also @ TechSpot: Microsoft wants Xbox to be the entertainment hub for all your devices

TechSpot

TechSpot News Products Downloads Forums

Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Being redirected, can't Windows Update or post to this site

Discussion in 'Virus and Malware Removal' started by Rstynls, Oct 25, 2010.

Thread Status:: Not open for further replies.

Page 1 of 2

Rstynls Newcomer, in training

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4937

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/24/2010 11:13:35 AM
mbam-log-2010-10-24 (11-13-35).txt

Scan type: Quick scan
Objects scanned: 153496
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-24 12:08:12
Windows 5.1.2600 Service Pack 3
Running: srxsv2jd.exe; Driver: C:\DOCUME~1\Tom\LOCALS~1\Temp\kgroypow.sys

---- System - GMER 1.0.15 ----

SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwClose [0xECC9FCF0]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwCreateKey [0xECC9FBAC]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwDeleteKey [0xECCA0160]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwDeleteValueKey [0xECCA008A]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwDuplicateObject [0xECC9F782]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwOpenKey [0xECC9FC86]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwOpenProcess [0xECC9F6C2]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwOpenThread [0xECC9F726]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwQueryValueKey [0xECC9FDA6]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwRenameKey [0xECCA022E]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwRestoreKey [0xECC9FD66]
SSDT*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwSetValueKey [0xECC9FEE6]

Code*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwCreateProcessEx [0xECCACBAE]
Code*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwCreateSection [0xECCAC9D2]
Code*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ZwLoadDriver [0xECCACB0C]
Code*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** NtCreateSection
Code*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ObInsertObject
Code*********** \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)*************************************************************** ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE*********** ntkrnlpa.exe!ZwLoadDriver*************************************************************************************************************************** 805795FA 7 Bytes* JMP ECCACB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE*********** ntkrnlpa.exe!NtCreateSection************************************************************************************************************************ 805A075C 7 Bytes* JMP ECCAC9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE*********** ntkrnlpa.exe!ObMakeTemporaryObject****************************************************************************************************************** 805B1CE0 5 Bytes* JMP ECCA85D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE*********** ntkrnlpa.exe!ObInsertObject************************************************************************************************************************* 805B8B58 5 Bytes* JMP ECCA9FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE*********** ntkrnlpa.exe!ZwCreateProcessEx********************************************************************************************************************** 805C73EA 7 Bytes* JMP ECCACBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?************** omtl.sys******************************************************************************************************************************************** The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text********** C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory****************************************************************************** 7C90D6EE 5 Bytes* JMP 00D0000A
.text********** C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory******************************************************************************** 7C90DFAE 5 Bytes* JMP 00D1000A
.text********** C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!KiUserExceptionDispatcher*************************************************************************** 7C90E47C 5 Bytes* JMP 00CF000C
.text********** C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!GetCursorPos*************************************************************************************** 7E42974E 5 Bytes* JMP 0171000A
.text********** C:\WINDOWS\System32\svchost.exe[1176] ole32.dll!CoCreateInstance************************************************************************************ 774FF1AC 5 Bytes* JMP 00EA000A
.text********** C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1796] kernel32.dll!SetUnhandledExceptionFilter************************************************** 7C84495D 4 Bytes* [C2, 04, 00, 90] {RET 0x4; NOP }
.text********** C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtProtectVirtualMemory************************************************************************************** 7C90D6EE 5 Bytes* JMP 00C9000A
.text********** C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtWriteVirtualMemory**************************************************************************************** 7C90DFAE 5 Bytes* JMP 00D2000A
.text********** C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!KiUserExceptionDispatcher*********************************************************************************** 7C90E47C 5 Bytes* JMP 00C8000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT************ C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]**************************************** 003B0002
IAT************ C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]********************************************** 003B0000

---- Devices - GMER 1.0.15 ----

Device********* \FileSystem\Ntfs \Ntfs****************************************************************************************************************************** aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice* \FileSystem\Ntfs \Ntfs****************************************************************************************************************************** aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice* \Driver\Tcpip \Device\Ip**************************************************************************************************************************** aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice* \Driver\Tcpip \Device\Tcp*************************************************************************************************************************** aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice* \Driver\Tcpip \Device\Udp*************************************************************************************************************************** aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice* \Driver\Tcpip \Device\RawIp************************************************************************************************************************* aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device********* \Driver\viasraid -> DriverStartIo \Device\Scsi\viasraid1******************************************************************************************** 8705C292
Device********* \Device\Scsi\viasraid1Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&Rev_#4&17c50b7c&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}* device not found

---- Modules - GMER 1.0.15 ----

Module********* (noname) (*** hidden *** )************************************************************************************************************************** 02000000-03F8F000 (33091584 bytes)***********************************************************************************

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-10-21.02) - NTFSx86*
Run by Tom at 12:12:16.81 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition* 5.1.2600.3.1252.1.1033.18.1023.284 [GMT -7:00]

AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated)** {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: avast! Antivirus *On-access scanning enabled* (Updated)** {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = About:Blank
uSearch Bar = About:Blank
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = About:Blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = About:Blank
mSearchURL = about:blank
mSearchAssistant = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3bb3f2a-8f67-4b96-a432-8190258c0fd1} - c:\windows\system32\rqRKEXnO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Red Swoosh] c:\program files\rssoft\RedSwoosh.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [DIGServices] c:\program files\espnruntime\DIGServices.exe** /brand=ESPN** /priority=0** /poll=24
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053v4\BelkinWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\loadou~1.lnk - c:\program files\belkin\nostromo\nost_LM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&6&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/prius/key_features/pc/index.html
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRKEXnO
LSA: Notification Packages = scecli c:\windows\system32\kejajumo.dll

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [2010-5-13 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-31 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2004-12-4 16168]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-1-12 517632]
S1 MpKsl8e8849bf;MpKsl8e8849bf;\??\c:\windows\system32\mpenginestore\mpksl8e8849bf.sys --> c:\windows\system32\mpenginestore\MpKsl8e8849bf.sys [?]
S2 tcaicchg;tcaicchg;\??\c:\windows\system32\tcaicchg.sys --> c:\windows\system32\tcaicchg.sys [?]
S2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\tcaitdi.sys --> c:\windows\system32\drivers\TCAITDI.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest ultimate edition\kerneld.wnt --> c:\program files\lavalys\everest ultimate edition\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2008-12-23 552448]

=============== Created Last 30 ================

2010-10-24 08:50:42*** --------*** d-----w-*** c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-10-24 08:50:40*** --------*** d-----w-*** c:\program files\McAfee Security Scan
2010-10-15 05:40:07*** 974848*** -c----w-*** c:\windows\system32\dllcache\mfc42.dll
2010-10-15 05:40:07*** 953856*** -c----w-*** c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 05:39:58*** 617472*** -c----w-*** c:\windows\system32\dllcache\comctl32.dll
2010-10-04 18:50:10*** --------*** d-----w-*** c:\program files\iTunes
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-04 18:48:04*** 159744*** ----a-w-*** c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-04 18:46:00*** --------*** d-----w-*** c:\program files\Bonjour
2010-09-26 15:43:59*** --------*** d-----w-*** c:\docume~1\tom\applic~1\OpenOffice.org
2010-09-26 15:07:51*** --------*** d-----w-*** c:\program files\JRE
2010-09-26 15:07:11*** --------*** d-----w-*** c:\program files\OpenOffice.org 3
2010-09-26 15:06:54*** 472808*** ----a-w-*** c:\windows\system32\deployJava1.dll
2010-09-26 03:29:51*** 421888*** ----a-w-*** c:\windows\system32\EKIJ5000MON.dll
2010-09-26 03:29:51*** 196608*** ----a-w-*** c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-26 03:29:51*** 131072*** ----a-w-*** c:\windows\system32\EKIJCOINST09.dll

