TechSpot

Trojan/Virus PSW.GENERIC10.WX on WinXP

By stacia123
Jul 10, 2012
  1. This is for the WinXP (service pack 2) computer my husband and I share, but he uses it the most. We have ZoneAlarm firewall and antivirus but he apparently turned it off last week because he thought it was bogging down the system. Quickly he got a virus causing runtime errors, but he didn't realize it was a virus. He says he found a wiki online that said to do a system restore to 24 hours before to fix the runtime error, so on July 7 he did a system restore to July 6.

    The runtime error stopped, but programs like IrfanView and Xpilot would crash with an error that he said pointed to an Doctor Watson file. I don't know the name of the file, sorry.

    He turned on the ZoneAlarm antivirus and ran a scan, found 2 viruses but then ZoneAlarm crashed with the same error.

    At that point I took over. I installed AVG, ran it and it found 3 things, two trojans listed as PSW.GENERIC10.WX in C:\Documents and Settings and one "agent found virus" in C:\Windows\Installer. It removed them.

    I then ran Malwarebytes, updated of course. It found 7 things including one old avira uninstaller.

    I then ran GMER per instructions and got a log file. It was when I ran DDS that problems started. It bogged down the system terribly but I finally got the log files. Because the system was slow, I turned on AVG and the internet connection again and rebooted.

    The computer is now unbelievably slow. It was unusable until I uninstalled GMER, DDS and AVG. I realize now I shouldn't have done that per instructions here, but I had to get the computer working at least a little so I could get the logs, which I transferred to my computer which is working. His is too slow. We have ZoneAlarm activated on his computer now.

    Here are the logs:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.10.06

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    Edco :: TROGDOR [administrator]

    7/10/2012 6:18:55 AM
    mbam-log-2012-07-10 (06-31-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196266
    Time elapsed: 7 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

    Registry Values Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Edco\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n. -> No action taken.

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Downloads\installer_avast_uninstall_utility.exe (PUP.BundleInstaller.BT) -> No action taken.
    C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

    (end)
    ---------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-10 06:58:47
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 WDC_WD800BB-00JHC0 rev.05.01C05
    Running: xn8kfxu8.exe; Driver: C:\DOCUME~1\Edco\LOCALS~1\Temp\pxrdipob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF10E328E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF10E30F9]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
  2. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    Here are the rest of the logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
    Run by Edco at 7:28:16 on 2012-07-10
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.661 [GMT -6:00]
    .
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858003BC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857BADDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E8DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8577E84C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851AD564-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851BDA5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85792C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85517AE4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560C6F4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855366B4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85724C44-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85729054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8565255C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8572EB64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {850F7A5C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA39C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8567DB64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BC89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554E764-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85800A7C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E1B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B6DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8587F9A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856B77E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8575EDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D131C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A0DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523D9A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857475A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85018C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856D6B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85895DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85862884-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571234C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858752D4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8536DDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857EA804-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8486185C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D36DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856D52DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85501DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FD4C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85733C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856259BC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85713B34-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857716E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8514557C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8562344C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85564DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EBDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E1DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85586C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856F1AD4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8578C89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85862824-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851576DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85683A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85772344-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {84B0652C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560D374-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85142A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553089C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8578C654-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8513F564-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8576F5E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856FB89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B1FDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8572B054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8535AC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8589C054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8572F464-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E0C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85321C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856E572C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85393A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C0DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85641020-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8534989C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A6DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AF6DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85627C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858882A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8534F8F4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E277C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85389DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B1764-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B2804-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85549964-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A4AC4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856E5D74-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E1B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8561668C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854CEC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A5AEC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85701AA4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8588430C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8555C8EC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856E577C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8534AC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D0C84-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557589C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858972FC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856FDDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F9DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8576982C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551FDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F0DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F0B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85702A84-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553BDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85647DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E5BCC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85787DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B02DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560D7A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85756B44-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8570F8FC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855378EC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B97B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85734A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551BC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856F86E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8572C89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857A5C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D1B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560E2E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857563CC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A9444-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8514098C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530889C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E46DC-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85712DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F8A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571F57C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BEC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EF89C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8566DC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85308C3C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84C0FC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551BDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558E82C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858959BC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8589A724-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852D956C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85584DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853469A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E3DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856077D4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B7A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8570661C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85523DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550789C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85614054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8556C4E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8587765C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8574F644-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571F394-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85884A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856FBDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85322C3C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8574A464-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571FDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856EF8A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852277E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85715314-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571346C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85621C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85737054-FFA4-00DE-0D24-347CA8A3377C}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFFA.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uWindow Title = Internet Explorer Provided by Cox High Speed Internet
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [EPSON Artisan 50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffa.exe /fu "c:\windows\temp\E_S4B.tmp" /EF "HKCU"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [PCDrProfiler]
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
    mRun: [DeviceDiscovery] c:\program files\hp\digital imaging\bin\hpotdd01.exe
    mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    Trusted Zone: stentelasp.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
    DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\edco\application data\mozilla\firefox\profiles\vbont9td.default\
    FF - prefs.js: browser.startup.homepage - hxxps://server46.web-hosting.com:2083/frontend/x3/mail/webmailform.html?user=vinstem@fuzzyskeletonian.com&domain=fuzzyskeletonian.com
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-11 133208]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-11 612184]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-6-11 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-8-1 485808]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-5-3 526608]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]
    R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2012-6-11 53307]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
    S3 TTIUSB;TTIUSB;c:\windows\system32\drivers\2800.sys [2009-6-26 39448]
    .
    =============== Created Last 30 ================
    .
    2012-07-10 12:17:52 -------- d-----w- c:\documents and settings\edco\application data\Malwarebytes
    2012-07-10 12:17:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-07-10 12:17:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-10 12:17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-10 10:54:01 -------- d-----w- c:\documents and settings\edco\application data\AVG2012
    2012-07-10 10:51:35 -------- d--h--w- C:\$AVG
    2012-07-10 10:51:35 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-10 10:51:35 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2012-07-10 10:50:25 -------- d-----w- c:\program files\AVG
    2012-07-10 10:47:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2012-07-10 10:47:12 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2012-07-10 09:24:58 -------- d-----w- c:\program files\IrfanView4.33
    2012-07-07 09:11:34 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-07-07 09:11:34 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-06-11 11:16:37 -------- d-----w- c:\documents and settings\edco\application data\CheckPoint
    2012-06-11 11:15:46 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
    2012-06-11 11:15:44 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
    2012-06-11 11:10:45 -------- d-----w- c:\program files\CheckPoint
    2012-06-11 10:58:21 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-06-11 10:58:19 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
    2012-06-11 10:58:19 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
    2012-06-11 10:58:19 245376 ----a-w- c:\windows\system32\rt2500usb.sys
    2012-06-11 10:57:58 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
    2012-06-11 07:58:41 -------- d-----w- c:\documents and settings\edco\local settings\application data\Google
    2012-06-11 07:58:34 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-06-11 07:57:49 41184 ----a-w- c:\windows\avastSS.scr
    .
    ==================== Find3M ====================
    .
    2012-04-19 10:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    .
    ============= FINISH: 7:34:30.15 ===============



