 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-06-23 16:16:44 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-06-23 16:16:43 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-06-23 16:16:43 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-06-23 16:16:43 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-06-23 16:16:33 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2011-06-23 16:16:31 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-06-23 16:16:31 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-06-23 12:13:45 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-23 12:13:45 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-20 07:00:50 -------- d-----w- c:\windows\system32\NtmsData
2011-06-19 22:34:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 14:47:19 81920 ------w- c:\windows\system32\ieencode.dll
2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47:19 61952 ------w- c:\windows\system32\tdc.ocx
2011-04-25 12:56:44 369664 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-01 16:11:56 462112 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 13:45:13.37 ===============

ATTACH.txt log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2009 2:03:03 PM
System Uptime: 7/3/2011 6:58:32 AM (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5SD2-VM
Processor: Intel Pentium III Xeon processor | LGA 775 | 2800/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 46.698 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS191 Ethernet Controller
Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_825E1043&REV_02\3&267A616A&0&20
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS191 Ethernet Controller
PNP Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_825E1043&REV_02\3&267A616A&0&20
Service: SiSGbeXP
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Apple Mobile Device Ethernet
Device ID: ROOT\NET\0000
Manufacturer: Apple
Name: Apple Mobile Device Ethernet
PNP Device ID: ROOT\NET\0000
Service: Netaapl
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS190 100/10 Ethernet Device
Device ID: ROOT\NET\0001
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS190 100/10 Ethernet Device
PNP Device ID: ROOT\NET\0001
Service: SiSGbeXP
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N97
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1: 6/1/2011 4:04:04 PM - System Checkpoint
RP2: 6/2/2011 10:39:51 PM - System Checkpoint
RP3: 6/4/2011 8:38:51 AM - System Checkpoint
RP4: 6/6/2011 9:51:33 PM - System Checkpoint
RP5: 6/8/2011 8:27:52 AM - System Checkpoint
RP6: 6/9/2011 9:33:59 AM - System Checkpoint
RP7: 6/10/2011 11:54:02 AM - System Checkpoint
RP8: 6/11/2011 5:19:53 PM - System Checkpoint
RP9: 6/14/2011 7:34:20 AM - System Checkpoint
RP10: 6/15/2011 9:40:02 AM - System Checkpoint
RP11: 6/18/2011 8:23:30 PM - System Checkpoint
RP12: 6/21/2011 10:54:03 AM - System Checkpoint
RP13: 6/23/2011 9:39:45 AM - System Checkpoint
RP14: 6/24/2011 6:30:41 AM - Restore Operation
RP15: 6/26/2011 6:52:27 AM - System Checkpoint
RP16: 6/29/2011 11:22:54 AM - System Checkpoint
RP17: 6/30/2011 7:42:53 PM - System Checkpoint
RP18: 7/3/2011 9:22:40 AM - System Checkpoint
.
==== Installed Programs ======================
.
!e-library!
µTorrent
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan
Antares Autotune VST v5.09
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
AudioConverter Studio 6.0
AutoCAD Architecture 2009
avast! Free Antivirus
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bonjour
CCleaner
CloneDVD2
Connect
ConvertXtoDVD 4.1.10.348
Cool Edit Pro 2.0
Core Temp version 0.99.7
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp DSP Effects
dBpoweramp Music Converter
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Web Player
DVD X Player 5.2 Professional
Facebook Plug-In
GOM Player
Google Chrome
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PSC & OfficeJet 5.3.B
ImagXpress
Internet Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 26
kuler
LG USB Modem Drivers
MagicTune Premium
Malwarebytes' Anti-Malware version 1.51.0.1200
ManyCam 2.5.48 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.9)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MXL USB Recorder 1.0
neroxml
Nokia Connectivity Cable Driver
Nokia Home Media Server
Nokia Map Loader
Nokia Multimedia Common Components 2.4
Nokia Music
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3019
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3018
Nokia Photos
Nokia Software Updater
NVIDIA Drivers
NVIDIA DVD Decoder
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Primo
QFolder
QuickTime
Realtek High Definition Audio Driver
RockMelt
Runtime
Safari
Samsung_MonSetup
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sony Picture Utility
Spybot - Search & Destroy
Suite Shared Configuration CS4
The Sims Medieval
Tube Toolbox
TuneUp Utilities 2008
UltimateDefrag 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
V-Gear TalkCam RX7
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/30/2011 8:29:05 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer SICLOT-IAR60G6H using any of the configured protocols.
6/30/2011 8:29:03 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer BEDROOMPC using any of the configured protocols.
6/30/2011 3:00:17 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows XP (KB2541763).
6/29/2011 9:24:24 PM, error: System Error [1003] - Error code 100000d1, parameter1 75927f88, parameter2 00000002, parameter3 00000000, parameter4 b5fc2c1d.
6/29/2011 3:37:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/29/2011 3:17:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSP aswTdi ElbyCDIO Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 3:17:37 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 3:17:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2011 3:16:32 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
6/29/2011 3:13:27 PM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).
6/29/2011 12:41:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ElbyCDIO Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
6/29/2011 12:40:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/29/2011 11:43:40 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/28/2011 8:25:10 PM, error: System Error [1003] - Error code 10000050, parameter1 ffff0000, parameter2 00000000, parameter3 806342c0, parameter4 00000000.
6/28/2011 2:48:30 PM, error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32.
6/28/2011 12:33:10 PM, error: System Error [1003] - Error code 10000050, parameter1 ffff0000, parameter2 00000000, parameter3 bf80226f, parameter4 00000000.
6/28/2011 1:53:36 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b52f02c8, parameter3 b52effc4, parameter4 b9d1389e.
6/26/2011 3:23:20 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54254 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.202.77.164:123->65.55.56.40:123) is working properly.
.
==== End Of File ===========================
 