==================== Find3M* ====================

2010-09-18 19:23:26*** 974848*** ----a-w-*** c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25*** 974848*** ----a-w-*** c:\windows\system32\mfc42.dll
2010-09-18 06:53:25*** 954368*** ----a-w-*** c:\windows\system32\mfc40.dll
2010-09-18 06:53:25*** 953856*** ----a-w-*** c:\windows\system32\mfc40u.dll
2010-09-15 09:29:49*** 73728*** ----a-w-*** c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08*** 916480*** ----a-w-*** c:\windows\system32\wininet.dll
2010-09-10 05:58:06*** 43520*** ----a-w-*** c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06*** 1469440*** ----a-w-*** c:\windows\system32\inetcpl.cpl
2010-09-08 18:17:46*** 94208*** ----a-w-*** c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46*** 69632*** ----a-w-*** c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17*** 38848*** ----a-w-*** c:\windows\avastSS.scr
2010-09-01 11:51:14*** 285824*** ----a-w-*** c:\windows\system32\atmfd.dll
2010-08-31 13:42:52*** 1852800*** ----a-w-*** c:\windows\system32\win32k.sys
2010-08-27 08:02:29*** 119808*** ----a-w-*** c:\windows\system32\t2embed.dll
2010-08-27 05:57:43*** 99840*** ----a-w-*** c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45*** 5120*** ----a-w-*** c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04*** 617472*** ----a-w-*** c:\windows\system32\comctl32.dll
2010-08-17 13:17:06*** 58880*** ----a-w-*** c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00*** 590848*** ----a-w-*** c:\windows\system32\rpcrt4.dll
2010-07-28 01:44:10*** 91424*** ----a-w-*** c:\windows\system32\dnssd.dll
2010-07-28 01:44:10*** 107808*** ----a-w-*** c:\windows\system32\dns-sd.exe

============= FINISH: 12:13:23.48 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2006 5:00:51 PM
System Uptime: 10/24/2010 11:14:49 AM (1 hours ago)

Motherboard: ASUSTeK Computer Inc. |* | SK8V
Processor: AMD Athlon(tm) 64 FX-51 Processor | Socket 754 | 2202/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 224 GiB total, 157.514 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com Gigabit LOM (3C940)
Device ID: PCI\VEN_10B7&DEV_1700&SUBSYS_80EB1043&REV_12\3&267A616A&0&50
Manufacturer: 3Com
Name: 3Com Gigabit LOM (3C940)
PNP Device ID: PCI\VEN_10B7&DEV_1700&SUBSYS_80EB1043&REV_12\3&267A616A&0&50
Service: EL2000

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP

==== System Restore Points ===================

RP1290: 8/1/2010 1:25:04 AM - System Checkpoint
RP1291: 8/2/2010 1:37:37 AM - System Checkpoint
RP1292: 8/2/2010 11:21:35 PM - Software Distribution Service 3.0
RP1293: 8/5/2010 10:28:05 PM - System Checkpoint
RP1294: 8/8/2010 11:14:40 PM - System Checkpoint
RP1295: 8/11/2010 10:21:24 PM - System Checkpoint
RP1296: 8/12/2010 10:23:37 PM - System Checkpoint
RP1297: 8/12/2010 11:32:51 PM - Software Distribution Service 3.0
RP1298: 8/15/2010 2:08:05 AM - System Checkpoint
RP1299: 8/16/2010 2:15:57 AM - System Checkpoint
RP1300: 8/22/2010 3:44:26 PM - System Checkpoint
RP1301: 8/25/2010 9:51:31 PM - System Checkpoint
RP1302: 8/28/2010 8:01:29 PM - System Checkpoint
RP1303: 8/29/2010 8:38:14 PM - System Checkpoint
RP1304: 8/30/2010 9:27:05 PM - System Checkpoint
RP1305: 8/31/2010 9:28:31 PM - System Checkpoint
RP1306: 9/3/2010 7:30:31 PM - System Checkpoint
RP1307: 9/4/2010 8:30:58 PM - System Checkpoint
RP1308: 9/12/2010 9:50:32 PM - System Checkpoint
RP1309: 9/15/2010 10:55:46 PM - Software Distribution Service 3.0
RP1310: 9/17/2010 8:48:56 PM - System Checkpoint
RP1311: 9/18/2010 9:36:20 PM - System Checkpoint
RP1312: 9/19/2010 9:59:03 PM - System Checkpoint
RP1313: 9/21/2010 9:19:54 PM - System Checkpoint
RP1314: 9/22/2010 10:16:56 PM - System Checkpoint
RP1315: 9/23/2010 7:04:51 AM - Software Distribution Service 3.0
RP1316: 9/25/2010 7:04:42 PM - System Checkpoint
RP1317: 9/26/2010 8:06:35 AM - Installed Java(TM) 6 Update 20
RP1318: 9/26/2010 8:07:07 AM - Installed OpenOffice.org 3.2
RP1319: 9/27/2010 8:47:15 AM - System Checkpoint
RP1320: 9/28/2010 11:44:04 PM - Software Distribution Service 3.0
RP1321: 10/2/2010 6:37:13 PM - System Checkpoint
RP1322: 10/3/2010 6:53:41 PM - System Checkpoint
RP1323: 10/4/2010 9:25:51 PM - System Checkpoint
RP1324: 10/5/2010 11:45:43 PM - System Checkpoint
RP1325: 10/7/2010 11:25:04 PM - Software Distribution Service 3.0
RP1326: 10/9/2010 7:26:46 PM - System Checkpoint
RP1327: 10/10/2010 7:46:02 PM - System Checkpoint
RP1328: 10/11/2010 8:46:08 PM - System Checkpoint
RP1329: 10/13/2010 9:24:28 PM - System Checkpoint
RP1330: 10/14/2010 11:22:17 PM - Software Distribution Service 3.0
RP1331: 10/16/2010 8:23:35 PM - System Checkpoint
RP1332: 10/17/2010 9:05:51 PM - System Checkpoint
RP1333: 10/20/2010 7:51:48 PM - System Checkpoint
RP1334: 10/21/2010 8:47:19 PM - System Checkpoint
RP1335: 10/22/2010 10:00:42 PM - System Checkpoint
RP1336: 10/24/2010 1:52:40 AM - Installed Java(TM) 6 Update 22

==== Installed Programs ======================

3Com NIC Diagnostics
3ivx D4 4.5.1 (remove only)
AC3Filter (remove only)
ACDSee
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
aiofw
aioprnt
aioscnnr
AKoff Music Composer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AsfTools 3.1 (remove only)
avast! Free Antivirus
AVI to MPEG Converter
AVIcodec (remove only)
Belkin N Wireless USB Adapter Setup
BitTorrent
BLM 2.5.3
Bonjour
C4USelfUpdater
center
CleanUp!
Codec Pack - All In 1 6.0.3.0
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
DataPilot
DataPilot USB Driver Pack
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec 3.1alpha release
Easy CD & DVD Creator 6
eMule
EQ2MAP Updater 0.9.7
ESPN Java Check
ESPN RunTime
EVEREST Ultimate Edition v5.01
EverQuest II
FavOrg
ffdshow [rev 2527] [2008-12-19]
FinePixViewer Ver.4.2
FLV Player 2.0 (build 25)
Forté Agent
FUJIFILM USB Driver
GetBot
GSpot Codec Information Appliance
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2 for FinePix
Intel A/V Codecs V2.0
InterVideo DVDCopy5
iPhone Configuration Utility
iPod for Windows 2005-11-17
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6 Update 1
KODAK AiO Home Center
ksDIP
Lexmark Supplies Monitor
Lexmark Z25-Z35
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Master Cook Deluxe
MasterCook Deluxe
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MicroStaff WINASPI
MidiNotate Musician
Mozilla Firefox (3.0.10)
Mozilla Firefox (3.6.11)
MP3 WAV Converter 2.68
Mpeg Layer3 Codec FHG-Radium v1.263
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nostromo Array Programming Software
NVIDIA Drivers
On2 VP3 Video for Windows Codec
OpenOffice.org 3.2
Pixia
PreReq
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Red Swoosh
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SimilarImages
SkillJam SecurePlayer
Sound Blaster Audigy 2 ZS
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
TVAnts 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Universal Driver
VCW VicMan's Photo Editor 7.9
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WD Firewire HID Driver
WebFldrs XP
Winamp (remove only)
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB822603
Windows XP Service Pack 3
WinRAR archiver
Xilisoft DVD to iPod Converter
XviD MPEG-4 Video Codec
YASA DVD to MP4 Converter v2.9 (build 044)
YASA MP4 Video Converter v3.2 (build 0051)

