TechSpot

[Closed] Threat of possible malware - 8 step plan completed - logs pasted

By zenoperegrinus
Apr 19, 2011
Topic Status:
Not open for further replies.
  1. Hi guys,

    I think I may have malware on my machine again. It's started running slow and some files have stopped running completely. I've followed the 8 step plan. Please find the (4) log files below.

    Much appreciated

    Zeno

    -----------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6395

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    19/04/2011 11:06:47
    mbam-log-2011-04-19 (11-06-47).txt

    Scan type: Quick scan
    Objects scanned: 149144
    Time elapsed: 8 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -----------------------
    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-19 11:13:40
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0303
    Running: 3r6m53n7.exe; Driver: C:\DOCUME~1\ZENOPE~1\LOCALS~1\Temp\kxrirpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA2110BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA21109D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA2110B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    -----------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 26/08/2009 17:19:18
    System Uptime: 19/04/2011 09:42:27 (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 1005HA
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 43.424 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP183: 19/01/2011 19:03:18 - System Checkpoint
    RP184: 21/01/2011 23:50:18 - System Checkpoint
    RP185: 22/01/2011 23:58:51 - System Checkpoint
    RP186: 25/01/2011 14:38:13 - System Checkpoint
    RP187: 28/01/2011 00:49:10 - System Checkpoint
    RP188: 30/01/2011 01:29:24 - System Checkpoint
    RP189: 31/01/2011 01:56:01 - System Checkpoint
    RP190: 02/02/2011 00:48:37 - System Checkpoint
    RP191: 04/02/2011 11:42:51 - System Checkpoint
    RP192: 06/02/2011 15:20:49 - System Checkpoint
    RP193: 10/02/2011 09:23:50 - System Checkpoint
    RP194: 10/02/2011 17:43:23 - Software Distribution Service 3.0
    RP195: 11/02/2011 18:55:06 - System Checkpoint
    RP196: 12/02/2011 23:24:48 - System Checkpoint
    RP197: 14/02/2011 09:23:27 - System Checkpoint
    RP198: 15/02/2011 12:44:03 - System Checkpoint
    RP199: 16/02/2011 00:28:11 - Software Distribution Service 3.0
    RP200: 16/02/2011 11:24:03 - Removed Ask Toolbar.
    RP201: 17/02/2011 14:50:20 - System Checkpoint
    RP202: 18/02/2011 17:09:25 - System Checkpoint
    RP203: 19/02/2011 23:36:36 - System Checkpoint
    RP204: 21/02/2011 00:06:56 - System Checkpoint
    RP205: 23/02/2011 11:46:46 - System Checkpoint
    RP206: 25/02/2011 01:02:50 - System Checkpoint
    RP207: 26/02/2011 10:42:38 - System Checkpoint
    RP208: 27/02/2011 00:48:23 - Software Distribution Service 3.0
    RP209: 28/02/2011 11:51:57 - System Checkpoint
    RP210: 02/03/2011 13:35:30 - System Checkpoint
    RP211: 03/03/2011 23:23:00 - System Checkpoint
    RP212: 06/03/2011 13:58:39 - System Checkpoint
    RP213: 09/03/2011 14:36:22 - Software Distribution Service 3.0
    RP214: 11/03/2011 12:50:46 - System Checkpoint
    RP215: 14/03/2011 12:23:49 - System Checkpoint
    RP216: 15/03/2011 18:17:18 - System Checkpoint
    RP217: 17/03/2011 10:25:16 - System Checkpoint
    RP218: 18/03/2011 13:30:43 - System Checkpoint
    RP219: 22/03/2011 11:00:21 - System Checkpoint
    RP220: 23/03/2011 11:53:56 - System Checkpoint
    RP221: 24/03/2011 12:00:25 - Software Distribution Service 3.0
    RP222: 25/03/2011 13:58:25 - System Checkpoint
    RP223: 27/03/2011 10:50:40 - System Checkpoint
    RP224: 28/03/2011 13:53:00 - System Checkpoint
