Resolved More problems...

[Mazrim]

So I just got a hand here in this forum about my desktop system that got infected with a virus. Well, somehow, it's acting funny again.

I have gone to the following websites: iupui.edu (indiana/purdue university); supergiant games.com; crate entertainment.com (for the game "Grim Dawn", from the makers of Titan Quest); and aeriagames.com (for Shin Megami Tensei Online).

This morning, I decided to scan the system using Avira. Last nigh, I had emptied my temp files using TFC, and had scanned the system using mbam. Everything was clean it appeared.

Now, however, anytime I bring up Firefox, a web page comes up, but nothing loads. I can't go to any websites, either. It's almost like I'm being hit with a Dos.

This is getting retarded: I'm half tempted to reformat, but I really can't lose the work I've done for this semester.

 

[Bobbye]

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Edit: Broni had your system all cleaned up 5 days ago!. If you can't download now, use a flash drive for download, install on problem system.

About that hard reset: Instead of doing that, use the Event Viewer to see what's hanging. For instance> my laptop was closed but I heard the drive running. I open the latop and saw message that print spooler was hanging, preventing it from going into Stand By. Fixed that, next time worked fine.

 

[Mazrim]

Sorry I've been busy with exams this week. I can deal with my problem system most likely Saturday this week, if that's ok.

 

[Bobbye]

That's good for me- have had internet problems. Post when ready! Good luck on exams!

 

[Mazrim]

Ok, so here's the deal: The system still hangs, but only during a specific circumstance. If I ever have to soft reboot (i.e.: Windows Update, etc), there's absolutely no problem, system boots right away.

It's when I turn it on for the 1st time for the day after I've had it turned off for the night where it hangs, or in other words, after a full system shut down, upon powering back up, the system hangs until I hit the reset button, then all is well.

Also, when gaming, at random times the system will blue screen. Drivers for the video card are up to date.

I took a look at the event logs for my system, but didn't see anything outside the blue screen error (looked in the error files and only saw the system stop for a gupdate error which I assume the "g" stands for graphics).

I will run through the cleaning steps again and post my new results as soon as I can, but am afraid that turning my Avira off will allow a worm it detected (which I think is a false positive because it's detecting my photo shop pro studio software as the Kolbac.ixm worm, but seeing as my other system got trashed BY a worm, I'm not too trusting right now). The BIGGER problem is that my girlfriend clicked on "restore object" after seeing the file path and file scanned before I could say anything (like "STOP!").

If you have any ideas in light of these issues, please let me know. I'll wait for a reply before tearing back into my system. I just don't want to let something loose on accident.

 

[Bobbye]

You don't have to turn Avira off to run the preliminary steps, which is where we should start. I can't do anything until I see those logs.

 

[Mazrim]

Sorry for the delay, please give me a bit more time to go re-do the 8 steps and post the logs. Things at home at the moment are chaotic, so I won't have much time during the week to get things done.

 

[Bobbye]

No problem! I have been running behind also. Post the logs when ready.

 

[Mazrim]

Ok sorry I took so long since posting this: Between final exams, professors at IU botching grades, and looking for a summer job in my field of study, things got out of hand.

I will run the steps again and post them by Tuesday. There's a new development in that my system now resets at random, especially when playing any games (my sons showed me this while playing Vindictus). So as I was scanning for spyware earlier, it reset again while in mid-scan. I really cant afford another PSU (I hope that's not the problem), seeing as they run a king's ransom for a quality unit.

 

[Bobbye]

Goodness! After all that, returning to the malware forum should be welcomed! If you downloaded the programs earlier, be sure to update before running.

Post logs when ready. We'll see what shows up and if the reboot are related. If they are happening during gaming, it could be a RAM issue. Be sure to reboot occasionally to free up the RAM and don't have other active Windows open when gaming.