==== Event Viewer Messages From Past Week ========

10/24/2010 10:56:30 AM, error: Service Control Manager [7034]* - The NVIDIA Display Driver Service service terminated unexpectedly.* It has done this 1 time(s).
10/24/2010 10:56:30 AM, error: Service Control Manager [7034]* - The Kodak AiO Network Discovery Service service terminated unexpectedly.* It has done this 1 time(s).
10/24/2010 10:56:30 AM, error: Service Control Manager [7034]* - The Java Quick Starter service terminated unexpectedly.* It has done this 1 time(s).
10/24/2010 10:56:29 AM, error: Service Control Manager [7034]* - The Creative Service for CDROM Access service terminated unexpectedly.* It has done this 1 time(s).
10/24/2010 10:56:29 AM, error: Service Control Manager [7034]* - The Bonjour Service service terminated unexpectedly.* It has done this 1 time(s).
10/24/2010 10:56:29 AM, error: Service Control Manager [7031]* - The Apple Mobile Device service terminated unexpectedly.* It has done this 1 time(s).* The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2010 10:47:34 AM, error: Service Control Manager [7034]* - The Telephony service terminated unexpectedly.* It has done this 8 time(s).
10/24/2010 10:47:34 AM, error: Service Control Manager [7034]* - The System Event Notification service terminated unexpectedly.* It has done this 8 time(s).
10/24/2010 10:47:34 AM, error: Service Control Manager [7034]* - The Remote Access Connection Manager service terminated unexpectedly.* It has done this 8 time(s).
10/24/2010 10:47:34 AM, error: Service Control Manager [7034]* - The Network Location Awareness (NLA) service terminated unexpectedly.* It has done this 8 time(s).
10/24/2010 10:47:34 AM, error: Service Control Manager [7034]* - The Cryptographic Services service terminated unexpectedly.* It has done this 4 time(s).
10/24/2010 10:47:34 AM, error: Service Control Manager [7034]* - The COM+ Event System service terminated unexpectedly.* It has done this 8 time(s).
10/24/2010 10:47:34 AM, error: Service Control Manager [7031]* - The Windows Time service terminated unexpectedly.* It has done this 1 time(s).* The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2010 10:47:34 AM, error: Service Control Manager [7031]* - The Windows Management Instrumentation service terminated unexpectedly.* It has done this 8 time(s).* The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2010 10:03:08 AM, error: Service Control Manager [7000]* - The 6to4 service failed to start due to the following error:* The system cannot find the path specified.
10/24/2010 1:39:07 AM, error: DCOM [10005]* - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/22/2010 9:33:43 PM, error: DCOM [10005]* - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/22/2010 9:33:43 PM, error: DCOM [10005]* - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/22/2010 9:33:43 PM, error: DCOM [10005]* - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/22/2010 9:33:43 PM, error: DCOM [10005]* - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/22/2010 9:33:41 PM, error: Service Control Manager [7000]* - The TCAITDI Protocol service failed to start due to the following error:* The system cannot find the file specified.
10/22/2010 9:33:41 PM, error: Service Control Manager [7000]* - The tcaicchg service failed to start due to the following error:* The system cannot find the file specified.
10/22/2010 9:33:41 PM, error: Service Control Manager [7000]* - The PfModNT service failed to start due to the following error:* The system cannot find the file specified.
10/22/2010 9:33:10 PM, error: iviVD [9]* - The device, \Device\Scsi\iviVD1, did not respond within the timeout period.

==== End Of File ===========================

Rstynls, Oct 25, 2010

#1
Bobbye Helper on the Fringe
You have a CoolWebSearch malware infection. It is strange that Mbam didn't pick more of it up. You have several old versions of Java> all vulnerabilities, two versions of Firefox, one Mozilla Firefox (3.0.10) way out of date, also a vulnerability.

1. Please download randmbam.exe
It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.Once done, run a new scan with MBAM.

2. Security Check
Download Security Check and save it to your Desktop.

Double-click SecurityCheck.exe to run.

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post this log in your next reply.

==============================
3. Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Re-enable your Antivirus software.

A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

======================================
4. Please download ComboFix from Here and save to your Desktop.

[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.

NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Do the best you can. These programs will remove some of the malware and give me information for entries to be removed. Leave all logs in next reply- okay to use multiple posts.
Bobbye, Oct 25, 2010

#2
Rstynls Newcomer, in training

Thanks

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4943

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/25/2010 10:51:19 AM
mbam-log-2010-10-25 (10-51-19).txt

Scan type: Quick scan
Objects scanned: 154737
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*Results of screen317's Security Check version 0.99.5*
*Windows XP Service Pack 3*
*Internet Explorer 8*
``````````````````````````````
Antivirus/Firewall Check:
*avast! Free Antivirus***
*McAfee Security Scan Plus**
```````````````````````````````
Anti-malware/Other Utilities Check:
*Out of date Spybot installed!
*Ad-Aware
*Out of date HijackThis installed!
*Malwarebytes' Anti-Malware***
*HijackThis 1.99.1***
*Hijackthis 1.99.1***
*Java(TM) 6 Update 22*
*Java(TM) SE Runtime Environment 6 Update 1
*Out of date Java installed!
*Adobe Flash Player 9 (Out of date Flash Player installed!)
*Adobe Flash Player 10.1.85.3*
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
*Mozilla Firefox (x86 en-US..) Firefox Out of Date!*
````````````````````````````````
Process Check:*
objlist.exe by Laurent
*Ad-Aware AAWService.exe is disabled!
*Ad-Aware AAWTray.exe is disabled!
*Alwil Software Avast5 AvastSvc.exe*
*ALWILS~1 Avast5 avastUI.exe*
````````````````````````````````
DNS Vulnerability Check:
*GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd05b446a638da4ea8ee7160551946f8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-25 07:47:10
# local_time=2010-10-25 12:47:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 15384598 15384598 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=166279
# found=6
# cleaned=0
# scan_time=3061
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip*** Win32/Bagle.gen.zip worm*** 00000000000000000000000000000000*** I
C:\New Folder\acdsee_3_retail\CORE99.EXE*** a variant of Win32/Packed.PECrypt32.A application*** 00000000000000000000000000000000*** I
C:\WINDOWS\system32\ajagebir.ini*** Win32/Adware.Virtumonde.NEO application*** 00000000000000000000000000000000*** I
C:\WINDOWS\system32\ehihidav.ini*** Win32/Adware.Virtumonde.NEO application*** 00000000000000000000000000000000*** I
C:\WINDOWS\system32\xrljfmos.ini*** Win32/Adware.Virtumonde.NEO application*** 00000000000000000000000000000000*** I
G:\Files\acdsee_3_retail\CORE99.EXE*** a variant of Win32/Packed.PECrypt32.A application*** 00000000000000000000000000000000*** I

ComboFix 10-10-24.06 - Tom 10/25/2010* 13:43:11.1.1 - x86
Microsoft Windows XP Home Edition* 5.1.2600.3.1252.1.1033.18.1023.715 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

(((((((((((((((((((((((((((((((((((((((** Other Deletions** )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ystem~1
c:\windows\run.log
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006215_.tmp.dll
c:\windows\system32\_006216_.tmp.dll
c:\windows\system32\_006217_.tmp.dll
c:\windows\system32\_006218_.tmp.dll
c:\windows\system32\_006225_.tmp.dll
c:\windows\system32\_006226_.tmp.dll
c:\windows\system32\_006227_.tmp.dll
c:\windows\system32\ajagebir.ini
c:\windows\system32\ehihidav.ini
c:\windows\system32\xrljfmos.ini

.
(((((((((((((((((((((((((((((((((((((((** Drivers/Services** )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERVICE

(((((((((((((((((((((((((** Files Created from 2010-09-25 to 2010-10-25* )))))))))))))))))))))))))))))))
.