    RP225: 29/03/2011 14:05:37 - System Checkpoint
    RP226: 31/03/2011 18:58:01 - System Checkpoint
    RP227: 03/04/2011 14:20:35 - System Checkpoint
    RP228: 04/04/2011 00:38:42 - ARO 2011 - Before Installation
    RP229: 04/04/2011 00:42:57 - ARO 2011 - FIRST RUN
    RP230: 05/04/2011 10:33:46 - System Checkpoint
    RP231: 06/04/2011 14:20:34 - System Checkpoint
    RP232: 08/04/2011 12:49:27 - System Checkpoint
    RP233: 10/04/2011 10:45:26 - System Checkpoint
    RP234: 11/04/2011 10:50:31 - System Checkpoint
    RP235: 12/04/2011 11:49:27 - System Checkpoint
    RP236: 14/04/2011 00:43:41 - System Checkpoint
    RP237: 15/04/2011 11:05:06 - System Checkpoint
    RP238: 15/04/2011 12:00:48 - Software Distribution Service 3.0
    RP239: 16/04/2011 12:10:39 - Software Distribution Service 3.0
    RP240: 19/04/2011 01:17:01 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP BiDi Channel Components Installer
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Altitude
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    ASUSUpdate for Eee PC
    Atheros Client Installation Program
    avast! Free Antivirus
    Azurewave Wireless LAN Card
    Bonjour
    CM 03-04 Demo
    Compatibility Pack for the 2007 Office system
    Data Sync
    EasyZip
    Eee Docking 1.3.1.0
    EeePC_1005HA Screen Saver
    EzMessenger
    FontResizer
    Football Manager 2010
    Foxit Reader
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP LaserJet P4010_P4510 Series
    Intel(R) Graphics Media Accelerator Driver
    IP Hider 4.9
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Spanish) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (Spanish) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office InfoPath MUI (Spanish) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (Spanish) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (Spanish) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Spanish) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (Spanish) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (Spanish) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MSVCRT
    QuickTime
    Rapport
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype™ 5.1
    Steam
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 UVC Camera Device
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18/04/2011 23:04:07, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    18/04/2011 23:04:07, error: Service Control Manager [7034] - The PrivacyProvider service terminated unexpectedly. It has done this 1 time(s).
    18/04/2011 23:04:06, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    18/04/2011 23:04:06, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    18/04/2011 23:04:06, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    18/04/2011 23:04:06, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    18/04/2011 23:04:03, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
    18/04/2011 10:43:40, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    15/04/2011 17:09:18, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    14/04/2011 14:41:53, error: System Error [1003] - Error code 10000050, parameter1 96d2291c, parameter2 00000001, parameter3 f736ec20, parameter4 00000000.
    14/04/2011 14:41:50, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8053ba38, parameter3 a9acfc08, parameter4 00000000.
    14/04/2011 14:41:30, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805bc23d, parameter3 a90f1b64, parameter4 00000000.
    14/04/2011 14:41:25, error: System Error [1003] - Error code 10000050, parameter1 94e5703c, parameter2 00000001, parameter3 f732e7e6, parameter4 00000000.