 

[Mazrim]

Ok, sorry I didnt get it up Tuesday. We had bad storms blow through so I thought it'd be safer to have the system unplugged. Here we go:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6684

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/26/2011 10:55:17 AM
mbam-log-2011-05-26 (10-55-17).txt

Scan type: Quick scan
Objects scanned: 208480
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 13:35:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD6400AAKS-00E4A0 rev.05.01D05
Running: ihkt1ftz.exe; Driver: C:\DOCUME~1\ED1EBC~1.KID\LOCALS~1\Temp\pxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT BA7C78DE ZwCreateKey
SSDT BA7C78D4 ZwCreateThread
SSDT BA7C78E3 ZwDeleteKey
SSDT BA7C78ED ZwDeleteValueKey
SSDT BA7C78F2 ZwLoadKey
SSDT BA7C78C0 ZwOpenProcess
SSDT BA7C78C5 ZwOpenThread
SSDT BA7C78FC ZwReplaceKey
SSDT BA7C78F7 ZwRestoreKey
SSDT BA7C78E8 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes CALL 990AC4D9
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB50D1000, 0x2A1A98, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA8CD6280]
? C:\WINDOWS\system32\drivers\EagleNT.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ed at 13:42:16 on 2011-05-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2663 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ed.KIDS\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users.windows\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-18 11608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-18 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-18 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-18 61960]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-12-18 22016]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-18 1374464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-10 136176]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-10 136176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-3-25 14856]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-12-18 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-12-18 17408]
S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
.
=============== Created Last 30 ================
.
2011-05-22 15:45:49 -------- d-----w- c:\program files\AMD APP
2011-05-18 20:07:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-03 03:53:48 -------- d-----w- c:\program files\common files\HP
2011-05-03 03:52:58 267864 ----a-r- c:\windows\system32\hpzids01.dll
2011-05-03 03:52:57 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
2011-05-03 03:52:57 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2011-05-03 03:52:13 -------- d-----w- c:\program files\HP
.
==================== Find3M ====================
.
2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 02:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55:20 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-17 16:45:55 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
2011-04-17 16:44:55 327392 ----a-w- c:\program files\ElswordInstaller.exe
2011-03-21 23:56:06 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-20 05:51:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-20 05:49:00 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:42:35.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2010 9:40:00 AM
System Uptime: 5/25/2011 4:12:31 PM (21 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A79XTD EVO
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 453.412 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&189B28C4&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&189B28C4&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_834E1043&REV_3C\3&267A616A&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_834E1043&REV_3C\3&267A616A&0&A0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
µTorrent
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Akamai NetSession Interface
AMD APP SDK Runtime
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bandisoft MPEG-1 Decoder
BufferChm
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
Cogs
Conduit Engine
CustomerResearchQFolder
Dell Photo AIO Printer 944
DeviceDiscovery
DeviceManagementQFolder
DFOLauncher
Diagnostic Utility
dj_sf_software
dj_sf_software_req
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.04.801
Elsword version 1.00
Epic Adventures Cursed Onboard 1.00
ESET Online Scanner v3
eSupportQFolder
Fiction Fixers The Curse of OZ 1.00
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Mahjong Champ
Mahjong Towers Eternity 1.00
Malwarebytes' Anti-Malware
MapleStory
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mysterious Adventures Bundle
Nexon Game Manager
Pando Media Booster
PanoStandAlone
Platform
Portal
PSSWCORE
QuickTime
Reading the Dead 1.00
RIFT
Runes of Magic
RUSH
Secunia PSI (2.0.0.3001)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shin Megami Tensei: Imagine Online
SolutionCenter
SPORE™
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
The Stroke of Midnight and Guide
Titan Quest
Titan Quest Immortal Throne
Toolbox
Torchlight
TQ Defiler.NET
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
Ventrilo Client
VideoToolkit01
Vindictus
Virtual Villagers - New Believers Just For Fun Games
WebFldrs XP
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 4:12:50 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 485B39A7A92C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/22/2011 10:26:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/22/2011 10:26:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/22/2011 10:26:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/22/2011 10:26:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2011 10:26:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

 

[Mazrim]

That should be it, let me know how things look.

 

[Bobbye]

Regarding this:

It's when I turn it on for the 1st time for the day after I've had it turned off for the night where it hangs, or in other words, after a full system shut down, upon powering back up, the system hangs until I hit the reset button, then all is well.

This points to a probable application hang. This can be a legit process on the Start menu that isn't able to load due to a bad driver, corrupt file or other. Or it can be malware entry on the Startup menu that can't start because it either needs or 'wants' another process to be running. It is also possible that a Service can't start up because a Dependency isn't running. And occasionally, an app will hang on shutdown and not close down properly>>> you can check the App log in the Event Viewer> Look for Hanging App. Usually Event #1001/1002.