Okay, I noticed a couple of things in these logs:
You installed an HP All in one on 6/29. It has a large number of processes running. They are legitimate, but some are big resource users. None of the HP processes need to Start on boot, then run in the background.
=====================================
The error message you got:
[program].exe - Bad Image
The application or DLL c:\program~1\window~\datamngr\datamngr.dll is not a valid Windows image
is related to this:
Click to expand...
AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll>> Bearshare MediaBar

This category loads a DLL into memory when the user logs in, after which it stays in memory
until logoff. Very few legitimate programs use it most often it is used by trojans or aggressive browser hijackers.

So I strongly recommend that if you deliberately downloaded this MediaBar, remove it from the Startup Menu and uninstall it. I will removed any left over entries after you've run Combofix.
===================================
Please run the following to check out a GMER entry:
Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan:
    Note: You will get a black screen- this is normal.
    [*]On completion of the scan click "Save log", save it to your desktop
    [*]Post in your next reply:

=====================================
When the above has finished, please go on to the following:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

Please leve the logs in your next reply.
 
I couldn't find the Bearshare Mediabar you were talking about... I don't recall installing such program. I also tried locating it but to no avail...

I was worried though when you mentioned about the HP processes, do you think it has a link to what I'm experiencing now? come to think of it, all the symptoms started after I installed the driver. I just uninstalled it for now, I'll go find my cd driver for the printer (and not the one I DLed online), just to be sure.

-----------------------------------------------------------------------------------

This is the aswMBR log

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-05 22:55:04
-----------------------------
22:55:04.500 OS Version: Windows 5.1.2600 Service Pack 3
22:55:04.500 Number of processors: 2 586 0x170A
22:55:04.500 ComputerName: SICLOT UserName: Pechy
22:55:05.281 Initialize success
22:55:05.421 AVAST engine defs: 11070500
22:55:16.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
22:55:16.187 Disk 0 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
22:55:16.187 Disk 0 MBR read error 0
22:55:16.187 Disk 0 MBR scan
22:55:16.187 Disk 0 unknown MBR code
22:55:16.187 MBR BIOS signature not found 0
22:55:16.187 Disk 0 scanning sectors +312560640
22:55:16.187 Disk 0 scanning C:\WINDOWS\system32\drivers
22:55:19.187 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
22:55:29.234 Service scanning
22:55:30.078 Disk 0 trace - called modules:
22:55:30.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkb.sys >>UNKNOWN [0x8a841938]<<
22:55:30.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e7ab8]
22:55:30.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8a884f18]
22:55:30.078 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a889d98]
22:55:30.640 AVAST engine scan C:\WINDOWS
22:57:00.906 AVAST engine scan C:\Documents and Settings\Pechy
22:57:00.921 AVAST engine scan C:\Documents and Settings\All Users
22:57:00.921 Scan finished successfully
22:59:11.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pechy\Desktop\MBR.dat"
22:59:11.093 The log file has been saved successfully to "C:\Documents and Settings\Pechy\Desktop\aswMBR.txt"