2010-10-25 18:48 . 2010-10-25 18:48*** --------*** d-----w-*** c:\program files\ESET
2010-10-24 12:30 . 2010-10-24 12:30*** --------*** d-----w-*** c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-10-24 11:54 . 2010-10-24 11:54*** --------*** d-----w-*** c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-24 08:50 . 2010-10-24 08:50*** --------*** d-----w-*** c:\documents and settings\All Users\Application Data\McAfee
2010-10-24 08:50 . 2010-10-24 08:50*** --------*** d-----w-*** c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-10-24 08:50 . 2010-10-24 08:50*** --------*** d-----w-*** c:\program files\McAfee Security Scan
2010-10-15 05:40 . 2010-09-18 06:53*** 974848*** -c----w-*** c:\windows\system32\dllcache\mfc42.dll
2010-10-15 05:40 . 2010-09-18 06:53*** 953856*** -c----w-*** c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 05:39 . 2010-08-23 16:12*** 617472*** -c----w-*** c:\windows\system32\dllcache\comctl32.dll
2010-10-04 18:50 . 2010-10-04 18:50*** --------*** d-----w-*** c:\program files\iTunes
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-04 18:48 . 2010-10-04 18:48*** 159744*** ----a-w-*** c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-04 18:47 . 2010-10-04 18:48*** --------*** d-----w-*** c:\program files\QuickTime
2010-10-04 18:46 . 2010-10-04 18:46*** --------*** d-----w-*** c:\program files\Bonjour
2010-09-26 15:43 . 2010-09-26 15:43*** --------*** d-----w-*** c:\documents and settings\Tom\Application Data\OpenOffice.org
2010-09-26 15:07 . 2010-09-26 15:07*** --------*** d-----w-*** c:\program files\JRE
2010-09-26 15:07 . 2010-09-26 15:07*** --------*** d-----w-*** c:\program files\OpenOffice.org 3
2010-09-26 15:06 . 2010-09-15 11:50*** 472808*** ----a-w-*** c:\windows\system32\deployJava1.dll
2010-09-26 03:29 . 2010-09-02 15:21*** 131072*** ----a-w-*** c:\windows\system32\EKIJCOINST09.dll
2010-09-26 03:29 . 2010-09-02 15:17*** 196608*** ----a-w-*** c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-26 03:29 . 2010-09-02 15:17*** 421888*** ----a-w-*** c:\windows\system32\EKIJ5000MON.dll

.
((((((((((((((((((((((((((((((((((((((((** Find3M Report** ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00*** 974848*** ----a-w-*** c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00*** 974848*** ----a-w-*** c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00*** 954368*** ----a-w-*** c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00*** 953856*** ----a-w-*** c:\windows\system32\mfc40u.dll
2010-09-15 09:29 . 2007-04-19 04:45*** 73728*** ----a-w-*** c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33*** 916480*** ----a-w-*** c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29*** 43520*** ----a-w-*** c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29*** 1469440*** ----a-w-*** c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17*** 94208*** ----a-w-*** c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17*** 69632*** ----a-w-*** c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13*** 38848*** ----a-w-*** c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32*** 167592*** ----a-w-*** c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32*** 46672*** ----a-w-*** c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32*** 165584*** ----a-w-*** c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32*** 23376*** ----a-w-*** c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32*** 100176*** ----a-w-*** c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32*** 94544*** ----a-w-*** c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32*** 17744*** ----a-w-*** c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32*** 28880*** ----a-w-*** c:\windows\system32\drivers\aavmker4.sys
2010-09-01 11:51 . 2001-08-18 12:00*** 285824*** ----a-w-*** c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-18 12:00*** 1852800*** ----a-w-*** c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2001-08-18 12:00*** 119808*** ----a-w-*** c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2001-08-18 12:00*** 99840*** ----a-w-*** c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-18 12:00*** 357248*** ----a-w-*** c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-19 05:52*** 5120*** ----a-w-*** c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2001-08-18 12:00*** 617472*** ----a-w-*** c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55*** 58880*** ----a-w-*** c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16*** 590848*** ----a-w-*** c:\windows\system32\rpcrt4.dll
2010-07-28 01:44 . 2010-07-28 01:44*** 91424*** ----a-w-*** c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44*** 107808*** ----a-w-*** c:\windows\system32\dns-sd.exe
.

(((((((((((((((((((((((((((((((((((((** Reg Loading Points** ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Loadout Manager.lnk - c:\program files\Belkin\Nostromo\nost_LM.exe [2003-6-23 442368]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute*** REG_MULTI_SZ** *** autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 10:43*** 83608*** ----a-w-*** c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-31 00:45*** 313472*** ----a-w-*** c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 5:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 6:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 6:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 5:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 10:17 AM 16168]
S1 MpKsl8e8849bf;MpKsl8e8849bf;\??\c:\windows\system32\MpEngineStore\MpKsl8e8849bf.sys --> c:\windows\system32\MpEngineStore\MpKsl8e8849bf.sys [?]
S2 tcaicchg;tcaicchg;\??\c:\windows\System32\tcaicchg.sys --> c:\windows\System32\tcaicchg.sys [?]
S2 TCAITDI;TCAITDI Protocol;c:\windows\system32\DRIVERS\TCAITDI.sys --> c:\windows\system32\DRIVERS\TCAITDI.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [7/23/2003 12:16 PM 22821]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 7:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = About:Blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = About:Blank
mSearchURL = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - c:\windows\System32\rqRKEXnO.dll
HKLM-Run-LXSUPMON - c:\windows\System32\LXSUPMON.EXE
Notify-rqRIxxXn - (no file)
MSConfigStartUp-runner1 - c:\windows\retadpu72.exe
AddRemove-Ad-Aware SE Personal - c:\progra~1\Lavasoft\AD-AWA~1\UNWISE.EXE
AddRemove-eMule - c:\new folder\eMule\Uninstall.exe
AddRemove-EVEREST Ultimate Edition_is1 - c:\program files\Lavalys\EVEREST Ultimate Edition\unins000.exe
AddRemove-FLV Player - g:\files\FLV Player\uninst.exe
AddRemove-GSpot - c:\program files\GSpot\Uninstall.exe
AddRemove-HijackThis - c:\program files\Hijackthis\HijackThis.exe
AddRemove-Hijackthis_is1 - c:\program files\Hijackthis\unins000.exe
AddRemove-Lexmark Supplies Monitor - c:\windows\System32\LXSMUNIN.EXE
AddRemove-Mozilla Firefox (3.0.10) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-Mozilla Firefox (3.6.11) - g:\files\Mozilla Firefox\uninstall\helper.exe
AddRemove-Mozilla Firefox 4.0b6 (x86 en-US) - g:\files\Mozilla Firefox 4.0 Beta 6\uninstall\helper.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-Xilisoft DVD to iPod Converter - c:\program files\Xilisoft\DVD to iPod Converter 4\Uninstall.exe
AddRemove-YASA DVD to MP4 Converter v2.9 (build 044) - c:\progra~1\YASADV~1\UNWISE.EXE
AddRemove-YASA MP4 Video Converter v3.2 (build 0051) - c:\progra~1\YASAMP~1\UNWISE.EXE
AddRemove-BitTorrent - g:\files\BitTorrent\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-25 14:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...*

scanning hidden autostart entries ...

scanning hidden files ...*

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8705C446]<<
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8712BAB8]
2 ntkrnlpa[0x804EE130] -> CLASSPNP.SYS[0xF7679FD7] -> \Device\Harddisk0\DR0[0x8712BAB8]
3 CLASSPNP[0xF7679FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8700F138]
\Driver\viasraid[0x870206D8] -> IRP_MJ_CREATE -> 0x8705C446
4 ntkrnlpa[0x804EE130] -> UNKNOWN[0x8705C449] -> [0x8700F138]
error: Read \Device\Ide\IdePort0 The system cannot find the file specified.
kernel: MBR read successfully
detected hooks:
\Device\Scsi\viasraid1Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&Rev_#4&17c50b7c&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xf767df28
\Driver\ACPI -> ACPI.sys @ 0xf74e0cb8
\Driver\atapi -> atapi.sys @ 0xf7480852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
*SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
*SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
NDIS:* -> SendCompleteHandler -> 0x0
*PacketIndicateHandler -> 0x0
*SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\WININET.dll
c:\program files\Belkin\Nostromo\nost_FSH.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\windows\System32\nvsvc32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-10-25* 14:11:01 - machine was rebooted
ComboFix-quarantined-files.txt* 2010-10-25 21:10

Pre-Run: 168,726,827,008 bytes free
Post-Run: 168,598,908,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7774A791B92594870C329204C134A0B6

Rstynls, Oct 25, 2010

#3
Bobbye Helper on the Fringe
We have some housekeeping to do: First, you need to uninstall one of these 2 AV programs: Avast or McAfee Multiple AV programs can make a system more vulnerable, not less. Here are tools to help with either:
McAfee Removal
Avast Removal
Reboot the computer after the uninstall.
========================================
To remove the Eset entries:
Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Processes :Files C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip C:\New Folder\acdsee_3_retail\CORE99.EXE C:\WINDOWS\system32\ajagebir.ini C:\WINDOWS\system32\ehihidav.ini C:\WINDOWS\system32\xrljfmos.ini G:\Files\acdsee_3_retail\CORE99.EXE :Commands [purity] [emptytemp] [start explorer] [Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============================================
Open Spybot Search & Destroy and delete the contents of the quarantine folder.
===========================================
When finished, uninstall the following in Add/Remove Programs in the Control Panel:
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
Mozilla Firefox (3.0.10)
All of the above are out of date and you do have the current (except for HijackThis and I'll give you a link to run that later), correct versions installed. These old versions also present a vulnerability.
=========================================
Run the following scan: It will produce a log- I need to see it.
Download CKScanner and save to your desktop.