    -----------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/8/2006 3:37:14 AM
    System Uptime: 7/10/2012 6:50:14 AM (1 hours ago)
    .
    Motherboard: ECS | | Alhena
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 67 GiB total, 17.146 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 0.32 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A47103C&REV_10\4&B4B0D3&0&28A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A47103C&REV_10\4&B4B0D3&0&28A4
    Service: RTL8023xp
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    AVG 2012
    FileZilla Client 3.5.3
    Hotfix for Windows XP (KB943232)
    IrfanView (remove only)
    Linksys Wireless-G USB Network Adapter
    Malwarebytes Anti-Malware version 1.61.0.1400
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    ZoneAlarm Antivirus
    ZoneAlarm Firewall
    ZoneAlarm Free Antivirus + Firewall
    ZoneAlarm LTD Toolbar
    ZoneAlarm Security
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/6/2012 11:29:51 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    7/10/2012 7:00:21 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort4.
    7/10/2012 6:58:59 AM, error: atapi [9] - The device, \Device\Ide\IdePort4, did not respond within the timeout period.
    7/10/2012 4:41:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde
    7/10/2012 4:41:32 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    7/10/2012 4:40:16 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    .
    ==== End Of File ===========================
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Service Scanner
    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check "Include All Files" option.
      Press "Scan".
      It will create a log (FSS.txt) in the same directory the tool is run.
      Please copy and paste the log to your reply.
     
  4. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    There is no "Include All Files" option when I use FSS. The boxes are Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender. I checked them all and ran the program. Here's the log:

    Farbar Service Scanner Version: 08-07-2012
    Ran by Edco (administrator) on 10-07-2012 at 16:56:07
    Running from "C:\Documents and Settings\Edco\Desktop"
    Microsoft Windows XP Home Edition Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2004-08-03 22:00] - [2005-03-13 18:55] - 0359808 ____A (Microsoft Corporation) 0E66B538096A6529D1AC66E78EB0D5C8

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

    C:\WINDOWS\system32\ipnathlp.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

    C:\WINDOWS\system32\netman.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\srsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

    C:\WINDOWS\system32\Drivers\sr.sys
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

    C:\WINDOWS\system32\wscsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\wuauserv.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

    C:\WINDOWS\system32\qmgr.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

    C:\WINDOWS\system32\es.dll
    [2004-08-03 22:00] - [2005-07-25 22:39] - 0243200 ____A (Microsoft Corporation) 34BBD9ACC1538818F2C878898C64E793