And all gs don't stand for Graphics:

gupdate error which I assume the "g" stands for graphics).

This little jewel is the update for the Google Toolbar. Got it>>> gupdate=Google update! A big nuisance as far as I'm concerned! How often does a toolbar need to be updated?! But it takes patience and time to stop this one- it is very pushy and overrode everything I put in it's way to stop it! I don't do any auto-updates evept for the AV program.
==========================================
I'd like you to run the Eset Online Virus scan:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
Follow with Combofix:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[Mazrim]

ESET does the same thing it always has: After scanning, it flashes information about the scan for 1/10th of a second, then goes to try and push you to buy the retail version. There's no option to go back to the scanner screen, and there are no other options available to see the scan info; nothing except "purchase", and "free 30 day trial". So from here out I will have to skip that step since it's essentially useless for me, seeing as ESET refuses to let me see the information I need and instead wants to coerce me to buy their products TO actually see the results. This occurs whether or not threats are found on the system.

 

[Mazrim]

ComboFix 11-05-27.01 - Ed 05/27/2011 19:51:23.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2650 [GMT -4:00]
Running from: c:\documents and settings\Ed.KIDS\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ed.KIDS\Application Data\PriceGong
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\z.xml
C:\install.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 04:01 . 2011-04-20 23:25 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-05-27 04:01 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-05-27 04:01 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-05-27 04:00 . 2011-04-20 23:25 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-05-27 04:00 . 2011-04-20 23:25 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-05-22 15:47 . 2011-05-22 15:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2011-05-22 15:45 . 2011-05-22 15:45 -------- d-----w- c:\program files\AMD APP
2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\documents and settings\Administrator
2011-05-18 20:07 . 2011-05-18 20:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-06 01:45 . 2011-05-06 01:45 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-05-03 03:54 . 2011-05-03 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Product Assistant
2011-05-03 03:54 . 2011-05-03 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2011-05-03 03:53 . 2011-05-03 03:53 -------- d-----w- c:\program files\Common Files\HP
2011-05-03 03:53 . 2011-05-03 03:53 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-05-03 03:53 . 2011-05-03 03:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2011-05-03 03:52 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll
2011-05-03 03:52 . 2007-03-28 18:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2011-05-03 03:52 . 2007-03-28 17:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2011-05-03 03:52 . 2011-05-03 03:55 -------- d-----w- c:\program files\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 02:41 . 2010-12-19 01:07 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2010-12-19 01:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-12-19 01:07 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-12-19 01:07 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2010-12-19 01:07 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:10 . 2011-04-20 02:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 02:10 . 2011-04-20 02:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-20 02:04 . 2010-12-19 01:07 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2010-12-19 01:07 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2010-12-19 01:07 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-04-17 16:02 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2010-12-19 01:07 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2010-12-19 01:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2010-12-19 01:07 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2010-12-19 01:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2010-12-19 01:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2010-12-19 01:07 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2010-12-19 01:07 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-19 01:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2010-12-19 01:07 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2010-12-19 01:07 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2010-12-19 01:07 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2010-12-19 01:07 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2010-12-19 01:07 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-17 16:45 . 2011-04-17 16:21 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
2011-04-17 16:44 . 2011-04-17 16:21 327392 ----a-w- c:\program files\ElswordInstaller.exe
2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-20 05:51 . 2011-03-20 05:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-20 05:49 . 2011-03-20 05:49 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-03-16 13:31 . 2010-12-18 16:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2010-12-18 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-12-19 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Runes of Magic\\Client.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Nexon\\Vindictus\\en-US\\Vindictus.exe"=
"c:\\Nexon\\Vindictus\\en-US\\NMService.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\rush\\rush.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Kill3rCombo\\Elsword\\data\\x2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57788:TCP"= 57788:TCPando Media Booster
"57788:UDP"= 57788:UDPando Media Booster
"56440:TCP"= 56440:TCPando Media Booster
"56440:UDP"= 56440:UDPando Media Booster
"3857:TCP"= 3857:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/18/2010 12:36 PM 136360]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [12/18/2010 11:52 AM 22016]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/18/2010 11:48 AM 1374464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [11/23/2009 5:37 PM 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3/25/2011 7:46 PM 14856]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [12/18/2010 11:52 AM 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [12/18/2010 11:52 AM 17408]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 19:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,1a,de,73,c8,29,0e,b1,5a,21,db,66,56,c3,fc,1e,99,59,1b,12,55,
aa,bc,b6,40,79,1a,0a,c1,16,8f,a5,c0,3c,ba,73,39,40,dd,27,2b,3f,dc,17,97,00,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-05-27 19:58:10
ComboFix-quarantined-files.txt 2011-05-27 23:58
.
Pre-Run: 486,381,678,592 bytes free
Post-Run: 486,433,632,256 bytes free
.
- - End Of File - - 68F7C8F83B0007A3B12E73A3FAF34473