---------------------------------------------

and the combofix log

ComboFix 11-07-05.02 - Pechy 07/05/2011 23:53:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1413 [GMT -7:00]
Running from: c:\documents and settings\Pechy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pechy\Application Data\inst.exe
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchplugins\SearchquWebSearch.xml
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\GameCategories.xml
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\games\GameTypes.xml
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\guid.dat
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\preferences.dat
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\stats.dat
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\uninstallFF.dat
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\category_cache.xml
c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\searchqutb\widgets_cache\widget_cache.xml
C:\Install.exe
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
C:\Thumbs.db
c:\windows\epedebol.exe
c:\windows\jibykulaly._sy
c:\windows\system32\detoured.dll
c:\windows\system32\Thumbs.db
c:\windows\ytyfibofo.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-06-30 10:07 . 2011-06-30 10:07 6708 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-29 22:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-29 22:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-29 22:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-29 22:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-29 22:10 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-29 22:10 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-29 22:10 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-29 22:10 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-29 22:10 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-29 22:10 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\program files\AVAST Software
2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-29 21:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-29 21:56 . 2011-06-29 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-29 21:56 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 19:41 . 2011-06-29 19:41 -------- d-----w- c:\windows\ERUNT
2011-06-28 20:53 . 2011-06-28 20:53 -------- d-----w- c:\program files\WINDOW~4
2011-06-26 06:15 . 2011-07-02 21:09 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-25 18:28 . 2011-06-26 01:18 -------- d-----w- c:\program files\Destiny Online
2011-06-24 14:47 . 2011-06-24 14:47 -------- d-----w- c:\documents and settings\Pechy\Application Data\AVG10
2011-06-24 14:43 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-24 14:02 . 2011-06-29 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-24 13:33 . 2011-06-24 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-24 13:23 . 2011-06-24 13:31 -------- d-----w- c:\program files\Application Updater(2)
2011-06-24 13:23 . 2011-06-24 13:31 -------- d-----w- c:\program files\YouTube Downloader Toolbar(2)
2011-06-24 13:16 . 2011-06-24 13:31 -------- d-s---w- c:\documents and settings\TEMP
2011-06-23 16:19 . 2011-06-23 16:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-06-23 16:17 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-06-23 16:17 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-06-23 16:17 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-06-23 16:17 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-06-23 16:17 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-06-23 16:17 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-06-23 16:17 . 2011-06-23 16:17 -------- d-----w- c:\program files\HP
2011-06-23 16:16 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-06-23 16:16 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-06-23 16:16 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-06-23 16:16 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-06-23 16:16 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-06-23 16:16 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-06-23 16:16 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-06-23 16:16 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-06-23 12:13 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-23 12:13 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-20 07:00 . 2011-06-20 19:39 -------- d-----w- c:\windows\system32\NtmsData
2011-06-19 22:34 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 06:24 . 2011-06-14 06:24 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 11:52 . 2010-12-21 22:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2009-03-15 19:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-03-05 21:59 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-06-23 13:39 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-06-23 13:39 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 14:47 . 2009-03-05 22:16 81920 ------w- c:\windows\system32\ieencode.dll
