TechSpot

Trojan horse BackDoor.Generic14.ANNA effecting a system file

By Johnh92
Nov 29, 2011
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll be glad to help you.

    The Preliminary Virus and Malware Removal thread HERE. is not for posts. It is the TechSpot Directions only.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    I will review the logs after you have pasted them into your next reply.
    Note: There is a second log for the DDS scan. It is named Attach.txt
    You do not have to attach it, or zip it- that is only the name of the log. Please include it when the paste the other logs..

    You can search the system for it if needed.
    ========================================
    You cn also go ahead and run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  2. Johnh92

    Johnh92 TS Rookie Topic Starter

    I'll start by saying THANKYOU for your quick responce :)

    Sorry i didnt see the DO NOT ATTACH LOGS my bad :p

    ok just adding a bit more info to my problems,

    I can access my network but i am unable to browse or connect to my internet (wireless or LAN) i have tried different connections as well so its not just my inernet.
    so this makes online scans difficult.

    ok i shall enter the logs below in order of

    1. Malwarebytes' Anti-Malware
    2. gmer.exe
    3. DDS



    Malwarebytes' Anti-Malware
    16:36:42 Hunter family MESSAGE Protection started successfully
    16:36:47 Hunter family MESSAGE IP Protection started successfully
    16:37:37 Hunter family ERROR Scheduled update failed: No address found failed with error code 11004

    gmer.exe
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-29 17:04:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBCO
    Running: jjgh40tf.exe; Driver: C:\DOCUME~1\HUNTER~1\LOCALS~1\Temp\uwryypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----


    DDS
    DDS.txt
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Hunter family at 17:10:43 on 2011-11-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.1861 [GMT 11:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\TAMSvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ESDUSBMon.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
    C:\Program Files\TrueSuite Access Manager\usbnotify.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    svchost.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\EpStsSrv.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\TightVNC\tvnserver.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uWinlogon: Shell=c:\documents and settings\hunter family\local settings\application data\10808bc6\X
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Megakey] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\Megakey.exe /Tray
    uRun: [MegakeyUpdater] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\MegakeyUpdater.exe
    uRun: [SyncMyCal]
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
    mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
    mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
    mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
    mRun: [ESDUSBMon.exe] c:\windows\system32\ESDUSBMon.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Toshiba Controls Utility] "c:\program files\toshiba\controls\VolumeIndicator.exe"
    mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
    mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266683505640
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{C1574F6E-AD9E-483E-A24C-E0C7761A651A} : NameServer = 192.168.5.100
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 192.168.100.254 abpt-serv
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?q=
    FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2009-9-23 42608]
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-13 232512]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-1-7 18816]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-2-20 14336]
    R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2009-9-23 46084]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 261036]
    R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
    R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [2006-5-11 95485]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1352728]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-29 366152]
    R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 497600]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80532]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-2-20 14336]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-27 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-20 134016]
    R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-9 810940]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-2-1 732160]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-29 22216]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-12-31 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-12-31 43608]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-5-29 6912]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 127032]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-14 1025352]
    S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-9-23 106496]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 127032]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-6-15 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\30.tmp --> c:\windows\system32\30.tmp [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2011-11-29 05:36:03 -------- d-----w- c:\documents and settings\hunter family\application data\Malwarebytes
    2011-11-29 05:35:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-29 05:35:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 05:35:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-08 07:11:54 48016 --sha-w- c:\windows\system32\c_91531.nl_
    2011-11-02 22:34:59 -------- d-sh--w- c:\documents and settings\hunter family\local settings\application data\10808bc6
    .
    ==================== Find3M ====================
    .
    2011-11-11 07:23:31 1004 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
    2011-11-09 01:48:10 120280 ----a-w- c:\windows\system32\TODDSrv.exe
    2011-11-09 01:48:09 169288 ----a-w- c:\windows\system32\PSIService.exe
    2011-11-09 01:47:59 74768 ----a-w- c:\windows\system32\EpStsSrv.exe
    2011-11-09 01:47:59 509496 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-11-09 01:47:59 46084 ----a-w- c:\windows\system32\TAMSvr.exe
    2011-11-09 01:47:43 185608 ----a-w- c:\windows\system32\ESDUSBMon.exe
    2011-11-08 11:14:03 162816 ----a-w- c:\windows\system32\drivers\`
    2011-10-13 06:59:43 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-09-26 00:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 00:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 00:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-18 08:49:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-17 04:36:44 24048 ----a-w- c:\windows\system32\AlfaFF.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
    2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 17:11:39.42 ===============