 

[Bobbye]

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\windows\system32\drivers\EagleXNt.sys
FileLook::
c:\windows\system32\dlcdcoms.exe -service
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}].
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
Driver::
EagleXN

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Advise remove both of these extensions from Firefox:
Conduit Engine
uTorrentBar Community Toolbar

Advise uninstall HackShield :A lot of gamers are getting errors related to this. IF you can do without it, best remove.
====================================================
Please try this for the Eset scan. I haven't had anyone else report pressure to ourchase. If you do get it, just bypas and continue with the scan.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

 

[Mazrim]

Getting ads BEFORE the scan isn't the problem. The problem is that when the scan completes, instead of going to a results panel, or options to view the results, I get only one window, which is an ad to buy their products. there are no buttons or commands to click on to view the results, nor are there any buttons to export any results found. And there's no way to bring up anything like that. It's just that one window, and nothing more.

BTW Avira found another virus a minute before I posted this, Trokojan was the name of it. Im nearly at the point where reformatting this system is looking good because it seems that for every one malware I find, TEN take its place. My email now won't work properly: Outlook now hangs when checking for any new msgs.

UPDATE: I found out someone was using my email as a bot, and my isp reset my PW. So I need to start all over again I guess from step 1, as I missed SOMETHING somewhere, or just reformat unless there's a solution to this garbage.

 

[Mazrim]

Ok, I ran ESET one last time, and this time it worked. No threats were found so no log.

 

[Bobbye]

Let me explain about the virus scans and what you may see:

If you do a scan and the malware is anywhere on the system, the scan will usually show it-but-

1) If you see malware located in System Volume, (this is where the restore points are kept) it means that when that restore point was created, the malware was on what was imaged. But when we have removed entries in the system or that malware, it is not longer active in the system and the only way if could reinfect the system is if you did a System restore and happened to choose that restore point. I have you drop the old restore points at the end of cleaning and set a new clean one.

2) If you see entries in the Qoobox, which is where Combofix puts the files they quarantine, is means that again, it is not active in the system and will be removed when Combofix is uninstalled.

3) If you see entries in the Recycle Bin, it has been 'thrown away', so just empty the trash.
The antivirus programs do not differentiate these locations and the user may see 10 entries in places that have been handled and are not active in the system,

So Avira may have ''found' one Trojan, but unless I know the location, I cannot evaluate it.
==========================================
Were you ever able to resolve this?

It's when I turn it on for the 1st time for the day after I've had it turned off for the night where it hangs, or in other words, after a full system shut down, upon powering back up, the system hangs until I hit the reset button, then all is well.

Did you uncheck everything on the Startup Menu except the AV, 3rd party firewall if there is one, touchpad process if using laptop and network process if using Pure Magic or Citrix?

Do the system still hang under those conditions?
=========================================
Did we discuss the uTorrent Toolbar and Conduit engine? Did you decide to keep them?

I don't know what you're seeing on the Eset site. But many programs with free downloads also offer a paid version. All you should need to do is ignore the offer. It shouldn't affect running the scan or producing a log if malware is found.

 

[Mazrim]

Well the ESET scan worked this time, and no threats were found. I don't have a uTorrent toolbar installed (or at least I don't see one ever), and I've never used Conduit, so I don't know what it is really. The Turkojan virus is quarantined atm, and its location was also found in a system restore point.

that reminds me: This is gonna sound really dumb, but I have to ask it. How do I safely DELETE malware that's quarantined in my antivirus? I remember trying to delete some malware a long tiem ago, using AVG at that time, and I somehow let it loose in my system

I'm kind of afraid I might do the same trying to get rid of the stuff quarantined in Avira.