    C:\WINDOWS\system32\cryptsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

    C:\WINDOWS\system32\svchost.exe
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2004-08-03 22:00] - [2005-07-25 22:39] - 0397824 ____A (Microsoft Corporation) CE94A2BD25E3E9F4D46A7373FF455C6D

    C:\WINDOWS\system32\services.exe
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


    Extra List:
    =======
    AegisP(18) Gpc(6) IPSec(4) kl2(19) NetBT(5) PSched(7) Tcpip(3)
    0x1400000013000000040000000100000002000000030000005A0000000D00000005000000060000000700000008000000090000000A0000000B0000000C0000000E0000000F000000100000001100000012000000


    **** End of log ****
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Thanks for the info.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  6. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    ComboFix reinstalled Microsoft Recovery, and while running I got the error that PEV.exe had to close.



    ComboFix 12-07-11.03 - Edco 07/11/2012 18:17:32.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.623 [GMT -6:00]
    Running from: c:\documents and settings\Edco\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {84B0652C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85018C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {850F7A5C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8572F464-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8486185C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B02DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B1FDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84B97B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84C0FC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8513F564-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8514098C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85142A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8514557C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851576DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A4AC4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A6DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A9444-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851AD564-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851BDA5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D131C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D36DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E46DC-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852277E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523D9A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852D956C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E1B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E1DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E3DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852E5BCC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530889C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85308C3C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85321C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85322C3C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853469A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8534989C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8534AC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8534F8F4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8535AC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8536DDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85389DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85393A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B1764-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B6DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B7A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854CEC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85501DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550789C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85517AE4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551BC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551BDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551FDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85523DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553089C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855366B4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855378EC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553BDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85549964-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554E764-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8555C8EC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85564DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8556C4E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557589C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85584DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85586C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558E82C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A0DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A5AEC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AF6DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B2804-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BC89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BEC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C0DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA39C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D0C84-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D1B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E0C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E1B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E277C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E8DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EBDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EF89C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F0B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F0DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F8A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F9DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FD4C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856077D4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560C6F4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560D374-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560D7A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560E2E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85614054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8561668C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85621C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8562344C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856259BC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85627C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85641020-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85647DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8565255C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8566DC1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8567DB64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85683A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856B77E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856D52DC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856D6B64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856E572C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856E577C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856E5D74-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856EF8A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856F1AD4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856F86E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856FB89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856FBDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856FDDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85701AA4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85702A84-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8570661C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8570F8FC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571234C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85712DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571346C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85713B34-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85715314-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571F394-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571F57C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8571FDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85724C44-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85729054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8572B054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8572C89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8572EB64-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85733C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85734A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85737054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857475A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8574A464-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8574F644-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857563CC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85756B44-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8575EDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8576982C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8576F5E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857716E4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85772344-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8577E84C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85787DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8578C654-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8578C89C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85792C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857A5C1C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857BADDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {857EA804-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858003BC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85800A7C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85862824-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85862884-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858752D4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8587765C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8587F9A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8588430C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85884A5C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858882A4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858959BC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85895DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858972FC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8589A724-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8589C054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
    AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Edco\WINDOWS
    c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
    c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\mfc40.dll.tmp
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-10 12:17 . 2012-07-10 12:17 -------- d-----w- c:\documents and settings\Edco\Application Data\Malwarebytes
    2012-07-10 12:17 . 2012-07-10 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-10 12:17 . 2012-07-10 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-10 12:17 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-10 10:51 . 2012-07-10 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2012-07-10 10:47 . 2012-07-10 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2012-07-10 10:47 . 2012-07-10 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2012-07-10 09:24 . 2012-07-10 09:24 -------- d-----w- c:\program files\IrfanView4.33
    2012-07-07 09:11 . 2012-07-07 09:11 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-07-06 20:20 . 2012-07-07 09:11 -------- d-----w- c:\documents and settings\NetworkService\UserData
    2012-07-02 08:08 . 2012-07-09 11:10 -------- d-----w- c:\documents and settings\Edco\Application Data\FileZilla
    2012-07-02 08:07 . 2012-07-02 08:08 -------- d-----w- c:\program files\FileZilla FTP Client
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-11 10:58 . 2012-06-11 10:58 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-09-29 06:53 . 2011-11-08 01:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "DeviceDiscovery"="c:\program files\HP\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
    "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-26 180269]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-26 27136]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/11/2012 1:58 AM 612184]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/11/2012 5:15 AM 11352]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4/30/2012 1:05 PM 27016]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4/30/2012 1:05 PM 497280]
    R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [6/11/2012 4:58 AM 53307]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 5:43 PM 253600]
    S3 TTIUSB;TTIUSB;c:\windows\system32\drivers\2800.sys [6/26/2009 12:34 AM 39448]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    Trusted Zone: stentelasp.com
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
    FF - ProfilePath - c:\documents and settings\Edco\Application Data\Mozilla\Firefox\Profiles\vbont9td.default\
    FF - prefs.js: browser.startup.homepage - hxxps://server46.web-hosting.com:2083/frontend/x3/mail/webmailform.html?user=vinstem@fuzzyskeletonian.com&domain=fuzzyskeletonian.com
    FF - prefs.js: network.proxy.type - 2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    HKLM-Run-PCDrProfiler - (no file)
    HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
    HKLM-Run-ISW - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-11 18:43
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2767710762-64048445-859643990-1011\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2767710762-64048445-859643990-1011\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D0357A0-2972-D234-75B5-5A3930179FC9}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iahgipmmjbmhdjhifb"=hex:6a,61,65,6c,66,6a,67,6a,6b,67,67,65,6b,68,6b,6a,6b,63,
    67,64,00,f2
    "habhklfefjjaoglj"=hex:6a,61,63,6c,70,68,6d,69,6f,6f,6f,61,65,62,6d,6e,61,6c,
    68,64,00,d0
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(944)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'lsass.exe'(1004)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2012-07-11 18:48:09
    ComboFix-quarantined-files.txt 2012-07-12 00:48
    .
    Pre-Run: 18,646,261,760 bytes free
    Post-Run: 18,701,787,136 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 58B6AF4778029A463AC23308156DD07C
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check the following options: Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  8. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    Farbar Service Scanner Version: 08-07-2012
    Ran by Edco (administrator) on 12-07-2012 at 15:04:56
    Running from "C:\Documents and Settings\Edco\Desktop"
    Microsoft Windows XP Home Edition Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2004-08-03 22:00] - [2005-03-13 18:55] - 0359808 ____A (Microsoft Corporation) 0E66B538096A6529D1AC66E78EB0D5C8