    14/04/2011 14:41:22, error: System Error [1003] - Error code 100000d1, parameter1 ea470bf1, parameter2 00000002, parameter3 00000001, parameter4 aa089489.
    14/04/2011 14:40:58, error: System Error [1003] - Error code 100000d1, parameter1 e13c5000, parameter2 0000001c, parameter3 00000001, parameter4 9ea6d41d.
    14/04/2011 14:40:01, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by zenoperegrinus at 11:31:34.89 on 19/04/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.555 [GMT 3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\PrivacyProvider.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\zenoperegrinus\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 66.63.165.11:3128
    uInternet Settings,ProxyOverride = local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [limewire plus+] "c:\program files\limewire plus+\limewire.exe" -h
    uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IPHider] c:\program files\ip hider\IP Hider.exe
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\PrivacyProvider.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {67084B91-FE65-4032-8A1B-9CEE301A6A95} - hxxp://upload.travelpod.com/includes/ImageUploader6.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-19 165584]
    R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-19 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 40384]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-5 54752]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-28 38912]
    R3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [2011-4-15 2740224]
    R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-17 39040]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-5 1684736]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 40384]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-5 232872]
    .
    =============== Created Last 30 ================
    .
    2011-04-15 14:43:07 471040 ----a-w- c:\windows\system32\RegisterLSP.exe
    2011-04-15 14:43:07 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe
    2011-04-15 14:43:07 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
    2011-04-15 14:43:00 -------- d-----w- c:\program files\IP Hider
    2011-04-15 13:58:34 8704 ----a-w- c:\windows\system32\SpOrder.dll
    2011-04-15 13:44:48 -------- d-----w- c:\docume~1\zenope~1\applic~1\AVSoftware
    2011-04-15 13:35:37 303240 ----a-w- c:\windows\system32\AVLib.dll
    2011-04-15 13:35:31 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~1
    2011-04-15 13:35:29 -------- d-----w- c:\program files\Anonymous Web Surfing
    2011-04-07 16:25:26 202048 ----a-w- c:\windows\system32\AVLibrary.dll
    2011-04-07 16:25:22 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~0
    2011-04-07 16:25:18 -------- d-----w- c:\program files\Hide The IP 2010
    2011-04-07 16:24:40 -------- d-----w- c:\docume~1\zenope~1\locals~1\applic~1\PackageAware
    2011-04-07 15:40:00 -------- d-----w- c:\docume~1\zenope~1\applic~1\RealHideIP
    2011-04-07 15:40:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\RealHideIP
    2011-04-05 20:15:04 312768 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.13\ppp.dll
    2011-04-05 20:15:03 624056 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.13\mframe.dll
    2011-04-05 20:15:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\PPLive
    2011-04-03 21:42:43 -------- d-----w- c:\docume~1\zenope~1\applic~1\Sammsoft
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 11:32:49.90 ===============
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! IT would help if you could be more descriptive of the problems.