Double click CKScanner.exe and click Search For Files.

When the cursor hourglass disappears, click [b/]Save List To File.[/b]

A message box will verify that the file is saved.

Double-click the [/b]CKFiles.txt icon[/b] on your desktop and copy/paste the contents
in your next reply.

======================================

Download Bootkit Remover and save to your Desktop

You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

You will see a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C to Copy

Open a Notepad and press CTRL+V to Paste.

Include the report in your next post.

Credits to Broni
=======================================
I will set up script for you to run through Combofix after I see these logs.
Bobbye, Oct 28, 2010

#4

Bobbye Helper on the Fringe

You can go ahead and run this script after you finish the previous instructions.

Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\windows\system32\MpEngineStore\MpKsl8e88 49bf.sys
c:\windows\System32\tcaicchg.sys
c:\windows\system32\DRIVERS\TCAITDI.sys
DDS::
uSearch Page = About:Blank
uSearch Bar = About:Blank
uDefault_Search_URL = About:Blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = About:Blank
mSearchURL = about:blank
mSearchAssistant = about:blank
BHO: {e3bb3f2a-8f67-4b96-a432-8190258c0fd1} - c:\windows\system32\rqRKEXnO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRKEXnO
LSA: Notification Packages = scecli c:\windows\system32\kejajumo.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-

Driver::
MpKsl8e8849bf
tcaicchg
TCAITDI
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
We have more to do.

Bobbye, Oct 28, 2010

#5

Rstynls Newcomer, in training

Update

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip moved successfully.
C:\New Folder\acdsee_3_retail\CORE99.EXE moved successfully.
File/Folder C:\WINDOWS\system32\ajagebir.ini not found.
File/Folder C:\WINDOWS\system32\ehihidav.ini not found.
File/Folder C:\WINDOWS\system32\xrljfmos.ini not found.
File/Folder G:\Files\acdsee_3_retail\CORE99.EXE not found.
========== COMMANDS ==========
C:\Documents and Settings\Tom\Application Data\?ystem32 folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.GAME-MACHINE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 43529803 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 7473 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 41036445 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6712 bytes

User: Tom
->Temp folder emptied: 4354228 bytes
->Temporary Internet Files folder emptied: 5591724 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 341308213 bytes
->Flash cache emptied: 14317 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2229291 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 418.00 mb

OTM by OldTimer - Version 3.1.17.1 log created on 10282010_133654

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\tom\favorites\computer stuff\http--kickme.to-crackz182.url
c:\documents and settings\tom\favorites\computer stuff\seriall.com - serials, keys, keygen, cracks.url
c:\documents and settings\tom\favorites\test\favorites\misc\crack's smilies =).url
c:\documents and settings\tom\favorites\test\favorites\misc\mp3 sound - warez - appz - gamez - mp3z - hacking - serialz - crackz - ftpz.url
c:\documents and settings\tom\favorites\test\misc\best microbez appz - here you can download all !warez! !crackz! !full retail appz! !real direct download! !iso! !gamez!.url
c:\documents and settings\tom\favorites\test\misc\fast downloads - here you can see warez crackz serialz full appz gamez real direct download iso 1 file.url
scanner sequence 3.FN.11
----- EOF -----

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
223 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

ComboFix 10-10-27.A3 - Tom 10/28/2010 15:03:44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.735 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\DRIVERS\TCAITDI.sys"
"c:\windows\system32\MpEngineStore\MpKsl8e88 49bf.sys"
"c:\windows\System32\tcaicchg.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk
c:\documents and settings\Tom\Application Data\Bitrix Security
c:\documents and settings\Tom\Application Data\Bitrix Security\cet.txt
c:\documents and settings\Tom\Application Data\Bitrix Security\lrtg.txt
c:\documents and settings\Tom\Application Data\Bitrix Security\mor.txt
c:\documents and settings\Tom\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Tom\Application Data\Bitrix Security\podzce.dll
c:\documents and settings\Tom\Application Data\Bitrix Security\podzce_shrd
c:\documents and settings\Tom\Application Data\Bitrix Security\rgx.txt
c:\documents and settings\Tom\Application Data\Bitrix Security\uurn
c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPKSL8E8849BF
-------\Legacy_TCAICCHG
-------\Legacy_TCAITDI
-------\Service_MpKsl8e8849bf
-------\Service_tcaicchg
-------\Service_TCAITDI

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 20:36 . 2010-10-28 20:36 -------- d-----w- C:\_OTM
2010-10-28 20:22 . 2010-10-28 20:22 -------- d-sh--w- c:\documents and settings\Tom\IECompatCache
2010-10-25 18:48 . 2010-10-25 18:48 -------- d-----w- c:\program files\ESET
2010-10-24 12:30 . 2010-10-24 12:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-10-24 11:54 . 2010-10-24 11:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-15 05:40 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 05:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 05:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-04 18:50 . 2010-10-04 18:50 -------- d-----w- c:\program files\iTunes
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-04 18:47 . 2010-10-04 18:48 -------- d-----w- c:\program files\QuickTime
2010-10-04 18:46 . 2010-10-04 18:46 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-26 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-04-19 04:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-02 15:21 . 2010-09-26 03:29 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-09-02 15:17 . 2010-09-26 03:29 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-02 15:17 . 2010-09-26 03:29 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-09-01 11:51 . 2001-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2001-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-19 05:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2001-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-31 00:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 5:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 6:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 6:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 5:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 10:17 AM 16168]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 7:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = About:Blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe
ActiveSetup-{CB92D056-5802-4D2E-A0FE-59E3F5EF3598} - c:\documents and settings\Tom\Application Data\Bitrix Security\podzce.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 15:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8705C446]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-28 15:23:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-28 22:23
ComboFix2.txt 2010-10-25 21:11

Pre-Run: 168,369,741,824 bytes free
Post-Run: 168,374,726,656 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D7570FA0DF7E13D15E6ACE1E6A96948E

Rstynls, Oct 28, 2010

#6
Bobbye Helper on the Fringe
Okay. Now I need you to run HijackThis so I can how this is coming up: SearchAssistant = About:Blank

Download the HijackThis Installer and save to the desktop:

Double-click on HJTInstall.exe to run the program.

By default it will install to C:\Program Files\Trend Micro\HijackThis.

Accept the license agreement by clicking the "I Accept" button.

Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.