2011-04-25 14:47 . 2004-02-18 18:02 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2004-02-18 18:02 61952 ------w- c:\windows\system32\tdc.ocx
2011-04-25 12:56 . 2009-03-05 22:16 369664 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-02-16 19:09 105472 ------w- c:\windows\system32\drivers\mup.sys
2010-10-01 16:11 . 2010-11-03 04:10 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-21 16:29 66656 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2011-3-12 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ManyCam"="c:\documents and settings\Pechy\My Documents\ManyCam\Bin\ManyCam.exe" /silent
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"RockMelt Update"="c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SQ931STI"=c:\windows\SQ931STI.EXE
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14277:TCP"= 14277:TCP:BitCometLite 14277 TCP
"14277:UDP"= 14277:UDP:BitCometLite 14277 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/4/2010 11:17 AM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/29/2011 3:10 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/29/2011 3:11 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2011 3:11 PM 19544]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [4/28/2011 11:50 PM 47616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/29/2011 2:56 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/29/2011 2:56 PM 22712]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/22/2009 2:58 AM 23208]
S1 8914083d;8914083d;c:\windows\system32\drivers\8914083d.sys --> c:\windows\system32\drivers\8914083d.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9a086531769f8;Google Update Service (gupdate1c9a086531769f8);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2/27/2011 8:37 AM 18432]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/5/2010 11:38 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/5/2010 11:38 PM 8320]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [6/22/2009 2:58 AM 14504]
S3 SQ931;V-Gear TalkCam RX7;c:\windows\system32\drivers\Capt931a.sys [5/9/2009 6:59 PM 526464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 17:09]
.
2011-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacf61f525d99a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
.
2011-07-04 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003Core.job
- c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
.
2011-07-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003UA.job
- c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
.
2010-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-29FRz
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 124.106.4.2 124.106.7.2
FF - ProfilePath - c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 00:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC9704A2-2DED-221C-EE67-50A8DF3B68C2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafknnbjgamndbamad"=hex:6a,61,69,62,68,6d,6a,6f,63,68,6f,70,6f,6e,65,64,6f,61,
67,64,00,f1
"haledimobiflmjme"=hex:6a,61,65,64,63,6a,67,67,6b,6d,6a,65,6f,65,70,67,6d,63,
70,6e,00,00
.
[HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,3c,e5,df,3b,ef,00,de,68,a3,da,9a,62,a5,25,c9,b2,15,9b,3f,13,39,28,
6a,fb,99,31,4e,88,c0,f1,a2,bb,13,fc,55,87,fc,9e,07,27,b0,1d,fe,c1,9a,8e,59,\
"??"=hex:a3,a6,29,32,d1,75,f6,5a,ea,b3,d6,26,80,45,6f,b5
.
[HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:43,d8,7f,dc,e6,e5,02,28,94,c6,2f,bb,2a,a2,b3,d0,a3,5b,65,b5,9f,
b7,92,7f,f1,d9,8e,c8,e2,83,ed,c3,67,50,60,77,db,14,f6,cd,51,a4,cc,c1,9b,d0,\
"rkeysecu"=hex:01,24,52,71,c9,94,ed,27,55,2a,be,33,f4,47,bb,85
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3dd4e7d9-3c38-4eee-a7b3-38cb0bbbbaab}]
@Denied: (Full) (Everyone)
"Model"=dword:00000055
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,e3,0d,38,9a,76,69,d2,05,ac,af,36,fa,e1,a8,45,db,f1,49,e8,00,
ae,01,1f,4d,5e,cc,51,de,0a,3f,af,73,a5,83,f5,e0,d6,12,37,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1740)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files\ArcSoft\Magic-i 3\uMgiSvr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\WTClient.exe
c:\windows\system32\WISPTIS.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-06 00:11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 07:11
.
Pre-Run: 49,657,384,960 bytes free
Post-Run: 50,111,275,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 73F4DD2AC71966AED253DC1339A07E61


to note though, when combofix restarted my pc, I noticed that I didn't get the pop ups anymore during boot-up. That's a good sign~

Thank you anyway for being so patient with me~ haha. >.< I know you have a lot in your hands...

Hope to hear from you soon!
 