    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/09/2009 1:25:39 PM
    System Uptime: 30/11/2011 4:49:59 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Satellite Pro P300
    Processor: Intel Pentium III processor | U2E1 | 2094/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 10.9 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP455: 31/08/2011 8:26:30 PM - System Checkpoint
    RP456: 1/09/2011 2:04:17 PM - Removed Adobe Reader 9.4.5.
    RP457: 1/09/2011 2:08:17 PM - Installed Adobe Reader X (10.1.0).
    RP458: 4/09/2011 5:12:43 PM - System Checkpoint
    RP459: 5/09/2011 5:14:17 PM - System Checkpoint
    RP460: 6/09/2011 4:04:02 PM - Installed DirectX
    RP461: 8/09/2011 9:16:42 AM - Software Distribution Service 3.0
    RP462: 9/09/2011 10:56:43 AM - System Checkpoint
    RP463: 10/09/2011 1:16:26 PM - System Checkpoint
    RP464: 11/09/2011 2:32:55 PM - System Checkpoint
    RP465: 12/09/2011 9:20:26 PM - System Checkpoint
    RP466: 14/09/2011 10:08:44 AM - System Checkpoint
    RP467: 14/09/2011 4:04:25 PM - Installed Steam
    RP468: 15/09/2011 10:43:52 AM - Software Distribution Service 3.0
    RP469: 17/09/2011 12:04:15 PM - System Checkpoint
    RP470: 18/09/2011 7:16:30 PM - Removed WinZip 14.5
    RP471: 20/09/2011 10:17:51 PM - System Checkpoint
    RP472: 26/09/2011 7:48:41 PM - System Checkpoint
    RP473: 26/09/2011 10:17:20 PM - Configured Far Cry
    RP474: 26/09/2011 10:35:45 PM - Installed League of Legends
    RP475: 28/09/2011 8:02:52 PM - System Checkpoint
    RP476: 30/09/2011 11:49:11 AM - Software Distribution Service 3.0
    RP477: 1/10/2011 12:38:58 PM - Removed Hexen II
    RP478: 1/10/2011 12:40:06 PM - Removed RuneScape
    RP479: 1/10/2011 12:40:24 PM - Removed RS2Bot
    RP480: 2/10/2011 8:19:37 PM - System Checkpoint
    RP481: 6/10/2011 12:23:47 PM - System Checkpoint
    RP482: 7/10/2011 12:42:42 PM - System Checkpoint
    RP483: 12/10/2011 1:24:53 PM - System Checkpoint
    RP484: 13/10/2011 4:45:14 PM - System Checkpoint
    RP485: 13/10/2011 6:38:57 PM - Installed Neverwinter Nights
    RP486: 13/10/2011 7:55:27 PM - Installed Neverwinter Nights: Shadows of Undrentide
    RP487: 13/10/2011 8:08:47 PM - Installed Neverwinter Nights: Hordes of the Underdark
    RP488: 13/10/2011 8:22:33 PM - Software Distribution Service 3.0
    RP489: 13/10/2011 11:01:44 PM - Installed DirectX
    RP490: 15/10/2011 12:21:53 PM - System Checkpoint
    RP491: 22/10/2011 8:28:02 PM - System Checkpoint
    RP492: 24/10/2011 10:57:13 AM - System Checkpoint
    RP493: 28/10/2011 10:05:23 PM - System Checkpoint
    RP494: 30/10/2011 5:01:03 PM - System Checkpoint
    RP495: 6/11/2011 9:23:28 PM - System Checkpoint
    RP496: 8/11/2011 5:23:24 PM - Software Distribution Service 3.0
    RP497: 11/11/2011 10:51:49 PM - System Checkpoint
    RP498: 13/11/2011 8:31:51 PM - System Checkpoint
    RP499: 25/11/2011 12:57:47 PM - System Checkpoint
    RP500: 25/11/2011 3:18:15 PM - Removed League of Legends
    RP501: 27/11/2011 7:49:39 PM - System Checkpoint
    RP502: 28/11/2011 10:14:37 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.10 beta
    A Game of Thrones - Genesis
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.3.0 - CPSID_52073
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Design Premium
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.1)
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Catalyst Install Manager
    ATI Display Driver
    µTorrent
    AVG 2011
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Boris Graffiti
    Camera Assistant Software for Toshiba
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Conexant HD Audio
    Corel Paint Shop Pro Photo X2
    Corel Painter Photo Essentials 4
    DAEMON Tools Lite
    DVD Decrypter (Remove Only)
    EPSON Advanced Printer Driver 3
    Free PDF to Word Doc Converter v1.1
    Freecorder
    Freecorder Toolbar
    FreeUndelete
    Garmin MapSource
    GO Contact Sync
    Google Earth
    Google Update Helper
    Half-Life: Opposing Force Demo
    HDAUDIO Soft Data Fax Modem with SmartCP
    High-Definition Video Playback
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Install Network Printer Wizard
    HP USB Disk Storage Format Tool
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    ImgBurn
    Intel PROSet Wireless
    Intel(R) Matrix Storage Manager
    Intel(R) PROSet/Wireless WiFi Software
    InterVideo WinDVD for TOSHIBA
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    LibreOffice 3.4
    Little Fighter 2 version 2.0a
    LogMeIn Hamachi
    Magic Bullet Looks Studio
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office XP Professional
    Microsoft Publisher 2002
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MouseWare 9.76
    Mozilla Firefox 6.0.2 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6 Service Pack 2 (KB954459)
    Nero
    Nero 10 ClipartPack
    Nero 10 Menu TemplatePack 1
    Nero 10 Menu TemplatePack 2
    Nero 10 Menu TemplatePack 3
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack 1
    Nero 10 Movie ThemePack 2
    Nero 10 Movie ThemePack 3
    Nero 10 Movie ThemePack 4
    Nero 10 Movie ThemePack Basic
    Nero 10 PiP EffectPack 1
    Nero 10 Sample ImagePack
    Nero 10 Sample Videos
    Nero 10 Video TransitionPack 1
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10 Platinum HD
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    Neverwinter Nights
    O2Micro Flash Memory Card Reader Driver (x86)
    OGA Notifier 2.0.0048.0
    Pando Media Booster
    PC Wizard 2010.1.93
    PDF Settings CS5
    Pinnacle Studio 12
    Pinnacle Studio 12 Ultimate Plugins
    Pinnacle Video Driver
    PL-2303 USB-to-Serial
    Presto! BizCard 5 SE (English Version)
    Presto! BizCard Component for Windows CE
    Presto! BizCard5 SE
    PrimoPDF -- brought to you by Nitro PDF Software
    proDAD Vitascene 1.0
    QuickPar 0.9
    QuickTime
    Realtek High Definition Audio Driver
    Rise of Immortals
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SES Driver
    shonkymaps
    Skins
    Skype Click to Call
    Skype™ 5.5
    Softalk Share Server Client
    Sophos Anti-Rootkit 1.5.0
    Spelling Dictionaries Support For Adobe Reader 9
    Steam
    SUPER © Version 2009.bld.36 (June 10, 2009)
    Synaptics Pointing Device Driver
    SyncMyCal
    theWord
    TightVNC 2.0.2
    TOSHIBA Assist
    Toshiba Controls Utility
    TOSHIBA Direct Disc Writer
    TOSHIBA Disc Creator
    Toshiba Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA Recovery Disc Creator
    TOSHIBA SD Memory Utilities
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    Toshiba Touchpad Utility
    Toshiba Utility
    TOSHIBA Zooming Utility
    Tracks4Australia 1.20
    TrueSuite Access Manager
    TuneUp Companion 2.2.4
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.5
    VNC Free Edition 4.1.3
    Warcraft III Reign of Chaos & The Frozen Throne
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/11/2011 8:49:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    27/11/2011 7:49:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    27/11/2011 7:19:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    25/11/2011 3:18:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    25/11/2011 3:17:03 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
    25/11/2011 3:15:12 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
    25/11/2011 3:15:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.
    25/11/2011 3:15:08 PM, error: Service Control Manager [7000] - The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    25/11/2011 3:14:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
    25/11/2011 3:14:18 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    25/11/2011 3:13:10 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
    .
    ==== End Of File ===========================
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome- sometimes I see new thread as I come on TechSpot and get it started. Keep in mind that checking the logs does not go as quickly.

