[Closed] Threat of possible malware - 8 step plan completed - logs pasted

Status
Not open for further replies.

zenoperegrinus

Posts: 10   +0
Hi guys,

I think I may have malware on my machine again. It's started running slow and some files have stopped running completely. I've followed the 8 step plan. Please find the (4) log files below.

Much appreciated

Zeno

-----------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/04/2011 11:06:47
mbam-log-2011-04-19 (11-06-47).txt

Scan type: Quick scan
Objects scanned: 149144
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------------
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-19 11:13:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0303
Running: 3r6m53n7.exe; Driver: C:\DOCUME~1\ZENOPE~1\LOCALS~1\Temp\kxrirpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA2110BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA21109D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA2110B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
-----------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 26/08/2009 17:19:18
System Uptime: 19/04/2011 09:42:27 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 43.424 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP183: 19/01/2011 19:03:18 - System Checkpoint
RP184: 21/01/2011 23:50:18 - System Checkpoint
RP185: 22/01/2011 23:58:51 - System Checkpoint
RP186: 25/01/2011 14:38:13 - System Checkpoint
RP187: 28/01/2011 00:49:10 - System Checkpoint
RP188: 30/01/2011 01:29:24 - System Checkpoint
RP189: 31/01/2011 01:56:01 - System Checkpoint
RP190: 02/02/2011 00:48:37 - System Checkpoint
RP191: 04/02/2011 11:42:51 - System Checkpoint
RP192: 06/02/2011 15:20:49 - System Checkpoint
RP193: 10/02/2011 09:23:50 - System Checkpoint
RP194: 10/02/2011 17:43:23 - Software Distribution Service 3.0
RP195: 11/02/2011 18:55:06 - System Checkpoint
RP196: 12/02/2011 23:24:48 - System Checkpoint
RP197: 14/02/2011 09:23:27 - System Checkpoint
RP198: 15/02/2011 12:44:03 - System Checkpoint
RP199: 16/02/2011 00:28:11 - Software Distribution Service 3.0
RP200: 16/02/2011 11:24:03 - Removed Ask Toolbar.
RP201: 17/02/2011 14:50:20 - System Checkpoint
RP202: 18/02/2011 17:09:25 - System Checkpoint
RP203: 19/02/2011 23:36:36 - System Checkpoint
RP204: 21/02/2011 00:06:56 - System Checkpoint
RP205: 23/02/2011 11:46:46 - System Checkpoint
RP206: 25/02/2011 01:02:50 - System Checkpoint
RP207: 26/02/2011 10:42:38 - System Checkpoint
RP208: 27/02/2011 00:48:23 - Software Distribution Service 3.0
RP209: 28/02/2011 11:51:57 - System Checkpoint
RP210: 02/03/2011 13:35:30 - System Checkpoint
RP211: 03/03/2011 23:23:00 - System Checkpoint
RP212: 06/03/2011 13:58:39 - System Checkpoint
RP213: 09/03/2011 14:36:22 - Software Distribution Service 3.0
RP214: 11/03/2011 12:50:46 - System Checkpoint
RP215: 14/03/2011 12:23:49 - System Checkpoint
RP216: 15/03/2011 18:17:18 - System Checkpoint
RP217: 17/03/2011 10:25:16 - System Checkpoint
RP218: 18/03/2011 13:30:43 - System Checkpoint
RP219: 22/03/2011 11:00:21 - System Checkpoint
RP220: 23/03/2011 11:53:56 - System Checkpoint
RP221: 24/03/2011 12:00:25 - Software Distribution Service 3.0
RP222: 25/03/2011 13:58:25 - System Checkpoint
RP223: 27/03/2011 10:50:40 - System Checkpoint
RP224: 28/03/2011 13:53:00 - System Checkpoint
RP225: 29/03/2011 14:05:37 - System Checkpoint
RP226: 31/03/2011 18:58:01 - System Checkpoint
RP227: 03/04/2011 14:20:35 - System Checkpoint
RP228: 04/04/2011 00:38:42 - ARO 2011 - Before Installation
RP229: 04/04/2011 00:42:57 - ARO 2011 - FIRST RUN
RP230: 05/04/2011 10:33:46 - System Checkpoint
RP231: 06/04/2011 14:20:34 - System Checkpoint
RP232: 08/04/2011 12:49:27 - System Checkpoint
RP233: 10/04/2011 10:45:26 - System Checkpoint
RP234: 11/04/2011 10:50:31 - System Checkpoint
RP235: 12/04/2011 11:49:27 - System Checkpoint
RP236: 14/04/2011 00:43:41 - System Checkpoint
RP237: 15/04/2011 11:05:06 - System Checkpoint
RP238: 15/04/2011 12:00:48 - Software Distribution Service 3.0
RP239: 16/04/2011 12:10:39 - Software Distribution Service 3.0
RP240: 19/04/2011 01:17:01 - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Altitude
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ASUSUpdate for Eee PC
Atheros Client Installation Program
avast! Free Antivirus
Azurewave Wireless LAN Card
Bonjour
CM 03-04 Demo
Compatibility Pack for the 2007 Office system
Data Sync
EasyZip
Eee Docking 1.3.1.0
EeePC_1005HA Screen Saver
EzMessenger
FontResizer
Football Manager 2010
Foxit Reader
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet P4010_P4510 Series
Intel(R) Graphics Media Accelerator Driver
IP Hider 4.9
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (Spanish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