If you were searching for the BearshareMediaBar You could have missed it's entry:
AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll>> Bearshare MediaBar
Click to expand...
From Systemlook:
File Name: datamngr.dll
Description: Bearshare MediaBar
Note: Usually found in the folder %ProgramFiles%\BearShare Applications\BearShare
I have included this in the script below for you to run through Combofix
===============================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\PerfStringBackup.TMP
c:\program files\Common Files\ZugoInstaller.exe
c:\windows\system32\drivers\8914083d.sys
Folder::
c:\program files\Application Updater(2)
c:\program files\YouTube Downloader Toolbar(2)
c:\documents and settings\TEMP
DDS::
uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-29FRz
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll
DirLook:: 
c:\program files\WINDOW~4
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RockMelt Update"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"14277:TCP"=-
"14277:UDP"=- 
RegNull::
[HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC9704A2-2DED-221C-EE67-50A8DF3B68C2}*]
[HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-515967899-2052111302-725345543-1003\Software\SecuROM\License information*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3dd4e7d9-3c38-4eee-a7b3-38cb0bbbbaab}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
Driver::
8914083d;8914083d
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
==================================================
Remove from Firefox: Tools> Addons> Extensions or plugins:
Java v6u12, v6u23, v6u24, v6u26.
You do not have to add a separate extenion to Firefox when you update Java.
=================================================
All of my printers/scanners/copiers have been from HP. SO I'm familiar with all the processes they put on the system. NONE need to start on boot! The Print function can be opened by clicking on File> Print when you need it
================================================
There is way to much going on in the system! You need to be a bit more particular about all the warm, fuzzy addons and downloads. File sharing is a road to malware! You share files- you share malware> plain and simple! And you have almost no security!
===============================================
Your network is not configured correctly:
Computer SICLOT-IAR60G6H and Computer BEDROOMPC can't talk or see each other because the network protocol isn't correct.using any of the configured protocols.
=================================
I recommend that you stop these scheduled Tasks:
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 17:09]
.
2011-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
2011-07-04 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003Core.job
- c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
2011-07-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003UA.job
- c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
2010-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-30 05:18]
Click to expand...
To stop the Tasks: Click on All Programs> Accessorite> System Tools> Scheduled Tasks> Find each Task and remove it.
======================================
Please go on to my next reply when finished.
 
When finished handling previous reply, please go on to this:

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=================================
Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
HAHA. its a family computer that's why... so that would explain all the mumbo jumbo in the system.. I don't use this pc much unless they complain somethin wrong..

We just moved into a new house so its still a mess all of it.. We had a 2 pcs in a network before hence the BEDROOMPC thing.. we're just using pc atm...

(WE DON'T EVEN HAVE NET YET!) I'm using another pc right now so I'm just going to put this file in the usb... ill post results after I do those things ^^ up there. hahaha.

Truth be told. I really want to just reformat the pc but they didn't want to. blah.. so im stuck with this. lol.
 
