TechSpot

Is my computer clean?

By necee99
Jul 25, 2012
  1. a few weeks ago, I received a message on my avast antivirus that it found 3 root kits. and it deleted them I think. this computer has been infected before. I just want to make sure it is all clean. here are my logs.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-25 13:09:18
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16
    Running: h22m5dwy.exe; Driver: C:\DOCUME~1\Bernice\LOCALS~1\Temp\kxtdqpod.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE0C1162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE0C0FCD]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE169744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.25.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Bernice :: WELLS [administrator]

    7/25/2012 12:16:21 PM
    mbam-log-2012-07-25 (12-16-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203762
    Time elapsed: 9 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Bernice at 14:05:57 on 2012-07-25
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.127 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
    svchost.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.suddenlink.net/
    uSearch Page =
    uSearch Bar =
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    mSearchAssistant =
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Suddenlink Toolbar: {a057a204-bacc-4d26-d298-35efc2a62dd7} - c:\progra~1\sudden~1\SUDDEN~1.DLL
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Suddenlink Toolbar: {a057a204-bacc-4d26-d298-35efc2a62dd7} - c:\progra~1\sudden~1\SUDDEN~1.DLL
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [VX3000] c:\windows\vVX3000.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266626922265
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1FB8F1BE-79B5-4B82-9E9B-D2FD2DA8D8A9} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{234CE2A2-FABA-4E14-8E93-F1C70A5338E7} : DhcpNameServer = 192.168.0.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bernice\application data\mozilla\firefox\profiles\jr4bztd0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://home.suddenlink.net/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-13 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-13 353688]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-13 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-13 44808]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-2-25 95232]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2012-7-20 20480]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2012-7-20 588032]
    S2 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2012-7-20 167936]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
    S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\odwgu.sys --> c:\windows\system32\drivers\ODWGU.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-21 01:06:40 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-07-21 01:06:19 -------- d-----w- c:\documents and settings\all users\application data\D-Link
    2012-07-21 01:05:59 20480 ----a-w- c:\windows\system32\wlndis50.sys
    2012-07-21 01:05:59 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys
    2012-07-21 01:05:58 -------- d-----w- c:\program files\D-Link
    2012-07-21 01:05:12 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2012-07-21 01:05:12 -------- d-----w- c:\windows\pcidevice
    2012-07-04 01:25:05 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-07-04 01:10:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-07-04 01:10:53 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    ==================== Find3M ====================
    .
    2012-07-20 05:17:59 230840 ----a-r- c:\windows\system32\cpnprt2.cid
    2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-07 23:15:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-07 23:15:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 14:07:27.96 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/17/2010 10:51:56 PM
    System Uptime: 7/25/2012 10:54:48 AM (4 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0N6381
    Processor: Intel(R) Celeron(R) CPU 2.66GHz | Microprocessor | 2660/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 34 GiB total, 9.456 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
    Service: E100B
    .
    ==== System Restore Points ===================
    .
    RP256: 6/15/2012 8:35:32 PM - System Checkpoint
    RP257: 6/16/2012 11:01:09 PM - System Checkpoint
    RP258: 6/19/2012 10:23:41 AM - System Checkpoint
    RP259: 6/20/2012 10:41:09 PM - System Checkpoint
    RP260: 6/25/2012 8:52:02 PM - System Checkpoint
    RP261: 7/1/2012 11:40:21 PM - System Checkpoint
    RP262: 7/3/2012 7:58:11 PM - Restore Operation
    RP263: 7/3/2012 9:04:15 PM - Software Distribution Service 3.0
    RP264: 7/10/2012 2:59:06 PM - System Checkpoint
    RP265: 7/11/2012 9:35:45 PM - System Checkpoint
    RP266: 7/11/2012 11:57:41 PM - Software Distribution Service 3.0
    RP267: 7/14/2012 5:56:02 PM - System Checkpoint
    RP268: 7/17/2012 8:37:43 PM - System Checkpoint
    RP269: 7/20/2012 8:05:58 PM - Installed D-Link DWA-130 Wireless N USB Adapter
    RP270: 7/21/2012 8:17:58 PM - Configured Ativa Wireless USB Utility
    RP271: 7/24/2012 9:32:26 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 7.0
    avast! Free Antivirus
    BufferChm
    CCleaner
    Copy
    Coupon Printer for Windows
    Creative MediaSource
    Creative Removable Disk Manager
    Creative System Information
    Creative Zen Sleek Photo
    D-Link DWA-130 Wireless N USB Adapter
    Dell Driver Reset Tool
    Dell Picture Studio v3.0
    Dell Support 5.0.0 (630)
    Destinations
    DeviceDiscovery
    DJ_AIO_06_F2400_SW_Min
    F2400
    Free Audio Converter version 2.2.17.426
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HP Customer Participation Program 13.0
    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    hpWLPGInstaller
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Java Auto Updater
    Java(TM) 6 Update 23
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    McAfee SiteAdvisor
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation
    Microsoft Default Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft LifeCam
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Word 97
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OpenOffice.org 3.1
    PowerDVD 5.3
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923789)
    Skype Toolbars
    Skype™ 5.1
    SmartWebPrinting
    SolutionCenter
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Status
    Suddenlink Toolbar
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2718704)
    Vivitar Experience Image Manager
    Watchtower Library 2011 - English
    Watchtower Library 2011 - español
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WordPerfect Office 12
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/25/2012 12:39:22 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    7/25/2012 12:37:47 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    7/24/2012 9:11:52 PM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 0018E7D7F8A9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Are you having any current issues?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. necee99