QuickTime
Rapport
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 5.1
Steam
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
18/04/2011 23:04:07, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 23:04:07, error: Service Control Manager [7034] - The PrivacyProvider service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 23:04:06, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 23:04:06, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 23:04:06, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 23:04:06, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
18/04/2011 23:04:03, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 10:43:40, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
15/04/2011 17:09:18, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
14/04/2011 14:41:53, error: System Error [1003] - Error code 10000050, parameter1 96d2291c, parameter2 00000001, parameter3 f736ec20, parameter4 00000000.
14/04/2011 14:41:50, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8053ba38, parameter3 a9acfc08, parameter4 00000000.
14/04/2011 14:41:30, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805bc23d, parameter3 a90f1b64, parameter4 00000000.
14/04/2011 14:41:25, error: System Error [1003] - Error code 10000050, parameter1 94e5703c, parameter2 00000001, parameter3 f732e7e6, parameter4 00000000.
14/04/2011 14:41:22, error: System Error [1003] - Error code 100000d1, parameter1 ea470bf1, parameter2 00000002, parameter3 00000001, parameter4 aa089489.
14/04/2011 14:40:58, error: System Error [1003] - Error code 100000d1, parameter1 e13c5000, parameter2 0000001c, parameter3 00000001, parameter4 9ea6d41d.
14/04/2011 14:40:01, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by zenoperegrinus at 11:31:34.89 on 19/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.555 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PrivacyProvider.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\zenoperegrinus\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 66.63.165.11:3128
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [limewire plus+] "c:\program files\limewire plus+\limewire.exe" -h
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IPHider] c:\program files\ip hider\IP Hider.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\PrivacyProvider.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {67084B91-FE65-4032-8A1B-9CEE301A6A95} - hxxp://upload.travelpod.com/includes/ImageUploader6.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-19 165584]
R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-19 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-5 54752]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-28 38912]
R3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [2011-4-15 2740224]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-17 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-5 1684736]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 40384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-5 232872]
.
=============== Created Last 30 ================
.
2011-04-15 14:43:07 471040 ----a-w- c:\windows\system32\RegisterLSP.exe
2011-04-15 14:43:07 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe
2011-04-15 14:43:07 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
2011-04-15 14:43:00 -------- d-----w- c:\program files\IP Hider
2011-04-15 13:58:34 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-04-15 13:44:48 -------- d-----w- c:\docume~1\zenope~1\applic~1\AVSoftware
2011-04-15 13:35:37 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-04-15 13:35:31 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~1
2011-04-15 13:35:29 -------- d-----w- c:\program files\Anonymous Web Surfing
2011-04-07 16:25:26 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2011-04-07 16:25:22 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2011-04-07 16:25:18 -------- d-----w- c:\program files\Hide The IP 2010
2011-04-07 16:24:40 -------- d-----w- c:\docume~1\zenope~1\locals~1\applic~1\PackageAware
2011-04-07 15:40:00 -------- d-----w- c:\docume~1\zenope~1\applic~1\RealHideIP
2011-04-07 15:40:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\RealHideIP
2011-04-05 20:15:04 312768 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.13\ppp.dll
2011-04-05 20:15:03 624056 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.13\mframe.dll
2011-04-05 20:15:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\PPLive
2011-04-03 21:42:43 -------- d-----w- c:\docume~1\zenope~1\applic~1\Sammsoft
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 11:32:49.90 ===============
 
Welcome to TechSpot! IT would help if you could be more descriptive of the problems.