here ya go~

combofix log:
ComboFix 11-07-09.03 - Pechy 07/10/2011 14:38:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1370 [GMT -7:00]
Running from: c:\documents and settings\Pechy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pechy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\Common Files\ZugoInstaller.exe"
"c:\windows\system32\drivers\8914083d.sys"
"c:\windows\system32\PerfStringBackup.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater(2)
c:\program files\Application Updater(2)\ApplicationUpdater(2).exe
c:\program files\Common Files\ZugoInstaller.exe
c:\program files\YouTube Downloader Toolbar(2)
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\chevron.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\chevron.xul
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\login.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\login.xul
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\parser.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\RssTickerWidget.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\searchbox.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\searchbox.xul
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\utils.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgichevron.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgicomm.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgihandling.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgilisteners.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgitoolbarplugin.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgitoolbarplugin.xul
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\content(2)\widgiui.js
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\locale(2)\EN-US(2)\searchbox.dtd
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\locale(2)\EN-US(2)\widgitoolbarplugin.dtd
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\locale(2)\EN-US(2)\yahoo-search.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\amazon.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\chevron.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\dailymotion.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ebay.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\hulu.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\icon_settings.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\metacafe.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-button.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search-chevron.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_amazon.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_ebay.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\search_youtube.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\searchbox.css
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\splitter.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\veoh.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\widgitoolbarplugin.css
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\youtube.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ytd.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\chrome(2)\skin(2)\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar(2)\FF(2)\install.rdf
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\amazon.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\dailymotion.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ebay.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\hulu.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\icon_settings.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\metacafe.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-button.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search-chevron.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_amazon.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_ebay.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\search_youtube.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\veoh.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\widgets.xml
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\youtube.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ytd.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar(2)\Res(2)\ytd_logo_hover.gif
C:\Thumbs.db
c:\windows\system32\$winnt$.inf
c:\windows\system32\PerfStringBackup.TMP
c:\windows\vb.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 20:06 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2011-06-29 22:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-29 22:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-29 22:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-29 22:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-29 22:10 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-29 22:10 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-29 22:10 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-29 22:10 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-29 22:10 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-29 22:10 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\program files\AVAST Software
2011-06-29 22:10 . 2011-06-29 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-29 21:56 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-29 21:56 . 2011-06-29 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-29 21:56 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 19:41 . 2011-06-29 19:41 -------- d-----w- c:\windows\ERUNT
2011-06-26 06:15 . 2011-07-02 21:09 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-25 18:28 . 2011-06-26 01:18 -------- d-----w- c:\program files\Destiny Online
2011-06-24 14:47 . 2011-06-24 14:47 -------- d-----w- c:\documents and settings\Pechy\Application Data\AVG10
2011-06-24 14:43 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-24 14:02 . 2011-06-29 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-24 13:33 . 2011-06-24 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-24 13:16 . 2011-06-24 13:31 -------- d-s---w- c:\documents and settings\TEMP
2011-06-23 16:19 . 2011-06-23 16:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-06-23 16:17 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-06-23 16:17 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-06-23 16:17 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-06-23 16:17 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-06-23 16:17 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-06-23 16:17 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-06-23 16:17 . 2011-06-23 16:17 -------- d-----w- c:\program files\HP
2011-06-23 16:16 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-06-23 16:16 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-06-23 16:16 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-06-23 16:16 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-06-23 16:16 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-06-23 16:16 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-06-23 16:16 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-06-23 16:16 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-06-23 12:13 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-23 12:13 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-20 07:00 . 2011-06-20 19:39 -------- d-----w- c:\windows\system32\NtmsData