    This is puzzling:
    Please explain> my network
    =======================================
    I am uncertain as to what you mean for the Mbam.
    Malwarebytes' Anti-Malware> Please download this to a flash drive, then connect and run on the problem computer.[/b]

    This will work for any other program I give you- we will hold off on the Eset Online Virus scan for now as that does require a connection.
    ------------------------------------------------
    AVG will have to be removed temporarily to run Combofix:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      You will not be able to load the Recovery Console when using the flash drive.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ================================
    Depending on what I see in Mbam, I will give you specific information about a Backdoor malware.
     
  4. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok firstly with the Malwarebytes' Anti-Malware log i gave (if thats what ur talking about) i am re running the scan and will repost the log just incase i didnt get the right thing :S

    "Please explain> my network"

    I have a network set up at home and work, like i can conncent to other computers through thsi network, and I can normally connect to the internet when im on my network but for some reason it wont connect to the internet through wireless or through a LAN cabel.

    also my Malwarebytes program is not uptodate because im not connected to the internet, i downloaded it two days ago so it cant be to out of date... but im not sure if that will make a difference or not to the log.
     
  5. Johnh92

    Johnh92 TS Rookie Topic Starter

    not sure what i copies as the log but here is the real log


    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/12/2011 2:18:14 PM
    mbam-log-2011-12-01 (14-18-08).txt

    Scan type: Quick scan
    Objects scanned: 217747
    Time elapsed: 28 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. Johnh92

    Johnh92 TS Rookie Topic Starter

    damn, this sucks not having internet its making things much harder!

    ok with combofix it works and scans and coming back witha messgae saying

    "This machine does not have the 'Microsoft Windows recovery console' installed. alternately, an existing installation of the recovery console maybe be present but requires updating.

    without it, Combofix shall not attempt the fixing of some serious infections.

    Click "Yes" to have ComvoFix Download/Install it.

    NOTE: this requires an active internet connection."

    (wondering should i search for it on google? or can i download it from another computer and tansfer it? )

    so no i click no (because no internt)

    it scanned and then came up witha message saying something about a cirtical system file is infected and it didnt want to do anything about it...

    THEN

    for some reason i continued and exited it and reran the scan... it scanned for a lot longer and then proceeded to deleat 2 dozen files or more and then it found my netbt.sys and said it was infected with a serious virus and it said it fixed it.

    now it rebooted the system and i shall post the log. and then scan the system again.

