Win32.Malware-Gen infection

Solved
By UnWarierMage224
Jul 24, 2012
  1. Hello all,

    Win32:Malware-Gen was detected by Avast AV in the file cscrtify.dll. The file is currently quarantined.

    I have just run a scan with Spybot S&D with the latest update, and it has not found anything else.

    What are my next steps? Should I install MBAM given that the "5 step prelim" says: "DO NOT make any other changes to your computer (e.g. installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable that while we are in the cleaning process"

    Please help.

    -'Mage
  2. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    MBAM Log:


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.24.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    XXXXXX :: ANKUR [administrator]

    7/24/2012 1:30:30 PM
    mbam-log-2012-07-24 (13-30-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199583
    Time elapsed: 5 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-24 13:42:25
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHW2120BH rev.00850012
    Running: hmtreiqj.exe; Driver: C:\DOCUME~1\ANKURB~1\LOCALS~1\Temp\pgtdrpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF2080162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF207FFCD]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF2100744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  5. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    DDS.txt Contents:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by XXXXXX at 13:47:34 on 2012-07-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1433 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Prey\platform\windows\cronsvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [KeePass Password Safe 2] "c:\program files\keepass password safe 2\KeePass.exe"
    uRun: [F.lux] "c:\documents and settings\ankur bhargava\local settings\apps\f.lux\flux.exe" /noshow
    uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Dexpot] c:\program files\dexpot\dexpot.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\documents and settings\ankur bhargava\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\ankurb~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ankur bhargava\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\ankurb~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://qp2.sgu.edu/qp2.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309999922718
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{18BD7F53-F725-45BA-97FC-C12A493BE89F} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A3A362FE-089A-4A4C-8DBA-EE8CCFFE8469} : NameServer = 8.8.8.8,8.8.4.4
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\ankur bhargava\application data\mozilla\firefox\profiles\nmnwvjib.default\
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo (SSL)
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
    FF - plugin: c:\documents and settings\ankur bhargava\application data\mozilla\firefox\profiles\nmnwvjib.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
    FF - plugin: c:\documents and settings\ankur bhargava\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-6 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-30 353688]
    R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-8-12 17952]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 31704]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-30 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-30 44808]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1983232]
    R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
    R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [2011-12-20 17560]
    R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [2011-12-20 17560]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]
    S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-11-3 12184]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
    S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\drivers\cnnctfy2.sys --> c:\windows\system32\drivers\cnnctfy2.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 113120]
    S3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\netwlx32.sys --> c:\windows\system32\drivers\NETwLx32.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S4 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
    S4 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-3 428640]
    .
    =============== Created Last 30 ================
    .
    2012-07-24 17:29:23 -------- d-----w- c:\documents and settings\ankur bhargava\application data\Malwarebytes
    2012-07-24 17:29:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-07-24 17:29:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-24 17:29:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-15 15:00:32 -------- d-----w- c:\documents and settings\ankur bhargava\application data\Synaptics
    2012-07-15 14:58:05 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2012-07-15 14:58:05 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
    2012-07-15 14:58:05 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2012-07-15 14:58:05 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2012-07-15 14:58:05 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
    2012-07-15 14:57:35 -------- d-----w- c:\program files\Synaptics
    2012-07-15 14:57:35 -------- d-----w- c:\documents and settings\all users\application data\Synaptics
    2012-07-02 13:56:50 -------- d-----w- c:\documents and settings\ankur bhargava\application data\Mp3tag
    2012-07-02 13:56:37 -------- d-----w- c:\program files\Mp3tag
    .
    ==================== Find3M ====================
    .
    2012-07-24 17:44:35 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
    2012-07-17 12:09:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-17 12:09:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
    2012-06-23 19:46:24 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2008-04-14 00:12:28 60416 --sha-w- c:\windows\bricopacks\sysfiles\80_msimn.exe
    .
    ============= FINISH: 13:48:29.81 ===============
  6. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    Attach.txt Contents:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/12/2008 3:10:30 PM
    System Uptime: 7/24/2012 1:09:15 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0XD720
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1828/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 24 GiB total, 8.233 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    M: is FIXED (NTFS) - 87 GiB total, 45.567 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Modem Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&2973568E&0&0102
    Manufacturer:
    Name: Modem Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&2973568E&0&0102
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Beep
    Device ID: ROOT\LEGACY_BEEP\0000
    Manufacturer:
    Name: Beep
    PNP Device ID: ROOT\LEGACY_BEEP\0000
    Service: Beep
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Air Display Support
    Aire Freshener 2.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Display Driver (Omega 3.8.442)
    Auslogics Disk Defrag
    avast! Free Antivirus
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    CCleaner
    CDDRV_Installer
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    Dexpot
    Dropbox
    Eraser 6.0.8.2273
    eReg
    F.lux
    Foxit Reader
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    KeePass Password Safe 2.19
    KhalInstallWrapper
    Launchy 2.5
    Logitech SetPoint 6.32
    Logitech Webcam Software
    Magic DVD Ripper V6.1.0
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mp3tag v2.51
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Nero 7 Ultra Edition
    neroxml
    Notepad++
    Pack Vista Inspirat 2 1.0
    PeerBlock 1.1 (r518)
    PrimoPDF -- brought to you by Nitro PDF Software
    QuickTime
    Radeon Omega Drivers v4.8.442 Setup Files and Tools
    Rainmeter
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    SigmaTel Audio
    Skype Click to Call
    Skype™ 5.10
    Spybot - Search & Destroy
    SRS Audio Sandbox
    swMSM
    Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    Synaptics Pointing Device Driver
    SyncToy 2.1 (x86)
    TrueCrypt
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    VLC media player 2.0.1
    Vuze
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
    Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
    Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
    Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/19/2012 7:20:46 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/18/2012 6:44:27 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    7/18/2012 6:44:27 AM, error: Service Control Manager [7000] - The Logitech Beep Suppression Driver service failed to start due to the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    RKReport.txt:

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: XXXXX [Admin rights]
    Mode: Scan -- Date: 07/24/2012 15:48:45

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHW2120BH +++++
    --- User ---
    [MBR] 071e38409c4872cacdbb2611c3c9431c
    [BSP] 14cfc720bc56e06b47d963b901d2f121 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24999 Mo
    1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 51202048 | Size: 89472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    aswMBR.txt

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-24 15:49:12
    -----------------------------
    15:49:12.484 OS Version: Windows 5.1.2600 Service Pack 3
    15:49:12.500 Number of processors: 2 586 0xE08
    15:49:12.500 ComputerName: ANKUR UserName:
    15:49:13.140 Initialize success
    15:49:17.187 AVAST engine defs: 12072400
    16:00:00.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    16:00:00.187 Disk 0 Vendor: FUJITSU_MHW2120BH 00850012 Size: 114473MB BusType: 3
    16:00:00.203 Disk 0 MBR read successfully
    16:00:00.203 Disk 0 MBR scan
    16:00:00.203 Disk 0 Windows XP default MBR code
    16:00:00.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
    16:00:00.218 Disk 0 Partition - 00 05 Extended 89472 MB offset 51202048
    16:00:00.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 89471 MB offset 51204096
    16:00:00.234 Disk 0 scanning sectors +234440704
    16:00:00.296 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:00:11.031 Service scanning
    16:00:27.609 Modules scanning
    16:00:50.343 Disk 0 trace - called modules:
    16:00:50.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
    16:00:50.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6a7ab8]
    16:00:50.343 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a715f18]
    16:00:50.343 5 ACPI.sys[f733e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a714940]
    16:00:50.562 AVAST engine scan C:\WINDOWS
    16:00:53.250 AVAST engine scan C:\WINDOWS\system32
    16:02:53.453 AVAST engine scan C:\WINDOWS\system32\drivers
    16:03:08.125 AVAST engine scan C:\Documents and Settings\XXXX
    16:04:09.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\XXXX\Desktop\MBR.dat"
    16:04:09.781 The log file has been saved successfully to "C:\Documents and Settings\XXXX\Desktop\aswMBR.txt"

    A question: What are your findings so far?

    -'Mage
  9. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Not much so far.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    ComboFix Log