    Question: Is this your ISP> OC3 Networks & Web Solutions, LLC
    Do they require a proxy?
    ============================
    Please disable or uninstall LimeWire and any other file sharing programs you have while I am helping clean the system:
    ============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ======================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  3. zenoperegrinus

    zenoperegrinus TS Rookie Topic Starter

    Thanks Bobbye,

    Please find the logs below.
    -----------------------------------

    C:\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application
    -----------------------------------

    ComboFix 11-04-20.03 - zenoperegrinus 21/04/2011 9:25.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.589 [GMT 3:00]
    Running from: c:\documents and settings\zenoperegrinus\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\zenoperegrinus\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\zenoperegrinus\Application Data\Tiweox
    c:\documents and settings\zenoperegrinus\Application Data\Tiweox\nawee.tmp
    c:\documents and settings\zenoperegrinus\Application Data\Tiweox\nawee.uqb
    c:\documents and settings\zenoperegrinus\WINDOWS
    c:\windows\Downloaded Program Files\Install.inf
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-20 07:13 . 2011-04-20 07:13 -------- d-----w- c:\program files\ESET
    2011-04-15 14:43 . 2010-01-26 07:24 471040 ----a-w- c:\windows\system32\RegisterLSP.exe
    2011-04-15 14:43 . 2010-01-26 07:23 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
    2011-04-15 14:43 . 2010-01-26 07:22 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe
    2011-04-15 14:43 . 2011-04-15 14:43 -------- d-----w- c:\program files\IP Hider
    2011-04-15 13:58 . 2011-04-15 13:58 8704 ----a-w- c:\windows\system32\SpOrder.dll
    2011-04-15 13:44 . 2011-04-15 13:44 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\AVSoftware
    2011-04-15 13:35 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
    2011-04-15 13:35 . 2011-04-15 14:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
    2011-04-15 13:35 . 2011-04-15 14:10 -------- d-----w- c:\program files\Anonymous Web Surfing
    2011-04-07 16:25 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
    2011-04-07 16:25 . 2011-04-11 09:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2011-04-07 16:25 . 2011-04-11 09:02 -------- d-----w- c:\program files\Hide The IP 2010
    2011-04-07 16:24 . 2011-04-07 16:24 -------- d-----w- c:\documents and settings\zenoperegrinus\Local Settings\Application Data\PackageAware
    2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\RealHideIP
    2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP
    2011-04-05 20:15 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\ppp.dll
    2011-04-05 20:15 . 2010-11-11 10:40 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\mframe.dll
    2011-04-05 20:15 . 2011-04-15 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLive
    2011-04-03 21:42 . 2011-04-11 09:57 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\Sammsoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2009-04-28 05:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2009-04-28 04:51 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2009-04-28 04:51 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2009-04-28 04:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2009-04-28 04:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2009-04-28 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2009-04-28 04:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2009-04-28 04:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2009-04-28 04:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-05-05 16:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2009-04-28 04:51 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2009-04-28 04:51 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2009-04-28 04:51 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2009-04-28 04:51 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2009-04-28 04:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2009-04-28 05:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2009-04-28 05:01 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2009-04-28 04:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 19:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
    "Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
    "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
    "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "IPHider"="c:\program files\IP Hider\IP Hider.exe" [2010-02-26 1560576]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-5 376832]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:416082759509
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [04/10/2010 01:43 59240]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/08/2010 20:37 165584]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [20/04/2011 11:42 57144]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [04/10/2010 01:43 169320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/08/2010 20:37 17744]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [04/10/2010 01:43 767208]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 04:59 38912]
    R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [17/03/2009 00:27 39040]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/05/2009 19:00 1684736]
    S3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [15/04/2011 17:43 2740224]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [05/05/2009 20:16 232872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-04-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    2010-11-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    2011-04-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 19:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 66.63.165.11:3128
    uInternet Settings,ProxyOverride = local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\PrivacyProvider.dll
    DPF: {67084B91-FE65-4032-8A1B-9CEE301A6A95} - hxxp://upload.travelpod.com/includes/ImageUploader6.cab
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-limewire plus+ - c:\program files\Limewire Plus+\limewire.exe
    HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-21 09:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1042050900-1176399639-2793042620-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "GameDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
    "ShortlistDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
    "ScreenshotsDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010"
    "SaveDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\"
    "HistoryDir"="c:\\Documents and Settings\\zenoperegrinus\\Desktop\\FM Genie Scout 10\\History Points"
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\db\\1000\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009d36
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000072
    "UniqueID"="F5-8ADF-C7BF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(868)
    c:\windows\system32\PrivacyProvider.dll
    .
    Completion time: 2011-04-21 09:47:40
    ComboFix-quarantined-files.txt 2011-04-21 06:47
    .
    Pre-Run: 46,504,931,328 bytes free
    Post-Run: 46,699,024,384 bytes free
    .
    - - End Of File - - 5B1083F93F08D9BF77A4306DBD57E276
  4. zenoperegrinus

    zenoperegrinus TS Rookie Topic Starter

    Yes, a proxy is required. I've been testing some IP hiders and was going to go with All Anonymity.
  5. zenoperegrinus

    zenoperegrinus TS Rookie Topic Starter

    I'm currently in KSA.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    DDS::
    BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [limewire plus+] "c:\program files\limewire plus+\limewire.exe" -h
    uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}].
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    I have removed the AskBar entries. Please go into Scheduled Tasks and remove this:
    2011-04-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 19:44]

    When downloading a program, look carefully for any pre checked boxed for bundled siftware. Uncheck all of the boxes before the download.
    ======================
    Please update the following:
    Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
    ===================
    You have a locked Registry key. Part of my job to to unlock it to make sure no malware is hidden in it. It has a large number of entries included.
    ========================================
    While I can understand why your location would make you preclude annomity, I am not comfortable with all if the 'unhide IP' entries.
  7. zenoperegrinus

    zenoperegrinus TS Rookie Topic Starter

    I ran the custom script in combofix as directed (pasted below).