    and here is the log :D

    ComboFix 11-11-30.03 - Hunter family 01/12/2011 14:43:27.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2207 [GMT 11:00]
    Running from: c:\documents and settings\Hunter family\Desktop\Virus\ComboFix.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\~WRD3954.tmp
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Hunter family\Application Data\.#
    c:\documents and settings\Hunter family\Application Data\PriceGong
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Hunter family\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\U
    c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\U\80000000.@
    c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\U\800000cb.@
    c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\Megakey.exe /Tray
    c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\MegakeyUpdater.exe
    c:\documents and settings\Hunter family\WINDOWS
    c:\windows\assembly\GAC_MSIL\desktop.ini
    c:\windows\CSC\d6
    c:\windows\system32\
    c:\windows\system32\c_91531.nl_
    c:\windows\system32\drivers\`
    c:\windows\system32\usmt\migwiz_a.exe
    .
    Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\netbt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_10808bc6
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-29 05:36 . 2011-11-29 05:36 -------- d-----w- c:\documents and settings\Hunter family\Application Data\Malwarebytes
    2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-29 05:35 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-11-02 22:34 . 2011-12-01 03:52 -------- d-sh--w- c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 07:23 . 2009-09-24 13:09 1004 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2011-11-09 01:48 . 2008-02-20 01:25 120280 ----a-w- c:\windows\system32\TODDSrv.exe
    2011-11-09 01:48 . 2007-06-05 03:20 169288 ----a-w- c:\windows\system32\PSIService.exe
    2011-11-09 01:47 . 2009-11-16 00:07 74768 ----a-w- c:\windows\system32\EpStsSrv.exe
    2011-11-09 01:47 . 2009-09-23 03:25 46084 ----a-w- c:\windows\system32\TAMSvr.exe
    2011-11-09 01:47 . 2008-03-04 22:35 509496 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-11-09 01:47 . 2009-11-16 00:07 185608 ----a-w- c:\windows\system32\ESDUSBMon.exe
    2011-10-13 06:59 . 2011-10-13 06:59 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-09-26 00:41 . 2008-07-29 09:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 00:41 . 2008-02-19 16:43 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 00:41 . 2008-02-19 16:43 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-18 08:49 . 2011-06-24 00:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-17 04:36 . 2011-09-17 04:36 24048 ----a-w- c:\windows\system32\AlfaFF.dll
    2011-09-09 09:12 . 2008-02-19 16:43 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2008-02-19 16:43 1858944 ------w- c:\windows\system32\win32k.sys
    2011-09-07 23:50 . 2011-03-22 11:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
    @="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
    [HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
    2007-04-20 01:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-14 3077528]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-09-14 1242448]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
    "TPSMain"="TPSMain.exe" [2008-01-28 268152]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
    "FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-02-29 671744]
    "UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
    "PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
    "ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2011-11-09 185608]
    "Logitech Utility"="Logi_MwX.Exe" [2003-03-03 19968]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1024000]
    "Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-01-31 77824]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-08 1773568]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
    "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-11-09 810940]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-21 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
    2008-02-28 09:42 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"=
    "c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Hunter family\\Desktop\\John\\GAMES\\aoe\\age2_x1.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\TightVNC\\tvnserver.exe"=
    "c:\\Program Files\\TightVNC\\vncviewer.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Petroglyph\\Rise of Immortals\\RoIClientR.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\a game of thrones\\Agot.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:RPC
    "59137:TCP"= 59137:TCP:pando Media Booster
    "59137:UDP"= 59137:UDP:pando Media Booster
    .
    R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [23/09/2009 2:25 PM 42608]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/10/2011 5:59 PM 232512]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [7/01/2010 12:20 PM 18816]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [20/02/2008 3:43 AM 14336]
    R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [23/09/2009 2:25 PM 46084]
    R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
    R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [11/05/2006 10:51 AM 95485]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4/08/2011 3:34 PM 1352728]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2011 4:35 PM 366152]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4/05/2010 12:07 PM 497600]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 2:06 PM 80532]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [20/02/2008 3:43 AM 14336]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [27/03/2007 7:22 AM 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [20/02/2007 7:15 AM 134016]
    R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [9/07/2010 12:28 AM 810940]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [1/02/2008 7:18 AM 732160]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2011 4:35 PM 22216]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [31/12/2009 6:11 PM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/12/2009 6:11 PM 43608]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29/05/2007 5:01 AM 6912]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
    S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [23/09/2009 2:25 PM 106496]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [15/06/2010 6:58 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 6:01 PM 21248]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\30.tmp --> c:\windows\system32\30.tmp [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 PM 517096]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 5:06 PM 11520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RPCQT
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-BETH_LAPTOP-Hunter family.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-22 17:44]
    .
    2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
    .
    2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: Interfaces\{C1574F6E-AD9E-483E-A24C-E0C7761A651A}: NameServer = 192.168.5.100
    FF - ProfilePath - c:\documents and settings\Hunter family\Application Data\Mozilla\Firefox\Profiles\uv8leebd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Megakey - c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\Megakey.exe
    HKCU-Run-MegakeyUpdater - c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\MegakeyUpdater.exe
    HKCU-Run-SyncMyCal - (no file)
    AddRemove-Little Fighter 2 - c:\documents and settings\Hunter family\Desktop\GAMES\LittleFighter2\uninst.exe
    AddRemove-RiseOfImmortals - c:\program files\Petroglyph\Rise of Immortals\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-01 15:04
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\30.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1084)
    c:\windows\system32\FpWinLogonNp.dll
    c:\program files\TrueSuite Access Manager\FpSuites.dll
    c:\program files\TrueSuite Access Manager\SharedResources.dll
    c:\program files\TrueSuite Access Manager\FPResource.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\netprovcredman.dll
    .
    - - - - - - - > 'explorer.exe'(5584)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Hunter family\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
    c:\program files\TrueSuite Access Manager\IconOvrly.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    c:\windows\system32\netprovcredman.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    c:\program files\TrueSuite Access Manager\CssSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\Logi_MwX.Exe
    c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\EpStsSrv.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\RealVNC\VNC4\WinVNC4.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-01 15:07:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-01 04:07
    .
    Pre-Run: 12,638,085,120 bytes free
    Post-Run: 21,625,573,376 bytes free
    .
    - - End Of File - - 63D579AEC36385CDF7A32D6FBDBB03BC
     
  7. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok now ive done another scan with Malwarebytes and its come abck saying everything is clean


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/12/2011 3:15:02 PM
    mbam-log-2011-12-01 (15-15-02).txt

    Scan type: Quick scan
    Objects scanned: 188662
    Time elapsed: 3 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding this:
    It was replaced in Combofix:
    Regarding this:
    If you had read my directions carefully, you would have seen this in the Combofix instructions:
    Regarding this:
    Two days ago the Mbam database was way over 8000, so it was longer that 2 days.
    =====================================
    It would be best if you follow my directions, including the order of the scans. Please slow down and read all of the directions carefully.
    ====================================
    Please take a minute to read this:
    |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    Many members who post here cannot access the internet. It's a common problem with malware, although sometimes it's caused by a system problem. While using a flash drive to download the scanning programs may be inconvenient, it will be the only way to try and clean the system.

    Some functions can't be done without internet access> online virus scans & installing the Recovery Console, for example. We expect that and try to work around it. Sometimes we anticipate a problem such as the Recovery Console and try to warn the member. That's why it's very important that you read and follow all of the directions.