Question: Is this your ISP> OC3 Networks & Web Solutions, LLC
Do they require a proxy?
============================
Please disable or uninstall LimeWire and any other file sharing programs you have while I am helping clean the system:
============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
======================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Thanks Bobbye,

Please find the logs below.
-----------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application
-----------------------------------

ComboFix 11-04-20.03 - zenoperegrinus 21/04/2011 9:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.589 [GMT 3:00]
Running from: c:\documents and settings\zenoperegrinus\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\zenoperegrinus\Application Data\PriceGong
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\1.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\a.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\b.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\c.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\d.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\e.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\f.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\g.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\h.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\i.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\J.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\k.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\l.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\m.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\n.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\o.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\p.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\q.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\r.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\s.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\t.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\u.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\v.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\w.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\x.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\y.xml
c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\z.xml
c:\documents and settings\zenoperegrinus\Application Data\Tiweox
c:\documents and settings\zenoperegrinus\Application Data\Tiweox\nawee.tmp
c:\documents and settings\zenoperegrinus\Application Data\Tiweox\nawee.uqb
c:\documents and settings\zenoperegrinus\WINDOWS
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-20 07:13 . 2011-04-20 07:13 -------- d-----w- c:\program files\ESET
2011-04-15 14:43 . 2010-01-26 07:24 471040 ----a-w- c:\windows\system32\RegisterLSP.exe
2011-04-15 14:43 . 2010-01-26 07:23 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
2011-04-15 14:43 . 2010-01-26 07:22 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe
2011-04-15 14:43 . 2011-04-15 14:43 -------- d-----w- c:\program files\IP Hider
2011-04-15 13:58 . 2011-04-15 13:58 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-04-15 13:44 . 2011-04-15 13:44 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\AVSoftware
2011-04-15 13:35 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-04-15 13:35 . 2011-04-15 14:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2011-04-15 13:35 . 2011-04-15 14:10 -------- d-----w- c:\program files\Anonymous Web Surfing
2011-04-07 16:25 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2011-04-07 16:25 . 2011-04-11 09:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2011-04-07 16:25 . 2011-04-11 09:02 -------- d-----w- c:\program files\Hide The IP 2010
2011-04-07 16:24 . 2011-04-07 16:24 -------- d-----w- c:\documents and settings\zenoperegrinus\Local Settings\Application Data\PackageAware
2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\RealHideIP
2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP
2011-04-05 20:15 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\ppp.dll
2011-04-05 20:15 . 2010-11-11 10:40 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\mframe.dll
2011-04-05 20:15 . 2011-04-15 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLive
2011-04-03 21:42 . 2011-04-11 09:57 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\Sammsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-04-28 05:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2009-04-28 04:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2009-04-28 04:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2009-04-28 04:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2009-04-28 04:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2009-04-28 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-04-28 04:51 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2009-04-28 04:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2009-04-28 04:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-05 16:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2009-04-28 04:51 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2009-04-28 04:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2009-04-28 04:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2009-04-28 04:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2009-04-28 04:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2009-04-28 05:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-04-28 05:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2009-04-28 04:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 19:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"IPHider"="c:\program files\IP Hider\IP Hider.exe" [2010-02-26 1560576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-5 376832]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:416082759509
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [04/10/2010 01:43 59240]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/08/2010 20:37 165584]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [20/04/2011 11:42 57144]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [04/10/2010 01:43 169320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/08/2010 20:37 17744]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [04/10/2010 01:43 767208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 04:59 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [17/03/2009 00:27 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/05/2009 19:00 1684736]
S3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [15/04/2011 17:43 2740224]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [05/05/2009 20:16 232872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-04-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2010-11-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-04-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 66.63.165.11:3128
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PrivacyProvider.dll
DPF: {67084B91-FE65-4032-8A1B-9CEE301A6A95} - hxxp://upload.travelpod.com/includes/ImageUploader6.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-limewire plus+ - c:\program files\Limewire Plus+\limewire.exe
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 09:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1042050900-1176399639-2793042620-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\zenoperegrinus\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d36
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="F5-8ADF-C7BF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\PrivacyProvider.dll
.
Completion time: 2011-04-21 09:47:40
ComboFix-quarantined-files.txt 2011-04-21 06:47
.
Pre-Run: 46,504,931,328 bytes free
Post-Run: 46,699,024,384 bytes free
.
- - End Of File - - 5B1083F93F08D9BF77A4306DBD57E276
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
DDS::
BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [limewire plus+] "c:\program files\limewire plus+\limewire.exe" -h
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}].
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
I have removed the AskBar entries. Please go into Scheduled Tasks and remove this:
2011-04-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 19:44]

When downloading a program, look carefully for any pre checked boxed for bundled siftware. Uncheck all of the boxes before the download.
======================
Please update the following:
Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
===================
You have a locked Registry key. Part of my job to to unlock it to make sure no malware is hidden in it. It has a large number of entries included.
========================================
While I can understand why your location would make you preclude annomity, I am not comfortable with all if the 'unhide IP' entries.
 