    Unable to locate Ask files mentioned. The only Ask file I can find is:
    c:\program files\Ask.com\btn_search
    Should I remove it?

    I'm in the process of updating and removing earlier versions of Java and Adobe.

    Please let me know how you want me to proceed with the Registry key and 'unhide IP' issues.

    Thanks for your help

    zeno
    ----------------------------------------------
    ComboFix 11-04-20.03 - zenoperegrinus 23/04/2011 10:08:51.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.579 [GMT 3:00]
    Running from: c:\documents and settings\zenoperegrinus\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\zenoperegrinus\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-20 07:13 . 2011-04-20 07:13 -------- d-----w- c:\program files\ESET
    2011-04-15 14:43 . 2010-01-26 07:24 471040 ----a-w- c:\windows\system32\RegisterLSP.exe
    2011-04-15 14:43 . 2010-01-26 07:23 258048 ----a-w- c:\windows\system32\PrivacyProvider.dll
    2011-04-15 14:43 . 2010-01-26 07:22 2740224 ----a-w- c:\windows\system32\PrivacyProvider.exe
    2011-04-15 14:43 . 2011-04-15 14:43 -------- d-----w- c:\program files\IP Hider
    2011-04-15 13:58 . 2011-04-15 13:58 8704 ----a-w- c:\windows\system32\SpOrder.dll
    2011-04-15 13:44 . 2011-04-15 13:44 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\AVSoftware
    2011-04-15 13:35 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
    2011-04-15 13:35 . 2011-04-15 14:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
    2011-04-15 13:35 . 2011-04-15 14:10 -------- d-----w- c:\program files\Anonymous Web Surfing
    2011-04-07 16:25 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
    2011-04-07 16:25 . 2011-04-11 09:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2011-04-07 16:25 . 2011-04-11 09:02 -------- d-----w- c:\program files\Hide The IP 2010
    2011-04-07 16:24 . 2011-04-07 16:24 -------- d-----w- c:\documents and settings\zenoperegrinus\Local Settings\Application Data\PackageAware
    2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\RealHideIP
    2011-04-07 15:40 . 2011-04-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP
    2011-04-05 20:15 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\ppp.dll
    2011-04-05 20:15 . 2010-11-11 10:40 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.13\mframe.dll
    2011-04-05 20:15 . 2011-04-15 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLive
    2011-04-03 21:42 . 2011-04-11 09:57 -------- d-----w- c:\documents and settings\zenoperegrinus\Application Data\Sammsoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2009-04-28 05:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2009-04-28 04:51 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2009-04-28 04:51 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2009-04-28 04:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2009-04-28 04:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2009-04-28 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2009-04-28 04:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2009-04-28 04:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2009-04-28 04:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-05-05 16:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2009-04-28 04:51 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2009-04-28 04:51 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2009-04-28 04:51 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2009-04-28 04:51 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2009-04-28 04:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2009-04-28 05:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2009-04-28 05:01 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-21_06.39.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-11 07:59 . 2011-01-11 07:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
    + 2011-01-10 20:03 . 2011-01-10 20:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
    + 2011-01-10 19:32 . 2011-01-10 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
    + 2011-01-11 01:05 . 2011-01-11 01:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
    + 2011-01-11 01:23 . 2011-01-11 01:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
    + 2011-01-10 18:21 . 2011-01-10 18:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
    + 2011-04-23 06:52 . 2011-04-23 06:52 16384 c:\windows\Temp\Perflib_Perfdata_c14.dat
    + 2009-04-28 04:51 . 2011-04-23 06:57 72654 c:\windows\system32\perfc009.dat
    - 2009-04-28 04:51 . 2011-04-21 06:16 72654 c:\windows\system32\perfc009.dat
    + 2010-08-20 17:08 . 2011-04-21 11:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-08-20 17:08 . 2011-02-15 21:30 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
    + 2011-01-11 01:27 . 2011-01-11 01:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