    You are have way too many processes running- processes that only need to run when the program is actively being used. Burning software, camera software, media players, games> these don't need to start on boot and then run in the background using the system resources. That will slow you down and more connections will leave the system more vulnerable.
    ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    In the first Mbam scan, the results show No action taken. That means that although entries were found, you did not check this line:
    Now you post another log that is clean, but not the most current database.
    ======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\windows\system32\30.tmp
    Folder::
    c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6
    DDS::
    uWinlogon: Shell=c:\documents and settings\hunter family\local settings\application data\10808bc6\X
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Megakey] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\Megakey.exe /Tray
    uRun: [MegakeyUpdater] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\MegakeyUpdater.exe
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    ClearJavaCache::
    Registry::
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "135:TCP"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    Driver::
    MEMSWEEP2
    CreateSystemRestore::
    Reboot::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
     
  9. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok sorry ive been crazy busy and havnt been able to reply.

    i guess i just didnt have the settings right because ive had a mate play with my network settings and now my net is fine.

    ok so heres the log from ComboFix that you asked for


    ComboFix 11-12-04.04 - Hunter family 05/12/2011 11:53:43.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2257 [GMT 11:00]
    Running from: c:\documents and settings\Hunter family\Desktop\Virus\ComboFix.exe
    Command switches used :: c:\documents and settings\Hunter family\Desktop\Virus\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\windows\system32\30.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6
    c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\@
    c:\program files\conduitengine\prxConduitEngine.dll
    c:\program files\freecorder\FLVSrvc.exe
    c:\program files\freecorder\prxtbFre0.dll
    c:\windows\CSC\d6
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MEMSWEEP2
    -------\Service_MEMSWEEP2
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-01 10:58 . 2011-12-01 10:59 -------- d-----w- c:\documents and settings\Hunter family\Local Settings\Application Data\Akamai
    2011-12-01 04:16 . 2011-12-01 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-11-29 05:36 . 2011-11-29 05:36 -------- d-----w- c:\documents and settings\Hunter family\Application Data\Malwarebytes
    2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-29 05:35 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 07:23 . 2009-09-24 13:09 1004 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2011-11-09 01:48 . 2008-02-20 01:25 120280 ----a-w- c:\windows\system32\TODDSrv.exe
    2011-11-09 01:48 . 2007-06-05 03:20 169288 ----a-w- c:\windows\system32\PSIService.exe
    2011-11-09 01:47 . 2009-11-16 00:07 74768 ----a-w- c:\windows\system32\EpStsSrv.exe
    2011-11-09 01:47 . 2009-09-23 03:25 46084 ----a-w- c:\windows\system32\TAMSvr.exe
    2011-11-09 01:47 . 2008-03-04 22:35 509496 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-11-09 01:47 . 2009-11-16 00:07 185608 ----a-w- c:\windows\system32\ESDUSBMon.exe
    2011-10-13 06:59 . 2011-10-13 06:59 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-10-10 14:22 . 2008-02-20 00:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2008-02-19 16:43 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 00:41 . 2008-07-29 09:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 00:41 . 2008-02-19 16:43 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 00:41 . 2008-02-19 16:43 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-18 08:49 . 2011-06-24 00:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-17 04:36 . 2011-09-17 04:36 24048 ----a-w- c:\windows\system32\AlfaFF.dll
    2011-09-06 13:20 . 2008-02-19 16:43 1858944 ------w- c:\windows\system32\win32k.sys
    2011-09-07 23:50 . 2011-03-22 11:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-01_04.00.22 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-05 01:14 . 2011-12-05 01:14 16384 c:\windows\Temp\Perflib_Perfdata_cc0.dat
    + 2011-12-05 01:13 . 2011-12-05 01:13 16384 c:\windows\Temp\Perflib_Perfdata_818.dat
    + 2011-06-10 14:58 . 2011-06-10 14:58 51024 c:\windows\system32\vcomp100.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 81744 c:\windows\system32\mfcm100u.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 81744 c:\windows\system32\mfcm100.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 60752 c:\windows\system32\mfc100rus.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 43344 c:\windows\system32\mfc100kor.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 43856 c:\windows\system32\mfc100jpn.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 62288 c:\windows\system32\mfc100ita.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 64336 c:\windows\system32\mfc100fra.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 63824 c:\windows\system32\mfc100esn.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 55120 c:\windows\system32\mfc100enu.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 64336 c:\windows\system32\mfc100deu.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 36176 c:\windows\system32\mfc100cht.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 36176 c:\windows\system32\mfc100chs.dll
    + 2011-12-04 23:20 . 2011-11-28 17:52 52952 c:\windows\system32\drivers\aswTdi.sys
    + 2011-12-04 23:20 . 2011-11-28 17:52 34392 c:\windows\system32\drivers\aswRdr.sys
    + 2011-12-04 23:20 . 2011-11-28 17:51 20568 c:\windows\system32\drivers\aswFsBlk.sys
    + 2011-12-04 23:20 . 2011-11-28 17:48 30808 c:\windows\system32\drivers\aavmker4.sys
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe
    + 2011-12-04 23:20 . 2011-11-28 18:01 41184 c:\windows\avastSS.scr
    + 2011-06-10 14:58 . 2011-06-10 14:58 773968 c:\windows\system32\msvcr100.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 421200 c:\windows\system32\msvcp100.dll
    + 2011-12-04 23:20 . 2011-11-28 17:53 314456 c:\windows\system32\drivers\aswSP.sys
    + 2011-12-04 23:20 . 2011-11-28 17:53 435032 c:\windows\system32\drivers\aswSnx.sys
    + 2011-12-04 23:20 . 2011-11-28 17:52 111320 c:\windows\system32\drivers\aswmon2.sys
    + 2011-12-04 23:20 . 2011-11-28 17:51 105176 c:\windows\system32\drivers\aswmon.sys
    + 2009-09-23 22:56 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2009-09-23 22:56 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
    + 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 138056 c:\windows\system32\atl100.dll
    + 2011-12-04 23:20 . 2011-11-28 18:01 199816 c:\windows\system32\aswBoot.exe
    + 2011-12-01 04:37 . 2011-12-01 04:37 160768 c:\windows\Installer\cb158.msi
    + 2011-12-04 23:20 . 2011-12-04 23:20 219648 c:\windows\Installer\11a03299.msi
    + 2011-06-10 14:58 . 2011-06-10 14:58 4422992 c:\windows\system32\mfc100u.dll
    + 2011-06-10 14:58 . 2011-06-10 14:58 4397384 c:\windows\system32\mfc100.dll
    + 2011-06-28 10:27 . 2011-06-28 10:27 4028928 c:\windows\Installer\7ebf98.msp
    + 2011-12-01 11:06 . 2011-12-01 11:06 1435136 c:\windows\Installer\641f3.msi
    + 2009-10-01 22:38 . 2011-12-01 13:07 50295240 c:\windows\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
    @="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
    [HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
    2007-04-20 01:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-14 3077528]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-09-14 1242448]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "Akamai NetSession Interface"="c:\documents and settings\Hunter family\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-16 3303000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
    "TPSMain"="TPSMain.exe" [2008-01-28 268152]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
    "FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-02-29 671744]
    "UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
    "PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
    "ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2011-11-09 185608]
    "Logitech Utility"="Logi_MwX.Exe" [2003-03-03 19968]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1024000]
    "Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-01-31 77824]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-08 1773568]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
    "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-11-09 810940]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-21 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
    2008-02-28 09:42 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"=
    "c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Hunter family\\Desktop\\John\\GAMES\\aoe\\age2_x1.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\TightVNC\\tvnserver.exe"=
    "c:\\Program Files\\TightVNC\\vncviewer.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Petroglyph\\Rise of Immortals\\RoIClientR.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\Hunter family\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\a game of thrones\\Agot.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:RPC
    "59137:TCP"= 59137:TCP:pando Media Booster
    "59137:UDP"= 59137:UDP:pando Media Booster
    "1053:TCP"= 1053:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [23/09/2009 2:25 PM 42608]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/12/2011 10:20 AM 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2011 10:20 AM 314456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/10/2011 5:59 PM 232512]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [7/01/2010 12:20 PM 18816]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [20/02/2008 3:43 AM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2011 10:20 AM 20568]
    R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [23/09/2009 2:25 PM 46084]
    R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
    R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [11/05/2006 10:51 AM 95485]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4/08/2011 3:34 PM 1352728]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2011 4:35 PM 366152]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4/05/2010 12:07 PM 497600]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 2:06 PM 80532]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [20/02/2008 3:43 AM 14336]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [27/03/2007 7:22 AM 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [20/02/2007 7:15 AM 134016]
    R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [9/07/2010 12:28 AM 810940]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [1/02/2008 7:18 AM 732160]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2011 4:35 PM 22216]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [31/12/2009 6:11 PM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/12/2009 6:11 PM 43608]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29/05/2007 5:01 AM 6912]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
    S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [23/09/2009 2:25 PM 106496]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [15/06/2010 6:58 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 6:01 PM 21248]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 PM 517096]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 5:06 PM 11520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RPCQT
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-BETH_LAPTOP-Hunter family.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-22 17:44]
    .
    2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: Interfaces\{9880B83F-3412-415B-B6DD-27CF4EC45AC5}: NameServer = 192.168.100.1
    TCP: Interfaces\{C1574F6E-AD9E-483E-A24C-E0C7761A651A}: NameServer = 192.168.5.100
    FF - ProfilePath - c:\documents and settings\Hunter family\Application Data\Mozilla\Firefox\Profiles\uv8leebd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-05 12:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    C:\## aswSnx private storage
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1160)
    c:\windows\system32\FpWinLogonNp.dll
    c:\program files\TrueSuite Access Manager\FpSuites.dll
    c:\program files\TrueSuite Access Manager\SharedResources.dll
    c:\program files\TrueSuite Access Manager\FPResource.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\netprovcredman.dll
    .
    - - - - - - - > 'explorer.exe'(2916)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\program files\TrueSuite Access Manager\IconOvrly.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    c:\program files\TrueSuite Access Manager\CssSvr.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\Logi_MwX.Exe
    c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\EpStsSrv.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\RealVNC\VNC4\WinVNC4.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-05 12:22:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-05 01:22
    ComboFix2.txt 2011-12-01 04:07
    .
    Pre-Run: 21,034,065,920 bytes free
    Post-Run: 21,280,391,168 bytes free
    .
    - - End Of File - - 4A569AB0E615EE90DEEB9A26E627B4EE