2011-06-19 22:34 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 06:24 . 2011-06-14 06:24 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 11:52 . 2010-12-21 22:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2009-03-15 19:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-03-05 21:59 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-06-23 13:39 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-06-23 13:39 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 14:47 . 2009-03-05 22:16 81920 ------w- c:\windows\system32\ieencode.dll
2011-04-25 14:47 . 2004-02-18 18:02 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2004-02-18 18:02 61952 ------w- c:\windows\system32\tdc.ocx
2011-04-25 12:56 . 2009-03-05 22:16 369664 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-02-16 19:09 105472 ------w- c:\windows\system32\drivers\mup.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\WINDOW~4 ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_07.07.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-10 21:35 . 2011-07-10 21:35 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
+ 2011-06-23 16:16 . 2005-03-08 19:42 61440 c:\windows\system32\spool\drivers\w32x86\3\hpztbi12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 69632 c:\windows\system32\spool\drivers\w32x86\3\hpzflt12.dll
- 2011-06-23 13:17 . 2001-08-18 05:36 32768 c:\windows\system32\spool\drivers\w32x86\3\HPFUI50.DLL
+ 2011-07-10 18:39 . 2001-08-18 05:36 32768 c:\windows\system32\spool\drivers\w32x86\3\HPFUI50.DLL
- 2011-06-23 13:17 . 2008-04-14 12:41 87552 c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
+ 2011-07-10 18:39 . 2008-04-14 12:41 87552 c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
+ 2011-07-10 18:21 . 2005-06-22 14:03 17505 c:\windows\hpomdl07.dat
+ 2011-06-23 16:16 . 2005-03-08 19:42 176188 c:\windows\system32\spool\drivers\w32x86\3\hpzvip12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:42 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztbu12.exe
+ 2011-06-23 16:16 . 2005-03-08 19:42 180224 c:\windows\system32\spool\drivers\w32x86\3\hpzstw12.exe
+ 2011-06-23 16:16 . 2005-03-08 19:42 401408 c:\windows\system32\spool\drivers\w32x86\3\hpzstc12.exe
+ 2011-06-23 16:16 . 2005-03-18 18:32 180315 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:42 679936 c:\windows\system32\spool\drivers\w32x86\3\hpzslk12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:42 372736 c:\windows\system32\spool\drivers\w32x86\3\hpzres12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:42 331776 c:\windows\system32\spool\drivers\w32x86\3\hpzpre12.exe
+ 2011-06-23 16:16 . 2005-03-08 19:41 507904 c:\windows\system32\spool\drivers\w32x86\3\hpzpm312.dll
+ 2011-06-23 16:16 . 2005-03-08 19:42 143360 c:\windows\system32\spool\drivers\w32x86\3\hpzpcl12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 139345 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:42 225280 c:\windows\system32\spool\drivers\w32x86\3\hpzjui12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 352256 c:\windows\system32\spool\drivers\w32x86\3\hpzime12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 659456 c:\windows\system32\spool\drivers\w32x86\3\hpzeng12.exe
+ 2011-06-23 16:16 . 2005-03-08 19:41 393216 c:\windows\system32\spool\drivers\w32x86\3\hpzcon12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 196608 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 299008 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg12.exe
+ 2011-06-23 16:16 . 2005-03-08 19:41 212992 c:\windows\system32\spool\drivers\w32x86\3\hpz2ku12.dll
+ 2011-06-23 16:16 . 2005-04-13 02:50 179931 c:\windows\system32\spool\drivers\w32x86\3\hpop1512.dat
+ 2011-07-10 18:39 . 2001-08-18 05:36 435200 c:\windows\system32\spool\drivers\w32x86\3\HPF900AL.DLL
- 2011-06-23 13:17 . 2001-08-18 05:36 435200 c:\windows\system32\spool\drivers\w32x86\3\HPF900AL.DLL
+ 2011-07-10 20:11 . 2011-07-10 20:11 728064 c:\windows\Installer\5a7f74.msi
+ 2011-07-10 20:10 . 2011-07-10 20:10 136704 c:\windows\Installer\5a7f6f.msi
+ 2011-07-10 20:07 . 2011-07-10 20:11 102262 c:\windows\hpoins05.dat
- 2011-06-23 16:16 . 2011-06-23 16:19 102262 c:\windows\hpoins05.dat
+ 2011-06-23 16:16 . 2005-03-08 19:42 7348224 c:\windows\system32\spool\drivers\w32x86\3\hpztbx12.exe
+ 2011-06-23 16:16 . 2005-03-08 19:44 1761280 c:\windows\system32\spool\drivers\w32x86\3\hpzrm312.dll
+ 2011-06-23 16:16 . 2005-03-08 19:44 3203072 c:\windows\system32\spool\drivers\w32x86\3\hpzr3212.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 2150400 c:\windows\system32\spool\drivers\w32x86\3\hpzims12.dll
+ 2011-06-23 16:16 . 2005-03-08 19:41 1597440 c:\windows\system32\spool\drivers\w32x86\3\hpzimc12.dll
+ 2011-07-10 18:39 . 2001-08-18 05:36 1853952 c:\windows\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
- 2011-06-23 13:17 . 2001-08-18 05:36 1853952 c:\windows\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-21 16:29 66656 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2011-3-12 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ManyCam"="c:\documents and settings\Pechy\My Documents\ManyCam\Bin\ManyCam.exe" /silent
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SQ931STI"=c:\windows\SQ931STI.EXE
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14277:TCP"= 14277:TCP:BitCometLite 14277 TCP
"14277:UDP"= 14277:UDP:BitCometLite 14277 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/4/2010 11:17 AM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/29/2011 3:10 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/29/2011 3:11 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2011 3:11 PM 19544]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [4/28/2011 11:50 PM 47616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/29/2011 2:56 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/29/2011 2:56 PM 22712]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/22/2009 2:58 AM 23208]
S1 8914083d;8914083d;c:\windows\system32\drivers\8914083d.sys --> c:\windows\system32\drivers\8914083d.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9a086531769f8;Google Update Service (gupdate1c9a086531769f8);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2009 12:11 AM 133104]
S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2/27/2011 8:37 AM 18432]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/5/2010 11:38 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/5/2010 11:38 PM 8320]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [6/22/2009 2:58 AM 14504]
S3 SQ931;V-Gear TalkCam RX7;c:\windows\system32\drivers\Capt931a.sys [5/9/2009 6:59 PM 526464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 17:09]
.
2011-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 00:44]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacf61f525d99a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 07:11]
.
2011-07-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-515967899-2052111302-725345543-1003UA.job
- c:\documents and settings\Pechy\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-03-21 00:35]
.
2011-07-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-30 05:18]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.162.1.1
FF - ProfilePath - c:\documents and settings\Pechy\Application Data\Mozilla\Firefox\Profiles\s9t57nz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 14:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-10 14:57:50
ComboFix-quarantined-files.txt 2011-07-10 21:57
ComboFix2.txt 2011-07-06 07:11
.
Pre-Run: 49,754,464,256 bytes free
Post-Run: 49,910,697,984 bytes free
.
- - End Of File - - 15A3AC6F5D06EDC1A7F31E144B6072AA