    necee99 TS Enthusiast Topic Starter Posts: 139

    It gave me a blue screen a couple of times. but comes back after a reboot. I want to make sure there is no hidden viruses or malware. did you see anything odd? I will get the combo fix done asap. thanks so much for your help.
     
  4. necee99

    necee99 TS Enthusiast Topic Starter Posts: 139

    ComboFix 12-07-26.04 - Bernice 07/25/2012 22:16:39.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.280 [GMT -5:00]
    Running from: c:\documents and settings\Bernice\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Bernice\My Documents\~WRL0001.tmp
    c:\documents and settings\Bernice\My Documents\~WRL0004.tmp
    c:\documents and settings\Bernice\My Documents\~WRL0209.tmp
    C:\Install.exe
    c:\windows\system32\BSTIEPrintCtl1.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-21 01:06 . 2012-07-21 01:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-07-21 01:06 . 2012-07-21 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\D-Link
    2012-07-21 01:05 . 2008-02-27 15:54 20480 ----a-w- c:\windows\system32\wlndis50.sys
    2012-07-21 01:05 . 2008-02-27 15:54 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys
    2012-07-21 01:05 . 2012-07-21 01:05 -------- d-----w- c:\program files\D-Link
    2012-07-21 01:05 . 2012-07-21 01:05 -------- d-----w- c:\windows\pcidevice
    2012-07-21 01:05 . 2009-08-06 03:23 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2012-07-21 01:05 . 2012-07-21 01:05 -------- d-----w- c:\documents and settings\Bernice\Application Data\InstallShield
    2012-07-04 01:25 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-07-04 01:10 . 2012-07-04 01:10 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-20 05:17 . 2011-04-18 22:49 230840 ----a-r- c:\windows\system32\cpnprt2.cid
    2012-07-03 18:46 . 2011-03-05 05:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 16:21 . 2012-03-14 02:09 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2012-03-14 02:09 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2012-03-14 02:09 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2012-03-14 02:09 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-07-03 16:21 . 2012-03-14 02:09 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2012-03-14 02:09 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-07-03 16:21 . 2012-03-14 02:09 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-07-03 16:21 . 2012-03-14 02:09 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-07-03 16:21 . 2011-03-05 05:49 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2012-03-14 02:08 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2004-08-04 11:00 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2004-08-04 11:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2004-08-04 11:00 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2004-08-04 11:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2004-08-04 11:00 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2004-08-04 11:00 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2004-08-04 11:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2010-02-20 01:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2010-02-20 01:53 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18 . 2009-08-07 01:23 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-07 23:15 . 2012-05-07 23:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-07 23:15 . 2011-07-30 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-04 13:12 . 2005-03-30 01:23 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2005-03-30 01:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2004-08-04 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-05-07 23:18 . 2011-12-08 06:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-D298-35EFC2A62DD7}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
    Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-7-20 505152]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-10-12 22:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-01-26 23:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-06-30 19:33 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    .
    R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [3/13/2012 9:09 PM 721000]
    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/13/2012 9:09 PM 353688]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [3/13/2012 9:09 PM 21256]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/25/2010 1:07 PM 95232]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\SYSTEM32\DRIVERS\WLNdis50.sys [7/20/2012 8:05 PM 20480]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\SYSTEM32\DRIVERS\RTL8192su.sys [7/20/2012 8:05 PM 588032]
    S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [7/20/2012 8:05 PM 167936]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 6:19 PM 129976]
    S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\DRIVERS\ODWGU.sys --> c:\windows\system32\DRIVERS\ODWGU.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 23:15]
    .
    2012-07-26 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-04 16:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.suddenlink.net/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Bernice\Application Data\Mozilla\Firefox\Profiles\jr4bztd0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://home.suddenlink.net/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-25 22:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-07-25 22:43:08
    ComboFix-quarantined-files.txt 2012-07-26 03:43
    .
    Pre-Run: 9,984,999,424 bytes free
    Post-Run: 10,304,851,968 bytes free
    .
    - - End Of File - - 522AC250D831780DCCD430317FE86561
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I don't see much there.

    You should be good to go :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...