Click "Save log" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
===============================================
Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:

Code:

File:: c:\windows\system32\drivers\bcgame.sys c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE] Driver:: bcgame EverestDriver

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
When we're finished, you will need to update the Adobe Reader: Visit this Adobe Reader site and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
Bobbye, Oct 29, 2010

#7
Rstynls Newcomer, in training

Update

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:32 PM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = About:Blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = About:Blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...ehicles/2005/prius/key_features/pc/index.html
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: rqRIxxXn - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9453 bytes

ComboFix 10-10-27.A3 - Tom 11/01/2010 17:55:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.727 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
"c:\windows\system32\drivers\bcgame.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EVERESTDRIVER
-------\Service_bcgame
-------\Service_EverestDriver

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-01 19:49 . 2010-11-01 19:49 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:49 . 2010-11-01 19:49 -------- d-----w- c:\program files\Trend Micro
2010-10-28 20:36 . 2010-10-28 20:36 -------- d-----w- C:\_OTM
2010-10-28 20:22 . 2010-10-28 20:22 -------- d-sh--w- c:\documents and settings\Tom\IECompatCache
2010-10-25 18:48 . 2010-10-25 18:48 -------- d-----w- c:\program files\ESET
2010-10-24 12:30 . 2010-10-24 12:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-10-24 11:54 . 2010-10-24 11:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-15 05:40 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 05:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 05:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-04 18:50 . 2010-10-04 18:50 -------- d-----w- c:\program files\iTunes
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-04 18:48 . 2010-10-04 18:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-04 18:47 . 2010-10-04 18:48 -------- d-----w- c:\program files\QuickTime
2010-10-04 18:46 . 2010-10-04 18:46 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-26 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-04-19 04:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-02 15:21 . 2010-09-26 03:29 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-09-02 15:17 . 2010-09-26 03:29 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-02 15:17 . 2010-09-26 03:29 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-09-01 11:51 . 2001-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2001-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-19 05:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2001-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-31 00:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 5:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 6:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 6:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 5:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 10:17 AM 16168]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 7:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = About:Blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 18:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8705D446]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\WDBtnMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-11-01 18:18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-02 01:18
ComboFix2.txt 2010-10-28 22:24
ComboFix3.txt 2010-10-25 21:11

Pre-Run: 166,740,090,880 bytes free
Post-Run: 167,640,354,816 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 51DFF10F66C69A0712B06ACF275F48D8

Rstynls, Nov 1, 2010

#8
Bobbye Helper on the Fringe
You are very patient! The thread turned the age and I didn't- sorry.
Before I forget, next time you open Notepad, please click on Format> Uncheck 'Word Wrap.' That will make it much easier for you to paste and for me to read the logs.

The CK scan shows several entries for pirated data:
c:\documents and settings\tom\favorites\computer stuff\http--kickme.to-crackz182.url
c:\documents and settings\tom\favorites\computer stuff\seriall.com - serials, keys, keygen, cracks.url
c:\documents and settings\tom\favorites\test\favorites\misc\crack's smilies =).url
c:\documents and settings\tom\favorites\test\favorites\misc\mp3 sound - warez - appz - gamez - mp3z - hacking - serialz - crackz - ftpz.url
c:\documents and settings\tom\favorites\test\misc\best microbez appz - here you can download all !warez! !crackz! !full retail appz! !real direct download! !iso! !gamez!.url
c:\documents and settings\tom\favorites\test\misc\fast downloads - here you can see warez crackz serialz full appz gamez real direct download iso 1 file.url
scanner sequence 3.FN.11
Cracks and keygens are used to activate a program using a license key or activation code in order to get a program without paying for it.

Please remove all of the entries above if you want continued support. Reboot the computer when finished, then repeat the CK Scan.
=============================================
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

Copy the file(s) path in the below Code box:

At the upload site, click once inside the window next to Browse.

Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

Code:

: [Select] c:\windows\system32\rqRKEXnO.dll c:\windows\system32\kejajumo.dll

Next click Submit file

Your file will possibly be entered into a queue which normally takes less than a minute to clear.

This will perform a scan across multiple different virus scanning engines.

Important: Wait for all of the scanning engines to complete.

Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

==============================================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = About:Blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = About:Blank
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (See Note 1)
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS.../pc/index.html
O20 - Winlogon Notify: rqRIxxXn - Invalid registry found

Close all Windows except HijackThis and click on "Fix Checked."

Note 1: RegShave:
Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
=======================================
You will need to update the Adobe Reader to v9.xx when we are finished: Visit this Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.

I have script written for you to run through Combofix. After I see the logs from the above scans, I will know if I need to include any other entries.
Bobbye, Nov 6, 2010

#9
Rstynls Newcomer, in training

NP, very patient. Appreciate the help.

Wordwrap not checked.

Old bookmarks deleted.

Jotti's didn't work. Couldn't paste anything, either ctrl-v or right click. Looked up files manually, they weren't there.

Uninstalled Adobe Reader v7, haven't installed v9 yet.

Logs:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:18 AM, on 11/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8697 bytes

Rstynls, Nov 8, 2010

#10
Bobbye Helper on the Fringe
Try these again please- I should have put them in a Quote box, not a Code box. If nothing comes up with Jotti, try this:
Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

[1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page- remember, only select one at a time:
.

c:\windows\system32\rqRKEXnO.dll

c:\windows\system32\kejajumo.dll

[2]. At the upload site, click once inside the window next to Browse.
[3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
[4]. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
[5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
[6]. Paste the contents of the Clipboard in your next reply.
Bobbye, Nov 8, 2010

#11
Rstynls Newcomer, in training

Tried them all. Unable to paste anything in the submit box on any of them. Tried manually browsing for the files and they are not there.

Could be part of the virus I guess. Can't make posts to message boards either. Have to do this from a different computer.

Rstynls, Nov 8, 2010

#12
Bobbye Helper on the Fringe

Windows Updates can wait. Is this the only site you can't post to? Do you access it?

Bobbye, Nov 9, 2010

#13
Rstynls Newcomer, in training

Turned off Windows Update, it seemed to keep crashing the computer when it tried to check on its own.

I can see the message board just when I hit the submit button I get an error page that says no network connection, pretty sure it happens anywhere there is a submit button.

Doesn't let me send emails from hotmail either. Soon after I tried my account was locked, same with my gmail account. Reset passwords and not accessing anything that uses a password on that computer.

The longer I leave it on I get Avast popping with virus alerts, always a svchost file. Oh and at some point something crashes and I lose sound.

I can start writing down the errors if you want.

Rstynls, Nov 9, 2010

#14

Bobbye Helper on the Fringe

Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\program files\lavalys\everest ultimate edition\kerneld.wnt
Folder::
c:\docume~1\alluse~1\applic~1\McAfee Security Scan
c:\program files\McAfee Security Scan

DDS::
uSearch Page = About:Blank
uSearch Bar = About:Blank
uDefault_Search_URL = About:Blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = About:Blank
mSearchURL = about:blank
mSearchAssistant = about:blank
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&6&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/.../pc/index.html

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn] 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
In Errors: Are you using the following?/
10/22/2010 9:33:41 PM, The TCAITDI Protocol service failed to start due to the following error:* The system cannot find the file specified.
TCAICCHG.SYS Related to TCAICCHG.SYS 3Com Windows NT NIC Diagnostic Memory/Port Access Driver.
10/22/2010 9:33:41 PM, - The tcaicchg service failed to start due to the following error:* The system cannot find the file specified.
10/22/2010 9:33:41 PM, The PfModNT service failed to start due to the following error:* The system cannot find the file specified.>> Related to PfModNT.sys PCI/ISA Device Info. Service from Creative Technology\
10/22/2010 9:33:10 PM, error: iviVD [9]* - The device, \Device\Scsi\iviVD1, did not respond within the timeout period.>>>virtual drive that AUTOMATICALLY gets installed with intervideo copy dvd 4

Bobbye, Nov 12, 2010

#15

Bobbye Helper on the Fringe

Closed due to inactivity. Please PM your helper if you need this thread reopened.

Bobbye, Nov 18, 2010

#16
Bobbye Helper on the Fringe
Reopened at member's request.

Please provide description of continuing problems.
Also new scan with Combofix.

And Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Re-enable your Antivirus software.

A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Note: We close these threads if there has not been a reply for 5 days. This is both to prevent others from posting on the thread and also because earlier logs may be out of date.
Bobbye, Nov 18, 2010

#17
Rstynls Newcomer, in training

Logs

Thanks

No real changes since the beginning, accept now Avast catches something called taskcgr.exe, also noticed after about an hour I lose audio through windows media player.

On the errors you mentioned in the previous post, no programs I'm using/need.