BTW: I'm not familiar with turning stuff on and off in startup, so bear with me.

 

[Bobbye]

I don't have a uTorrent toolbar installed (or at least I don't see one ever), and I've never used Conduit, so I don't know what it is really.

Actually, you have many entries for both. And the installed programs show: uTorrent, Conduit Engine and uTorrent Toolbar I put them in script for you to run in Combofix. But I did not get the log that is generated after the scrip has been run.

We need to bring this to a close. It was started over 2 months ago. We haven't found malware.
To remove entries your antivirus has quarantined, do a RIGHT Click> Delete.

The Qoobox will be removed when you uninstall Combofix and the infected restore points will be dropped.

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

 

[Mazrim]

Sorry to have wasted your time. Here's the log per the previous instructions:

ComboFix 11-06-11.01 - Ed 06/12/2011 14:32:09.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2785 [GMT -4:00]
Running from: c:\documents and settings\Ed.KIDS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed.KIDS\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\EagleXNt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ed.KIDS\Application Data\PriceGong
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-10 01:57 . 2011-06-10 01:57 -------- d-----w- c:\documents and settings\Ed.KIDS\Local Settings\Application Data\Oblivion
2011-06-10 01:41 . 2011-06-10 01:41 -------- d-----w- c:\program files\Bethesda Softworks
2011-06-10 01:29 . 2011-06-10 01:29 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-10 01:29 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-10 01:29 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-10 01:29 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-10 01:29 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-10 01:29 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-10 01:29 . 2011-06-10 01:29 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2011-06-03 17:50 . 2011-06-03 17:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-03 17:47 . 2011-06-03 17:47 -------- d-----w- c:\windows\system32\AGEIA
2011-06-03 17:47 . 2011-06-03 17:47 -------- d-----w- c:\program files\AGEIA Technologies
2011-06-03 17:29 . 2011-06-05 03:19 -------- d-----w- c:\program files\Dragon Age
2011-06-03 17:29 . 2011-06-03 17:47 -------- d-----w- c:\program files\Common Files\BioWare
2011-06-01 21:02 . 2011-06-01 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2011-05-29 06:48 . 2011-05-29 06:48 -------- d-sh--w- c:\documents and settings\Ed.KIDS\IECompatCache
2011-05-27 04:01 . 2011-04-20 23:25 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-05-27 04:01 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-05-27 04:01 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-05-27 04:00 . 2011-04-20 23:25 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-05-27 04:00 . 2011-04-20 23:25 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-05-22 15:47 . 2011-05-22 15:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2011-05-22 15:45 . 2011-05-22 15:45 -------- d-----w- c:\program files\AMD APP
2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\documents and settings\Administrator
2011-05-18 20:07 . 2011-06-09 22:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-03-20 21:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-03-20 21:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 02:41 . 2010-12-19 01:07 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2010-12-19 01:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-12-19 01:07 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-12-19 01:07 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2010-12-19 01:07 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:10 . 2011-04-20 02:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 02:10 . 2011-04-20 02:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-20 02:04 . 2010-12-19 01:07 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2010-12-19 01:07 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2010-12-19 01:07 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-04-17 16:02 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2010-12-19 01:07 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2010-12-19 01:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2010-12-19 01:07 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2010-12-19 01:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2010-12-19 01:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2010-12-19 01:07 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2010-12-19 01:07 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-19 01:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2010-12-19 01:07 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2010-12-19 01:07 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2010-12-19 01:07 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2010-12-19 01:07 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2010-12-19 01:07 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-17 16:45 . 2011-04-17 16:21 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