    im at work so i'll just start scanning my computer and then if u want it i can log that as well :)
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, since you can now access the internet, let's go with these:

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    Read this carefully please:
    Update and rescan with Malwarebytes: The current database is above 8000. If Mbam does not update correctly, uninstall it, then reinstall from HERE. Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    =============================================
    Please tell me what problems remain, if any.
     
  11. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok

    so the other day after i first used combofix it said my computer was clean,

    and somehow i keep getting viruses, even before i was connected to the internet,

    does that mean that i have a virus and its making more viruses?

    alright now i have updated my Malwarebytes and scanned today and heres the log, it came back with 3 viruses

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8313

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/12/2011 8:30:30 AM
    mbam-log-2011-12-06 (08-30-30).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 449393
    Time elapsed: 5 hour(s), 28 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\qoobox\quarantine\c\documents and settings\hunter family\local settings\application data\10808bc6\u\80000000.@.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\qoobox\quarantine\c\documents and settings\hunter family\local settings\application data\10808bc6\u\800000cb.@.vir (Backdoor.0Access) -> Quarantined and deleted successfully.
    c:\qoobox\quarantine\c\windows\system32\c_91531.nl_.vir (Backdoor.0Access) -> Quarantined and deleted successfully.





    next is the online scan, i started it yesterday and it had been running for 4 hours and had done 55% and i went away from my laptop and someone tok out the power, so ive re scanned today and heres the log for that.

    umm nope, wow im sorry i really am hopeless, i was sure i saved the log but when i open the readme it just has:

    C:\System Volume Information\_restore{233BEA63-C0D4-46EF-8798-50C0E8520D96}\RP482\A0134894.exe a variant of Win32/RegistryBooster application

    i shall rescan using the online scan again and get back to you. :(
     
  12. Johnh92

    Johnh92 TS Rookie Topic Starter

    so that log i got from the online scan was the whole log? because thats what i got when i rescanned it aswell.

    said i had a registery booster. well thats no fun
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    John, both of these logs show no new malware>>

    Qoobox is where Combofix sends the quarantined files. That shows in Mbam. These are no longer active in the system and will be removed when I have you uninstall Combofix.