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

    C:\WINDOWS\system32\ipnathlp.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

    C:\WINDOWS\system32\netman.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\srsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

    C:\WINDOWS\system32\Drivers\sr.sys
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

    C:\WINDOWS\system32\wscsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\wuauserv.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

    C:\WINDOWS\system32\qmgr.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

    C:\WINDOWS\system32\es.dll
    [2004-08-03 22:00] - [2005-07-25 22:39] - 0243200 ____A (Microsoft Corporation) 34BBD9ACC1538818F2C878898C64E793

    C:\WINDOWS\system32\cryptsvc.dll
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

    C:\WINDOWS\system32\svchost.exe
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2004-08-03 22:00] - [2005-07-25 22:39] - 0397824 ____A (Microsoft Corporation) CE94A2BD25E3E9F4D46A7373FF455C6D

    C:\WINDOWS\system32\services.exe
    [2004-08-03 22:00] - [2004-08-03 22:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


    Extra List:
    =======
    AegisP(18) Gpc(6) IPSec(4) kl2(19) NetBT(5) PSched(7) Tcpip(3)
    0x1400000013000000040000000100000002000000030000005A0000000D00000005000000060000000700000008000000090000000A0000000B0000000C0000000E0000000F000000100000001100000012000000


    **** End of log ****
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  10. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    It's telling me that another antivirus program was detected which might affect the quality. Am I supposed to turn off my antivirus (ZoneAlarm)?
     
  11. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    Since I didn't get an answer, I turned off the antivirus part of ZoneAlarm and ran the scan. Then when the scan was downloaded and updated and all, I disconnected the internet connection just to be safe since no antivirus was running. The scan is only 41% done but it already found sirefef, which it seems like everyone has been hit with lately. Will post logs later tonight.
     
  12. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=5da643e50a80cb4db93d205d315170f5
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-13 05:16:15
    # local_time=2012-07-13 11:16:15 (-0600, Central Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16776869 100 13 1846470 6019380 0 0
    # scanned=125726
    # found=6
    # cleaned=6
    # scan_time=18387
    C:\Qoobox\Quarantine\C\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP1388\A0511396.exe Win32/Toggle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\I386\APPS\APP21550\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\I386\APPS\APP21550\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP1392\A0514028.exe a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP1392\A0514029.exe a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Those were only detected in quarantine and System Restore. No biggie.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  14. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    ANY MORE ISSUES?!

    My system is supposed to be fixed now? It's not! At no point in this process have I seen any improvement.

    The computer is still as slow as when I started, and programs are still crashing with errors. They're not runtime errors but "Windows has encountered a problem" errors.
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     
  17. stacia123

    stacia123 TS Rookie Topic Starter Posts: 21

    You can close this thread. Thanks.
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    This thread will be closed. Please make sure to run the following to remove the tools that we used to cleanup malware:

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...