    + 2011-01-11 01:24 . 2011-01-11 01:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
    + 2011-01-11 01:08 . 2011-01-11 01:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
    - 2009-04-28 04:51 . 2011-04-21 06:16 444928 c:\windows\system32\perfh009.dat
    + 2009-04-28 04:51 . 2011-04-23 06:57 444928 c:\windows\system32\perfh009.dat
    + 2011-04-21 11:52 . 2011-04-21 11:52 459264 c:\windows\Installer\1375b31.msi
    + 2011-04-21 11:51 . 2011-04-21 11:51 223232 c:\windows\Installer\1375b2c.msi
    + 2011-01-11 07:59 . 2011-01-11 07:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
    + 2011-01-11 07:59 . 2011-01-11 07:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
    + 2011-01-10 19:50 . 2011-01-10 19:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
    + 2011-01-10 19:50 . 2011-01-10 19:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
    + 2011-04-21 11:52 . 2011-04-21 11:52 20314624 c:\windows\Installer\1375b3b.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
    "Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
    "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
    "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "IPHider"="c:\program files\IP Hider\IP Hider.exe" [2010-02-26 1560576]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-5 376832]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:416082759509
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [04/10/2010 01:43 59240]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/08/2010 20:37 165584]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [20/04/2011 11:42 57144]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [04/10/2010 01:43 169320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/08/2010 20:37 17744]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [04/10/2010 01:43 767208]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 04:59 38912]
    R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [17/03/2009 00:27 39040]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/05/2009 19:00 1684736]
    S3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [15/04/2011 17:43 2740224]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [05/05/2009 20:16 232872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-04-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    2010-11-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1042050900-1176399639-2793042620-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyServer = 66.63.165.11:3128
    uInternet Settings,ProxyOverride = local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\PrivacyProvider.dll
    DPF: {67084B91-FE65-4032-8A1B-9CEE301A6A95} - hxxp://upload.travelpod.com/includes/ImageUploader6.cab
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-23 10:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1042050900-1176399639-2793042620-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "GameDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
    "ShortlistDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
    "ScreenshotsDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010"
    "SaveDir"="c:\\Documents and Settings\\zenoperegrinus\\My Documents\\Sports Interactive\\Football Manager 2010\\"
    "HistoryDir"="c:\\Documents and Settings\\zenoperegrinus\\Desktop\\FM Genie Scout 10\\History Points"
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\db\\1000\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009d36
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000072
    "UniqueID"="F5-8ADF-C7BF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(860)
    c:\windows\system32\PrivacyProvider.dll
    .
    - - - - - - - > 'explorer.exe'(1288)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-04-23 10:35:36
    ComboFix-quarantined-files.txt 2011-04-23 07:35
    ComboFix2.txt 2011-04-21 06:47
    .
    Pre-Run: 46,038,802,432 bytes free
    Post-Run: 46,461,964,288 bytes free
    .
    - - End Of File - - 8E7826A289CFD836947392559D24162F
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Due to the large umber of programs you have recently installed and running to hide the IP, I am not comfortable working on your system. I have described what most of these processes can do, but I have no knowledge that they are only being used to make your IP anonymous for legitimate surfing.

    The only description you give me of a problem is slow surfing and some files closing. The overkill of processes you have running could surely create some conflict. How can you possibly determine what would work for you if all if the programs are running at the same time?!
    ==================================
    You would need to remove all of these to be able to get any kind of malware review. You can run this online virus scan- if it will run:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.