Logs:

ComboFix 10-11-18.03 - Tom 11/18/2010 20:11:49.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.420 [GMT -8:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsp21.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-11-12 07:05 . 2010-11-12 07:05 0 ----a-w- c:\windows\system32\lsp21.tmp
2010-11-03 05:07 . 2010-11-03 05:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Mozilla Corporation
2010-11-01 19:49 . 2010-11-01 19:49 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:49 . 2010-11-01 19:49 -------- d-----w- c:\program files\Trend Micro
2010-10-28 20:36 . 2010-10-28 20:36 -------- d-----w- C:\_OTM
2010-10-28 20:22 . 2010-10-28 20:22 -------- d-sh--w- c:\documents and settings\Tom\IECompatCache
2010-10-25 18:48 . 2010-10-25 18:48 -------- d-----w- c:\program files\ESET
2010-10-24 12:30 . 2010-10-24 12:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-10-24 11:54 . 2010-11-02 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-26 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-04-19 04:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-02 15:21 . 2010-09-26 03:29 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-09-02 15:17 . 2010-09-26 03:29 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-02 15:17 . 2010-09-26 03:29 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-09-01 11:51 . 2001-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2001-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-19 05:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2001-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 4:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 5:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 5:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 4:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 9:17 AM 16168]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 6:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 20:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: VIA_SATA rev.____ -> Harddisk0\DR0 -> \Device\Scsi\viasraid1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8705D446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87063504]; MOV EAX, [0x87063580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8712BAB8]
3 CLASSPNP[0xF7640FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8700C678]
\Driver\viasraid[0x87053560] -> IRP_MJ_CREATE -> 0x8705D446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\viasraid1Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&Rev_#4&17c50b7c&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\WDBtnMgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-11-18 20:33:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-19 04:33
ComboFix2.txt 2010-11-02 01:18
ComboFix3.txt 2010-10-28 22:24
ComboFix4.txt 2010-10-25 21:11

Pre-Run: 166,402,981,888 bytes free
Post-Run: 167,253,151,744 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4ECD232065445E642D7162C1931F9978

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd05b446a638da4ea8ee7160551946f8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-25 07:47:10
# local_time=2010-10-25 12:47:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 15384598 15384598 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=166279
# found=6
# cleaned=0
# scan_time=3061
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\New Folder\acdsee_3_retail\CORE99.EXE a variant of Win32/Packed.PECrypt32.A application 00000000000000000000000000000000 I
C:\WINDOWS\system32\ajagebir.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINDOWS\system32\ehihidav.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINDOWS\system32\xrljfmos.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
G:\Files\acdsee_3_retail\CORE99.EXE a variant of Win32/Packed.PECrypt32.A application 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd05b446a638da4ea8ee7160551946f8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-19 05:22:27
# local_time=2010-11-18 09:22:27 (-0800, Pacific Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1414144 1414144 0 0
# compatibility_mode=768 16777215 100 0 17493146 17493146 0 0
# compatibility_mode=8192 67108863 100 0 2022601 2022601 0 0
# scanned=80649
# found=13
# cleaned=0
# scan_time=2631
C:\Qoobox\Quarantine\C\Documents and Settings\Tom\Application Data\Bitrix Security\podzce.dll.vir Win32/AutoRun.Spy.Ambler.CE worm 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ajagebir.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ehihidav.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp21.dll.vir Win32/TrojanClicker.Agent.NMF trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xrljfmos.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4D144980-39AB-4148-9EEB-A6415203F250}\RP1337\A0153618.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4D144980-39AB-4148-9EEB-A6415203F250}\RP1337\A0153619.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4D144980-39AB-4148-9EEB-A6415203F250}\RP1337\A0153620.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4D144980-39AB-4148-9EEB-A6415203F250}\RP1345\A0156930.dll Win32/AutoRun.Spy.Ambler.CE worm 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4D144980-39AB-4148-9EEB-A6415203F250}\RP1349\A0172934.exe Win32/TrojanClicker.Agent.NME trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4D144980-39AB-4148-9EEB-A6415203F250}\RP1350\A0173137.dll Win32/TrojanClicker.Agent.NMF trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\10282010_133654\C_Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\10282010_133654\C_New Folder\acdsee_3_retail\CORE99.EXE a variant of Win32/Packed.PECrypt32.A application 00000000000000000000000000000000 I

Rstynls, Nov 19, 2010

#18
Bobbye Helper on the Fringe
No real changes since the beginning, accept now Avast catches something called taskcgr.exe, also noticed after about an hour I lose audio through windows media player.

Let's get together here. You started this 3 weeks ago. I helped you through several scans, including setting up removals for the Eset entries and multiple scripts to run through Combofix. You left the thread and I closed it after 5 days of no reply.

The Eset scan shows no new infections. Did you run the last script I left?
============================================

Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)

Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.

Double click on TDSSKiller.exe. to run the scan

When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).

Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43

After clicking Next, the utility applies selected actions and outputs the result.

A reboot is required after disinfection.
Bobbye, Nov 20, 2010

#19
Rstynls Newcomer, in training

Logs

Possibly Avast updated and its something it now catches? Or I just didn't notice it. I get alot of virus messages and things crashing. Have been keeping a list now. Avast also catches alot of svchost.exe and I get a popup for "Generic Host Process for Win32 Services" shutting down.

Ran the script but it didn't post a log after computer restarted, mentioned that when I messaged you but understand you are helping alot of people and just missed it because its not in this thread. Just ran it again and log follows along with TDSSKiller log.

ComboFix 10-11-20.03 - Tom 11/20/2010 17:34:07.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.412 [GMT -8:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\program files\lavalys\everest ultimate edition\kerneld.wnt"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\regshave\REGSHAVE.EXE

.
((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-11-12 07:05 . 2010-11-12 07:05 0 ----a-w- c:\windows\system32\lsp21.tmp
2010-11-03 05:07 . 2010-11-03 05:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Mozilla Corporation
2010-11-01 19:49 . 2010-11-01 19:49 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:49 . 2010-11-01 19:49 -------- d-----w- c:\program files\Trend Micro
2010-10-28 20:36 . 2010-10-28 20:36 -------- d-----w- C:\_OTM
2010-10-28 20:22 . 2010-10-28 20:22 -------- d-sh--w- c:\documents and settings\Tom\IECompatCache
2010-10-25 18:48 . 2010-10-25 18:48 -------- d-----w- c:\program files\ESET
2010-10-24 12:30 . 2010-10-24 12:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-10-24 11:54 . 2010-11-02 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-26 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-04-19 04:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-02 15:21 . 2010-09-26 03:29 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-09-02 15:17 . 2010-09-26 03:29 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-02 15:17 . 2010-09-26 03:29 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-09-01 11:51 . 2001-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2001-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-19 05:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2001-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-25_21.06.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 01:17 . 2010-11-21 01:17 16384 c:\windows\Temp\Perflib_Perfdata_bb0.dat
+ 2001-08-18 12:00 . 2010-11-08 06:57 72446 c:\windows\system32\perfc009.dat
- 2001-08-18 12:00 . 2010-10-08 06:28 72446 c:\windows\system32\perfc009.dat
+ 2001-08-18 12:00 . 2010-11-08 06:57 443942 c:\windows\system32\perfh009.dat
- 2001-08-18 12:00 . 2010-10-08 06:28 443942 c:\windows\system32\perfh009.dat
+ 2010-11-01 19:49 . 2010-11-01 19:49 1094656 c:\windows\Installer\9aa12.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 4:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 5:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 5:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 4:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 9:17 AM 16168]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 6:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-20 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: VIA_SATA rev.____ -> Harddisk0\DR0 -> \Device\Scsi\viasraid1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8705D446]<<
c:\docume~1\Tom\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87063504]; MOV EAX, [0x87063580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8712BAB8]
3 CLASSPNP[0xF7640FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86FCF928]
\Driver\viasraid[0x87053560] -> IRP_MJ_CREATE -> 0x8705D446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\viasraid1Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&Rev_#4&17c50b7c&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\WININET.dll
.
Completion time: 2010-11-20 17:49:41
ComboFix-quarantined-files.txt 2010-11-21 01:49
ComboFix2.txt 2010-11-19 04:33
ComboFix3.txt 2010-11-02 01:18
ComboFix4.txt 2010-10-28 22:24
ComboFix5.txt 2010-11-21 01:29

Pre-Run: 166,796,300,288 bytes free
Post-Run: 167,066,992,640 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D87FEE5C3CDB25E42DF5ECA83A277AD6