I ran the custom script in combofix as directed (pasted below).

Unable to locate Ask files mentioned. The only Ask file I can find is:
c:\program files\Ask.com\btn_search
Should I remove it?

I'm in the process of updating and removing earlier versions of Java and Adobe.

Please let me know how you want me to proceed with the Registry key and 'unhide IP' issues.

Thanks for your help

zeno
----------------------------------------------
ComboFix 11-04-20.03 - zenoperegrinus 23/04/2011 10:08:51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.579 [GMT 3:00]
Running from: c:\documents and settings\zenoperegrinus\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\zenoperegrinus\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-20 07:13 . 2011-04-20 07:13 -------- d-----w- c:\program files\ESET
2011-04-15 14:43 . 2010-01-26 07:24 471040 ----a-w- c:\windows\system32\RegisterLSP.exe
2011-04-15 14:43 . 2010-01-26 07:23 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
2011-04-15 14:43 . 2010-01-26 07:22 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe
2011-04-15 14:43 . 2011-04-15 14:43 -------- d-----w- c:\program files\IP Hider
2011-04-15 13:58 . 2011-04-15 13:58 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-04-15 13:44 . 2011-04-15 13:44 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\AVSoftware
2011-04-15 13:35 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-04-15 13:35 . 2011-04-15 14:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2011-04-15 13:35 . 2011-04-15 14:10 -------- d-----w- c:\program files\Anonymous Web Surfing
2011-04-07 16:25 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2011-04-07 16:25 . 2011-04-11 09:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2011-04-07 16:25 . 2011-04-11 09:02 -------- d-----w- c:\program files\Hide The IP 2010
2011-04-07 16:24 . 2011-04-07 16:24 -------- d-----w- c:\documents and settings\zenoperegrinus\Local Settings\Application Data\PackageAware
2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\RealHideIP
2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP
2011-04-05 20:15 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\ppp.dll
2011-04-05 20:15 . 2010-11-11 10:40 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\mframe.dll
2011-04-05 20:15 . 2011-04-15 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLive
2011-04-03 21:42 . 2011-04-11 09:57 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\Sammsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-04-28 05:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2009-04-28 04:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2009-04-28 04:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2009-04-28 04:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2009-04-28 04:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2009-04-28 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-04-28 04:51 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2009-04-28 04:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2009-04-28 04:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-05 16:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2009-04-28 04:51 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2009-04-28 04:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2009-04-28 04:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2009-04-28 04:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2009-04-28 04:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2009-04-28 05:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-04-28 05:01 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-21_06.39.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 07:59 . 2011-01-11 07:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-01-10 20:03 . 2011-01-10 20:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-10 19:32 . 2011-01-10 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 01:05 . 2011-01-11 01:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 01:23 . 2011-01-11 01:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-10 18:21 . 2011-01-10 18:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-04-23 06:52 . 2011-04-23 06:52 16384 c:\windows\Temp\Perflib_Perfdata_c14.dat
+ 2009-04-28 04:51 . 2011-04-23 06:57 72654 c:\windows\system32\perfc009.dat
- 2009-04-28 04:51 . 2011-04-21 06:16 72654 c:\windows\system32\perfc009.dat
+ 2010-08-20 17:08 . 2011-04-21 11:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-08-20 17:08 . 2011-02-15 21:30 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-01-11 01:27 . 2011-01-11 01:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 01:24 . 2011-01-11 01:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 01:08 . 2011-01-11 01:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
- 2009-04-28 04:51 . 2011-04-21 06:16 444928 c:\windows\system32\perfh009.dat
+ 2009-04-28 04:51 . 2011-04-23 06:57 444928 c:\windows\system32\perfh009.dat
+ 2011-04-21 11:52 . 2011-04-21 11:52 459264 c:\windows\Installer\1375b31.msi
+ 2011-04-21 11:51 . 2011-04-21 11:51 223232 c:\windows\Installer\1375b2c.msi
+ 2011-01-11 07:59 . 2011-01-11 07:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 07:59 . 2011-01-11 07:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-10 19:50 . 2011-01-10 19:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-10 19:50 . 2011-01-10 19:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-04-21 11:52 . 2011-04-21 11:52 20314624 c:\windows\Installer\1375b3b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"IPHider"="c:\program files\IP Hider\IP Hider.exe" [2010-02-26 1560576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-5 376832]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:416082759509
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [04/10/2010 01:43 59240]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/08/2010 20:37 165584]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [20/04/2011 11:42 57144]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [04/10/2010 01:43 169320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/08/2010 20:37 17744]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [04/10/2010 01:43 767208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 04:59 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [17/03/2009 00:27 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/05/2009 19:00 1684736]
S3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [15/04/2011 17:43 2740224]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [05/05/2009 20:16 232872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-04-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2010-11-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = 66.63.165.11:3128
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PrivacyProvider.dll
DPF: {67084B91-FE65-4032-8A1B-9CEE301A6A95} - hxxp://upload.travelpod.com/includes/ImageUploader6.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 10:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1042050900-1176399639-2793042620-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\zenoperegrinus\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d36
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="F5-8ADF-C7BF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\PrivacyProvider.dll
.
- - - - - - - > 'explorer.exe'(1288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-23 10:35:36
ComboFix-quarantined-files.txt 2011-04-23 07:35
ComboFix2.txt 2011-04-21 06:47
.
Pre-Run: 46,038,802,432 bytes free
Post-Run: 46,461,964,288 bytes free
.
- - End Of File - - 8E7826A289CFD836947392559D24162F
 