2011-04-17 16:44 . 2011-04-17 16:21 327392 ----a-w- c:\program files\ElswordInstaller.exe
2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-20 05:51 . 2011-03-20 05:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-20 05:49 . 2011-03-20 05:49 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-03-16 13:31 . 2010-12-18 16:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-27_23.56.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 03:03 . 2011-01-11 03:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2009-07-12 00:54 . 2009-07-12 00:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2011-01-11 08:05 . 2011-01-11 08:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 08:23 . 2011-01-11 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2011-01-11 01:21 . 2011-01-11 01:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-06-12 18:22 . 2011-06-12 18:22 16384 c:\windows\temp\Perflib_Perfdata_414.dat
+ 2009-04-03 16:39 . 2009-04-03 16:39 70936 c:\windows\system32\PhysXLoader.dll
+ 2008-12-04 13:28 . 2008-12-04 13:28 24344 c:\windows\system32\PhysXDevice.dll
- 2004-08-04 12:00 . 2011-05-27 04:13 71846 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-06-12 18:26 71846 c:\windows\system32\perfc009.dat
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelFrench.dll
+ 2011-06-01 21:02 . 2011-06-01 21:02 21504 c:\windows\Installer\69bfe0a.msi
+ 2011-06-10 01:31 . 2011-06-10 01:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-01-11 08:27 . 2011-01-11 08:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 08:24 . 2011-01-11 08:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 08:08 . 2011-01-11 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 197912 c:\windows\system32\physxcudart_20.dll
+ 2008-11-26 12:55 . 2008-11-26 12:55 288024 c:\windows\system32\PhysXCplUI.exe
+ 2008-11-25 12:38 . 2008-11-25 12:38 288024 c:\windows\system32\PhysXCompatCplUI.exe
- 2004-08-04 12:00 . 2011-05-27 04:13 443588 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-06-12 18:26 443588 c:\windows\system32\perfh009.dat
+ 2011-06-09 22:46 . 2011-06-09 22:46 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2011-06-09 22:44 . 2011-06-09 22:44 240288 c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe
+ 2011-06-09 22:44 . 2011-06-09 22:44 321184 c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 116977 c:\windows\system32\AGEIA\AG1021\diag.bin
+ 2008-10-07 13:13 . 2008-10-07 13:13 214629 c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-10-07 13:13 . 2008-10-07 13:13 119473 c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-10-07 13:13 . 2008-10-07 13:13 199885 c:\windows\system32\AGEIA\AG1011\app.bin
+ 2011-06-05 03:20 . 2011-06-05 03:20 424960 c:\windows\Installer\7c62d71.msi
+ 2011-06-07 06:04 . 2011-06-07 06:04 459264 c:\windows\Installer\12a99750.msi
+ 2011-06-10 01:31 . 2011-06-10 01:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-12-18 16:33 . 2011-06-09 22:46 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-12-18 16:33 . 2011-05-18 20:07 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-03 17:47 . 2011-06-03 17:47 1500160 c:\windows\Installer\94209b.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-12-19 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Runes of Magic\\Client.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Nexon\\Vindictus\\en-US\\Vindictus.exe"=
"c:\\Nexon\\Vindictus\\en-US\\NMService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Kill3rCombo\\Elsword\\data\\x2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\rush\\rush.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57788:TCP"= 57788:TCPando Media Booster
"57788:UDP"= 57788:UDPando Media Booster
"56440:TCP"= 56440:TCPando Media Booster
"56440:UDP"= 56440:UDPando Media Booster
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/18/2010 12:36 PM 136360]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [12/18/2010 11:52 AM 22016]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/18/2010 11:48 AM 1374464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [11/23/2009 5:37 PM 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3/25/2011 7:46 PM 14856]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [12/18/2010 11:52 AM 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [12/18/2010 11:52 AM 17408]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 14:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,37,7d,7a,76,93,30,1f,c6,50,e2,66,54,58,5f,03,29,81,d9,d3,1c,6b,fe,
a8,4d,74,17,db,cc,41,96,d8,20,78,ee,e1,5f,8a,1b,3c,98,de,ca,61,96,ee,47,59,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,1a,de,73,c8,29,0e,b1,5a,21,db,66,56,c3,fc,1e,99,59,1b,12,55,
aa,bc,b6,40,79,1a,0a,c1,16,8f,a5,c0,3c,ba,73,39,40,dd,27,2b,3f,dc,17,97,00,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-06-12 14:38:26
ComboFix-quarantined-files.txt 2011-06-12 18:38
ComboFix2.txt 2011-06-07 00:38
ComboFix3.txt 2011-05-27 23:58
.
Pre-Run: 460,815,585,280 bytes free
Post-Run: 460,862,885,888 bytes free
.
- - End Of File - - AC4850C1EE1706B5EB07066DA9A3A973

 

[Bobbye]

Thread closed at members request. Getting new hardware.