    The one entry from the Eset scan is in the System Volume folder. That's where the restore points are kept. These are also no longer active in the system. At the end of cleaning, I have you drop the old restore points and set a new clean one. The only way this could affect the system is if you did a System Restore and 'happened' to choose that particular one. Since you are instructed not to do a System Restore during cleaning, this should not be an issue.

    Unfortunately, these scans aren't written to not show entries in these locations. It can be confusing to the user, but is easily explained by your helper.
    ===============================
    About this:
    Combofix does not show whether the system is clean> it will quarantine and delete some entries programed into the program itself, but it's my job to look over the other entries in the log and determine if any more need to be removed.

    For that, I write script that you will run through Combofix. I have started writing your script but I don't have time this morning to finish. I will do that early this afternoon. Please hold off on doing downloads, installs or updates (Except the AV) until then.

    The system is looking good, but I have some concern about the previously removed Backdoor entries. I will probably have you run another scan to help rule out any related processes. Keep in mind though, that a Backdoor is just what it says: a way into the system.

    FYI:
    I need to know exactly what, if any problems you now notice.
     
  14. Johnh92

    Johnh92 TS Rookie Topic Starter

    i havnt noticed mant problems.

    the only thing that comes to mind is when the computer starts up it sometimes freezes or just goes black (this is after the login page)

    ive tried Ctrl+Alt+Del and Alt+TAB and Windows+D and others that might trigger soemthing but nothing happens. also the CPU isnt doing anything at this stage (or so the little light on the front of my laptop tells me:p

    not sure if this is a virus or if my computer is being annoying.

    i appreciate all teh work and effort you have put in for me and again with writing me a script. thankyou.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Glad to help.

    So the network/internet access problem has been resolved? There were 2 errors from the Event Viewer indicating the router might have gone bad.
    =========================================
    About this:
    The next time this happens, look at the computer clock and note the time (write it down). Errors are time coded so let's look for a 'reason."

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 10 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    ==================================
    Did you let the Recovery Console install when you ran Combofix again> If not, we need to install it so let me know.
    ================================
    I'd like you to verify this for me:
    Your subject:
    Trojan horse BackDoor.Generic14.ANNA... (effecting a system file>> was this netbt.sys file?)
    Are you sure the name spelling wasn't this:
    Trojan horse BackDoor.Generic14.ANAA

    I'd like to be sure of exactly what you got after 'BackDoor.Generic14'
    ----------------------
    About the Registry Booster: At some point, your either installed or scanned on the Uniblue Registry Booster. It generated an entry that refers to it being a PUP or Potentially Unwanted Programo. We don't recommend Registry cleaners to any one, s be sure to check Add/Remove Programs in the Control Panel and uninstall it if found. Also, use Windows Explorer> My Computer> Local Drive(C)> Programs> look for folder named Registry Booster or Uniblue. If found, do a right click> Delete to remove. was removed at some previous time.
     
  16. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok heres the log for VEW but i have XP so i couldnt select "Critical"

    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 11/12/2011 1:04:44 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 10/12/2011 10:30:22 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 10:30:22 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 10:14:52 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 10:14:52 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 9:41:53 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 9:41:53 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 9:32:30 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 10/12/2011 9:32:30 PM
    Type: error Category: 0
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

    Log: 'Application' Date/Time: 07/12/2011 6:44:19 PM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 3922

    Log: 'Application' Date/Time: 07/12/2011 6:44:19 PM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 3922

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/12/2011 11:48:32 PM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 10/12/2011 11:48:24 PM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 10/12/2011 10:30:20 PM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/12/2011 10:30:20 PM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

    Log: 'System' Date/Time: 10/12/2011 10:30:16 PM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 10/12/2011 10:30:16 PM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 10/12/2011 10:14:49 PM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/12/2011 10:14:48 PM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

    Log: 'System' Date/Time: 10/12/2011 10:12:47 PM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 10/12/2011 10:12:47 PM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The DHCP Client service depends on the following nonexistent service: NetBT






    ------------------------------------------------------------------------------------------------

    ok couldnt find Uniblue Registry Booster or anything like that in Add/Remove Programs, and also couldnt find anything like that in Program Files...


    and about the virus name i dont have any clue... :( i didnt copy and paste it in so i could have gotten the spelling wrong. but it was effecting netbt.sys
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Unless you give me the time on the computer clock when the system freezes after logon, I can't tell which, if ant of the errors given are causing the problem.

    I think you need to re-configure the VNC software. This is not my forte, but you have assigned the RPC to TCP 135. The VNC default port is Port 5900. And you're using to see the desktop of a remote machine and control it with your local mouse and keyboard. You appear to indicate that this remote connection is between you home system and work system
     
  18. Johnh92

    Johnh92 TS Rookie Topic Starter

    yeah thats correct. i sometimes need to do things at work when im at home.

    but about the Uniblue Registry Booster? i cant find it anywhere. i on add/remove programs or program files.

    should i search my computer for files or folders with that name?
     
  19. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok so i restarted my computer lat night and it froze around 12:38am it has a few logs on the scan around that time so hopefully you can see what the problem is.

    but it froze while i was about to start a malware scan which it hasnt done before, not sure if that means anything.