Due to the large umber of programs you have recently installed and running to hide the IP, I am not comfortable working on your system. I have described what most of these processes can do, but I have no knowledge that they are only being used to make your IP anonymous for legitimate surfing.

The only description you give me of a problem is slow surfing and some files closing. The overkill of processes you have running could surely create some conflict. How can you possibly determine what would work for you if all if the programs are running at the same time?!
==================================
Real Hide IP allows you to surf anonymously, keep your IP address hidden, protect your personal info against hackers and provide full encryption of your online activity, all with a simple click of a button.
2011-04-07 15:40 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\RealHideIP
2011-04-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP

Hide The IP 2010 adds useful-sounding features, such as the ability to Search for IP by Country or Search by Anonymity, but fails to provide any controls--such as a search box or Go button--to actually use them.
2011-04-11 09:02 -------- d-----w- c:\program files\Hide The IP 2010

Anonymous Internet Surfing, hides your IP address, Un-ban yourself from forums and blogs, Anonymously surf websites which are restricted for your country. Hide your IP on forums on which you were banned. Send Anonymous Emails - .
2011-04-15 14:10 -------- d-----w- c:\program files\Anonymous Web Surfing>

IP Hider is Anonymous Proxy that will help you open up blocked websites from school, work, library, or any other firewall protected place. Unblock myspace, orkut, bebo, hi5 and other websites.
2011-04-15 14:43 -------- d-----w- c:\program files\IP Hider>
SpOrder can be either legitimate or malware. It's used to investigate the LSP chain order.:
2011-04-15 13:58 8704 ----a-w- c:\windows\system32\SpOrder.dll
[BFile sporder.dll is related to ]adware WebHancer.[/B]
File sporder.dll is related to NetSonic.> This illegal advertising program belongs to the adware category. It is designed to receive and display relevant commercial advertisements in various pop-ups, web browser windows or toolbars.
NetSonic properties:
• Shows commercial adverts
• Stays resident in background

File sporder.dll is related to webHancer.> webHancer is a spyware parasite that records addresses of user visited web sites and sends gathered data to predetermined remote servers.
webHancer properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background
S3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [15/04/2011 17:43 2740224]
2010-01-26 07:23 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
2011-04-15 14:43 . 2010-01-26 07:22 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe

Thought to belong to Hide My IP. Usually shows as 'unknown file in WinsockLSP.'
2011-04-07 16:25 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2011-04-15 13:44 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\AVSoftware
2011-04-15 13:44:48 -------- d-----w- c:\docume~1\zenope~1\applic~1\AVSoftware
2011-04-15 13:35:37 303240 ----a-w- c:\windows\system32\AVLib.dll

You would need to remove all of these to be able to get any kind of malware review. You can run this online virus scan- if it will run:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Status
Not open for further replies.
Back