    ComboFix 12-07-25.04 - XXXX 07/24/2012 17:37:16.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT -4:00]
    Running from: c:\documents and settings\XXXX\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 17:29 . 2012-07-24 17:29 -------- d-----w- c:\documents and settings\XXXX\Application Data\Malwarebytes
    2012-07-24 17:29 . 2012-07-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-24 17:29 . 2012-07-24 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-24 17:29 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-15 15:00 . 2012-07-15 15:00 -------- d-----w- c:\documents and settings\XXXX\Application Data\Synaptics
    2012-07-15 14:58 . 2011-03-31 23:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2012-07-15 14:58 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
    2012-07-15 14:58 . 2011-03-31 23:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
    2012-07-15 14:58 . 2011-03-31 23:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2012-07-15 14:58 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2012-07-15 14:57 . 2012-07-15 14:58 -------- d-----w- c:\program files\Synaptics
    2012-07-15 14:57 . 2012-07-15 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Synaptics
    2012-07-02 13:56 . 2012-07-02 14:05 -------- d-----w- c:\documents and settings\XXXX\Application Data\Mp3tag
    2012-07-02 13:56 . 2012-07-02 13:56 -------- d-----w- c:\program files\Mp3tag
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-24 21:27 . 2012-05-05 19:02 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
    2012-07-17 12:09 . 2012-03-31 22:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-17 12:09 . 2011-09-04 01:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 16:21 . 2010-12-31 03:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2011-07-07 00:28 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2010-12-31 03:53 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2010-12-31 03:53 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2010-12-31 03:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-07-03 16:21 . 2010-12-31 03:53 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-07-03 16:21 . 2010-12-31 03:53 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-07-03 16:21 . 2010-12-31 03:53 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-07-03 16:21 . 2010-12-31 03:52 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2010-12-31 03:52 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-23 19:46 . 2011-11-03 14:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19 . 2008-08-13 01:01 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2008-08-13 01:01 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2008-08-12 19:04 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2008-08-12 19:04 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2008-08-12 19:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2008-08-13 01:01 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2008-08-13 01:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2008-08-12 19:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2008-08-12 19:04 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2008-08-13 01:01 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2008-08-12 19:04 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2008-08-12 19:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2011-07-07 00:52 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18 . 2011-07-07 00:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2008-08-12 19:02 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-20 14:58 . 2011-07-07 00:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2008-04-14 00:12 60416 --sha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    [-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [7] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\documents and settings\XXXX\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\documents and settings\XXXX\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\documents and settings\XXXX\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\documents and settings\XXXX\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KeePass Password Safe 2"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
    "F.lux"="c:\documents and settings\XXXX\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-05-17 481280]
    "Dexpot"="c:\program files\Dexpot\dexpot.exe" [2012-07-17 1392640]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
    "KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 55808]
    .
    c:\documents and settings\XXXX\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\XXXX\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-12-30 380928]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scrybe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scrybe.lnk
    backup=c:\windows\pss\Scrybe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^XXXX^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\XXXX\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^XXXX^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\XXXX\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^XXXX^Start Menu^Programs^Startup^Rainmeter.lnk]
    path=c:\documents and settings\XXXX\Start Menu\Programs\Startup\Rainmeter.lnk
    backup=c:\windows\pss\Rainmeter.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Air Display Support]
    2012-02-07 15:35 2556312 ----a-w- c:\program files\Avatron\Air Display\AirDisplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    2006-02-22 01:05 344064 ----a-w- c:\windows\system32\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    2010-11-05 03:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-07-08 23:56 136176 ----atw- c:\documents and settings\XXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-05-10 14:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2011-03-31 23:30 2221352 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "TryAndDecideService"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:Internet Connection Sharing (DHCP Server-In)
    "1317:UDP"= 1317:UDP:Internet Connection Sharing (DHCP Server-In, DS-Shifted)
    "68:UDP"= 68:UDP:Internet Connection Sharing (DHCPv4-In)
    "547:UDP"= 547:UDP:Internet Connection Sharing (DHCPv6-In)
    "53:UDP"= 53:UDP:Internet Connection Sharing (DNS Server-In)
    "1303:UDP"= 1303:UDP:Internet Connection Sharing (DNS Server-In, DS-Shifted)
    "6000:UDP"= 6000:UDP:Air Display UDP1
    "6002:UDP"= 6002:UDP:Air Display UDP2
    "6001:TCP"= 6001:TCP:Air Display TCP
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/6/2011 8:28 PM 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/30/2010 11:53 PM 353688]
    R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [8/12/2008 4:43 PM 17952]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 31704]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/30/2010 11:53 PM 21256]
    R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2/15/2011 12:01 PM 19968]
    R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [12/20/2011 10:33 AM 17560]
    R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [12/20/2011 10:33 AM 17560]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [9/2/2011 2:31 AM 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [9/2/2011 2:31 AM 12184]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 10:15 PM 136176]
    S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/3/2011 9:59 AM 12184]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
    S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 10:15 PM 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 11:10 AM 113120]
    S3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwLx32.sys --> c:\windows\system32\DRIVERS\NETwLx32.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    S4 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [5/27/2011 4:23 PM 1300264]
    S4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [3/3/2011 9:31 PM 428640]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-24 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-10 16:21]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 02:15]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 02:15]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1292428093-725345543-1003Core.job
    - c:\documents and settings\XXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-08 23:56]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1292428093-725345543-1003UA.job
    - c:\documents and settings\XXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-08 23:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: Interfaces\{A3A362FE-089A-4A4C-8DBA-EE8CCFFE8469}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\documents and settings\XXXX\Application Data\Mozilla\Firefox\Profiles\nmnwvjib.default\
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo (SSL)
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
    FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
    MSConfigStartUp-AcronisTimounterMonitor - c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
    MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
    AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
    AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-24 17:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1072)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    Completion time: 2012-07-24 17:45:16
    ComboFix-quarantined-files.txt 2012-07-24 21:45
    .
    Pre-Run: 8,622,596,096 bytes free
    Post-Run: 8,732,151,808 bytes free
    .
    - - End Of File - - 31ADD184C2F137C155D010DEF5B6C000
  11. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Not much there.

    Are you having any current issues?
     
  12. UnWarierMage224

    UnWarierMage224 Newcomer, in training Topic Starter Posts: 84

    No. Would it be OK to delete the file from quarantine and call this solved?

    Thank you so much for your help!

    - 'Mage
  13. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Yes, you can do that.
    Good luck :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.