    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 12/12/2011 10:51:59 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 12/12/2011 8:40:42 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 7829

    Log: 'Application' Date/Time: 12/12/2011 8:40:42 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 7829

    Log: 'Application' Date/Time: 12/12/2011 8:40:42 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second

    Log: 'Application' Date/Time: 12/12/2011 8:40:40 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 5875

    Log: 'Application' Date/Time: 12/12/2011 8:40:40 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 5875

    Log: 'Application' Date/Time: 12/12/2011 8:40:40 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second

    Log: 'Application' Date/Time: 12/12/2011 8:40:38 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 3922

    Log: 'Application' Date/Time: 12/12/2011 8:40:38 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 3922

    Log: 'Application' Date/Time: 12/12/2011 8:40:38 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second

    Log: 'Application' Date/Time: 12/12/2011 8:40:36 AM
    Type: error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 1954

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 12/12/2011 12:40:00 AM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 12/12/2011 12:40:00 AM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

    Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

    Log: 'System' Date/Time: 12/12/2011 12:35:17 AM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 12/12/2011 12:35:17 AM
    Type: error Category: 0
    Event: 7003 Source: Service Control Manager
    The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 11/12/2011 1:17:11 AM
    Type: error Category: 0
    Event: 7031 Source: Service Control Manager
    The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 11/12/2011 1:17:10 AM
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The iPod Service service terminated unexpectedly. It has done this 1 time(s).
     
  20. Johnh92

    Johnh92 TS Rookie Topic Starter

    ok after that i did a scam because my Malwarebytes will expire in 3 days so i did a scan just because. and it didnt find anything :)


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8313

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/12/2011 7:24:37 AM
    mbam-log-2011-12-12 (07-24-37).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 449082
    Time elapsed: 6 hour(s), 40 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  21. Johnh92

    Johnh92 TS Rookie Topic Starter

    back to my original problem,

    netbt.sys

    i thought i had fixed the problem with my internet browsing issues and then i found this website (below) and it had a paragraph which explained my problems perfectly

    "Can ping and search a remote computer but not browse it

    If you can see or search a remote computer in mixed OS (win98, ME, NT, W2K and XP) network, this is master browser issue. You may try to use browstat.exe from NT resource kit to check the master browser status. Or stop computer browser on w2k/xp.

    For consultants, refer to case 100903RL."

    and then down the very bottom of the page it has two paragraphs about netbt.sys and so i had a little play around and tried checking the status of my master browser how they said and so i did this in the command program and this is what happened

    "C:\Documents and Settings\Hunter family>nbtstat -RR
    Failed to access NetBT diver -- NetBT may not be loaded
    "

    just wondering what happened to my netbt.sys file when i cleaned it?

    http://http://www.chicagotech.net/browser.htm
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This looks like the problem- but I m not sure of the cause:
    Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
    Event: 7003 Source: Service Control Manager
    1. The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
    2. The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
    Event: 7000 Source: Service Control Manager
    The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. (Timed out)
    ------------------------------------------
    There is some problem with the RealVNC settings:It is running: c:\program files\RealVNC\VNC4\WinVNC4.exe:
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted.

    I am not familiar with this program, but the 2 references below should help you work through the settings and possible upgrade:
    http://www.realvnc.com/products/free/4.1/winvnc.html
    http://www.realvnc.com/products/free/4.1/winvnc.html#Upgrade> v4.1
    -

    I do think that this>"135:TCP"= 135:TCP:RPC< has been set by or for VNC and I don't think it's correct.
    ------------------------------------
    The 3 issues are all network related: WinVNC4, NetBT and BlueTooth. You said the network problem had been resolved.
    But the date for these errors are after you said this. I suggest you read the VNC info I left
    . Check the setting for that against what is on your system.
    You will use the path Start> Settings> Control Panel> Network Connections> right click> Propertien> Advanced tab.
    ==================================
    One other issue I saw in the Events:
    Bonjour has been set for some kind of Scheduled Task- it's not working. Why do you have this set for task?
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 3922
    Task Scheduling Error: m->NextScheduledEvent 5875
    Task Scheduling Error: Continuously busy for more than a second
    Whatever it is, it's not working. It also isn't needed. I don't know if it could cause interruption of the system, but I do recommend that you delete any Tasks you have scheduled for Bonjour:
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

    • To change the settings for a task: right-click the Task> click Properties> do any of the following:
      1. To change the schedule for the task, click the Schedule tab.
        (Since these are new, make sure the settings are configured as you want. Both as MSE/MSAntimalware related)
        c:\windows\Tasks\MP Scheduled Scan.job
        c:\windows\Tasks\MpIdleTask.job
      2. To customize the settings for the task,such as run time,idle time, power management options, click the Settings tab.
      3. To delete a task> right-click the task> click Delete.
        c:\windows\Tasks\RealUpgradeLogonTask
        c:\windows\Tasks\RealUpgradeScheduledTasks
      4. To prevent task from running until you run again>
        [o] right-click the task> Properties> On the General tab>
        [o] clear the Enabled check box> Select the check box again when you are ready to run it again.
      =====================================
      Removing all of the tools we used and the files and folders they created
      • Uninstall ComboFix and all Backups of the files it deleted
      • Click START> then RUN
      • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
        [​IMG]
      • Download OTCleanIt by OldTimer and save it to your Desktop.
      • Double click OTCleanIt.exe.
      • Click the CleanUp! button.
      • Select Yes when the "Begin cleanup Process?" prompt appears.
      • If you are prompted to Reboot during the cleanup, select Yes.
      • The tool will delete itself once it finishes.
      -----
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
      ------------------------------------------
      • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
      • Go to Start > All Programs > Accessories > System Tools
      • Click "System Restore".
      • Choose "Create a Restore Point" on the first screen then click "Next".
      • Give the Restore Point a name> click "Create".
      • Go back and follow the path to > System Tools.
        [*]Choose Disc Cleanup
        [*]Click "OK" to select the partition or drive you want.
        [*]Click the "More Options" Tab.
        [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


      Empty the Recycle Bin
      =====================================
      About this:
      I am not seeing any related Error for this in the Event Viewer. If it continues to be a problem, please start a new thread in our Win BSOD/Freezes. etc. Forum. Mention we have cleaned the system.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...