ESET LOG:

C:\Documents and Settings\Pechy\My Documents\Downloads\Facemoods.exe a variant of Win32/SweetIM.B application
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091023-164934-239.dll probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Application Updater(2)\ApplicationUpdater(2).exe.vir probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Common Files\ZugoInstaller.exe.vir Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP13\A0015824.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP13\A0015829.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP13\A0015830.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0015857.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0015872.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0017374.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0017379.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP14\A0017380.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP16\A0022883.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP16\A0022888.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP16\A0022890.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP20\A0034428.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{41312F16-A138-455A-BFD1-EFFB609B9FD0}\RP20\A0034429.exe Win32/Toolbar.Zugo application
----------------------------

SECURITY LOG:

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities 2008
CCleaner
Java(TM) 6 Update 26
Flash Player Out of Date!
Adobe Flash Player 10.2.159.1
Mozilla Firefox (3.5.9) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
 
HAHA. its a family computer that's why... so that would explain all the mumbo jumbo in the system.. I don't use this pc much unless they complain somethin wrong..

We just moved into a new house so its still a mess all of it.. We had a 2 pcs in a network before hence the BEDROOMPC thing.. we're just using pc atm...

(WE DON'T EVEN HAVE NET YET!) I'm using another pc right now so I'm just going to put this file in the usb... ill post results after I do those things ^^ up there. hahaha.

Truth be told. I really want to just reformat the pc but they didn't want to. blah.. so im stuck with this. lol.
Click to expand...

I kind of think we may both be wasting our time! Back up the files and folders THEY want to keep and then do a reformat/reinstall! Don't add everything back. Be selective. Then get the network set up. If you think there may be malware problems at that point, start a new thread for the R/R system.

Don't do any System Restore. Too many of the rstore points are infected.
 
Be sure to do a Compatibility Check first. And don't just put everything back on the system!

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
Be sure to drop all of the restore points.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
===========================================
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o] [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
 
Status
Not open for further replies.

Similar threads

midian182
Former Microsoft dev says Windows Start menu's performance is "comically bad," even with monster PC
2 3
Replies
52
Views
644
user478318
user478318
midian182
HP Smart app mysteriously appears on non-HP Windows PCs
Replies
1
Views
305
Mark Fuller
M
Shawn Knight
BIOS update for MSI X670 and B650 boards can cut boot times in half
Replies
4
Views
754
Biostud
B

Latest posts

Back