2010/11/20 17:54:20.0750 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/20 17:54:20.0750 ================================================================================
2010/11/20 17:54:20.0750 SystemInfo:
2010/11/20 17:54:20.0750
2010/11/20 17:54:20.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/20 17:54:20.0765 Product type: Workstation
2010/11/20 17:54:20.0765 ComputerName: GAME-MACHINE
2010/11/20 17:54:20.0765 UserName: Tom
2010/11/20 17:54:20.0765 Windows directory: C:\WINDOWS
2010/11/20 17:54:20.0765 System windows directory: C:\WINDOWS
2010/11/20 17:54:20.0765 Processor architecture: Intel x86
2010/11/20 17:54:20.0765 Number of processors: 1
2010/11/20 17:54:20.0765 Page size: 0x1000
2010/11/20 17:54:20.0765 Boot type: Normal boot
2010/11/20 17:54:20.0765 ================================================================================
2010/11/20 17:54:20.0984 Initialize success
2010/11/20 17:54:26.0078 ================================================================================
2010/11/20 17:54:26.0078 Scan started
2010/11/20 17:54:26.0078 Mode: Manual;
2010/11/20 17:54:26.0078 ================================================================================
2010/11/20 17:54:26.0593 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/20 17:54:26.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/20 17:54:26.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/20 17:54:27.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/20 17:54:27.0187 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/20 17:54:27.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/20 17:54:27.0703 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/20 17:54:27.0937 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2010/11/20 17:54:28.0046 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/20 17:54:28.0125 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/20 17:54:28.0218 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/20 17:54:28.0296 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/20 17:54:28.0359 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/20 17:54:28.0406 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/20 17:54:28.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/20 17:54:28.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/20 17:54:28.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/20 17:54:28.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/20 17:54:28.0953 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/11/20 17:54:28.0968 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/11/20 17:54:29.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/20 17:54:29.0359 CdaD10BA (841cefab8228ee691705d059e7f21c47) C:\WINDOWS\System32\drivers\CdaD10BA.SYS
2010/11/20 17:54:29.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/20 17:54:29.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/20 17:54:29.0562 Cdr4_xp (cedcbeee331deffe6999b6b4162e2246) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/20 17:54:29.0671 Cdralw2k (38b2f2439213fd5095f654afded23457) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/20 17:54:29.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/20 17:54:29.0781 cdudf_xp (294f75a9f2c3317c61f5e51325e9976c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/20 17:54:30.0000 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
2010/11/20 17:54:30.0156 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2010/11/20 17:54:30.0250 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/11/20 17:54:30.0343 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/11/20 17:54:30.0437 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
2010/11/20 17:54:30.0546 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/11/20 17:54:30.0609 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2010/11/20 17:54:30.0687 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2010/11/20 17:54:30.0750 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2010/11/20 17:54:30.0828 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2010/11/20 17:54:30.0875 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
2010/11/20 17:54:30.0984 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2010/11/20 17:54:31.0093 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2010/11/20 17:54:31.0171 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/11/20 17:54:31.0265 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
2010/11/20 17:54:31.0359 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/11/20 17:54:31.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/20 17:54:31.0718 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/20 17:54:31.0812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/20 17:54:31.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/20 17:54:31.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/20 17:54:32.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/20 17:54:32.0234 DVDVRRdr_xp (a2abb2a771a522b9dd57ce57d9960661) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2010/11/20 17:54:32.0312 dvd_2K (9d6fabf24b9ac7bd2ef52d7907fd2f8e) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/20 17:54:32.0406 EL2000 (9d356817b223067ff6f7f9eb867585ef) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
2010/11/20 17:54:32.0500 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/11/20 17:54:32.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/20 17:54:32.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/20 17:54:32.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/20 17:54:32.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/20 17:54:32.0906 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/20 17:54:33.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/20 17:54:33.0078 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/20 17:54:33.0125 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/11/20 17:54:33.0203 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/20 17:54:33.0281 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/20 17:54:33.0375 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/20 17:54:33.0453 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/11/20 17:54:33.0578 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/11/20 17:54:33.0718 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/11/20 17:54:33.0812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/20 17:54:34.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/20 17:54:34.0218 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/20 17:54:34.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/20 17:54:34.0515 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/20 17:54:34.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/20 17:54:34.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/20 17:54:34.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/20 17:54:34.0843 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/20 17:54:34.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/20 17:54:35.0015 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/20 17:54:35.0078 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/11/20 17:54:35.0156 iviVD (7bd8ff29fecc1f4ef5b26ce3ffa80ae8) C:\WINDOWS\system32\DRIVERS\iviVD.sys
2010/11/20 17:54:35.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/20 17:54:35.0281 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/20 17:54:35.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/20 17:54:35.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/20 17:54:35.0671 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/11/20 17:54:35.0781 mmc_2K (0ba70511363a4a148815c6e57a5f99c5) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/20 17:54:35.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/20 17:54:35.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/20 17:54:36.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/20 17:54:36.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/20 17:54:36.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/20 17:54:36.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/20 17:54:36.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/20 17:54:36.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/20 17:54:36.0593 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/20 17:54:36.0671 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/20 17:54:36.0734 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/20 17:54:36.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/20 17:54:36.0921 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/20 17:54:37.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/20 17:54:37.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/20 17:54:37.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/20 17:54:37.0218 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/20 17:54:37.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/20 17:54:37.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/20 17:54:37.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/20 17:54:37.0562 netr28u (6f8480809d14f0594b4b1df07385da33) C:\WINDOWS\system32\DRIVERS\netr28u.sys
2010/11/20 17:54:37.0718 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/20 17:54:37.0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/20 17:54:37.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/20 17:54:37.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/20 17:54:38.0140 nv (c823d5e609762c075f26f7fc56690f34) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/20 17:54:38.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/20 17:54:38.0406 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/20 17:54:38.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/20 17:54:38.0578 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/11/20 17:54:38.0671 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/20 17:54:38.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/20 17:54:38.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/20 17:54:38.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/20 17:54:39.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/20 17:54:39.0468 PfDetNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\System32\drivers\PfModNT.sys
2010/11/20 17:54:39.0515 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\System32\drivers\PfModNT.sys
2010/11/20 17:54:39.0609 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/20 17:54:39.0687 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/20 17:54:39.0781 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/20 17:54:39.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/20 17:54:39.0921 pwd_2k (a69812bcdf900f99e3ace4c38a3aefb2) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/20 17:54:40.0000 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/20 17:54:40.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/20 17:54:40.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/20 17:54:40.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/20 17:54:40.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/20 17:54:40.0578 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/20 17:54:40.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/20 17:54:40.0765 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/20 17:54:40.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/20 17:54:40.0984 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2010/11/20 17:54:41.0078 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/20 17:54:41.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/20 17:54:41.0312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/20 17:54:41.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/20 17:54:41.0500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/20 17:54:41.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/20 17:54:41.0812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/20 17:54:41.0921 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/20 17:54:42.0046 Sus2pl (3461268d6daa38b65de2936f521afbc4) C:\WINDOWS\system32\DRIVERS\sus2pl.sys
2010/11/20 17:54:42.0125 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/20 17:54:42.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/20 17:54:42.0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/20 17:54:42.0609 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/20 17:54:42.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/20 17:54:42.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/20 17:54:42.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/20 17:54:43.0031 UdfReadr_xp (8d719ae3cc449768963a6a1f7ff4b769) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/11/20 17:54:43.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/20 17:54:43.0234 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/20 17:54:43.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/20 17:54:43.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/20 17:54:43.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/20 17:54:43.0437 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/20 17:54:43.0515 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/20 17:54:43.0578 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/11/20 17:54:43.0656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/20 17:54:43.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/20 17:54:43.0781 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/20 17:54:43.0859 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/20 17:54:43.0921 viasraid (45469fa05947d75874316649a22878d4) C:\WINDOWS\system32\DRIVERS\VIASRAID.SYS
2010/11/20 17:54:43.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/20 17:54:44.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/20 17:54:44.0187 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/20 17:54:44.0421 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/20 17:54:44.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/20 17:54:44.0593 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/20 17:54:44.0703 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2010/11/20 17:54:44.0859 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/20 17:54:44.0859 ================================================================================
2010/11/20 17:54:44.0875 Scan finished
2010/11/20 17:54:44.0875 ================================================================================
2010/11/20 17:54:44.0906 Detected object count: 1
2010/11/20 17:55:03.0890 \HardDisk0 - will be cured after reboot
2010/11/20 17:55:03.0890 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/20 17:55:19.0750 Deinitialize success

Rstynls, Nov 20, 2010

#20

(You must log in or sign up to reply here.)

Page 1 of 2

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved