Inactive Attn Bobbye: Browser redirects, second PC

L

Llanonite

Posts: 15   +0
These are the logs from my second pc.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4790

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/10/2010 10:07:44 AM
mbam-log-2010-10-10 (10-07-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 225565
Time elapsed: 38 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-10 11:37:37
Windows 5.1.2600 Service Pack 2
Running: kjjs1747.exe; Driver: C:\DOCUME~1\Mickey\LOCALS~1\Temp\uxrdypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAD2D3CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAD2D3BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAD2D4160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAD2D408A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAD2D3782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAD2D3C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAD2D36C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAD2D3726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAD2D3DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAD2D422E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAD2D3D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAD2D3EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAD2E0BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAD2E09D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAD2E0B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80582EA6 7 Bytes JMP AD2E0B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9E9E 7 Bytes JMP AD2E09D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP AD2DC5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP AD2DDFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP AD2E0BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINNT\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99BC000, 0x1C8292, 0xE8000020]
init C:\WINNT\system32\drivers\Senfilt.sys entry point in "init" section [0xAD6D5A00]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1320] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\system32\services.exe[652] @ C:\WINNT\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINNT\system32\services.exe[652] @ C:\WINNT\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)
Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-10-10.03) - NTFSx86
Run by Mickey at 11:47:03.32 on Sun 10/10/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1507 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINNT\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
svchost.exe
D:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINNT\system32\DVDRAMSV.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Mickey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\RAMASST.exe
C:\Documents and Settings\Mickey\Start Menu\Programs\Startup\point32.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Mickey\Desktop\Viruscan\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\documents and settings\mickey\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [mouse] d:\program files\microsoft hardware\mouse\point32.exe
mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [\\DEBBIESPC\EPSON Stylus Photo R300 Series] c:\winnt\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p42 "\\debbiespc\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [B'sCLiP] d:\progra~1\b'scli~1\win2k\BSCLIP.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Auto EPSON Stylus Photo R300 Series on DEBBIES] c:\winnt\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p46 "auto epson stylus photo r300 series on debbies" /o17 "\\debbies\Printer" /M "Stylus Photo R300"
mRun: [\\DEBBIES\EPSON Stylus Photo R300 Series] c:\winnt\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p40 "\\debbies\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [Picasa Media Detector] d:\program files\picasa2\PicasaMediaDetector.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\documents and settings\mickey\start menu\programs\startup\point32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\winnt\system32\RAMASST.exe
IE: Download Link Using DownloadStudio... - d:\program files\conceiva\downloadstudio\ds_file.htm
IE: Download List Of Files Using DownloadStudio... - d:\program files\conceiva\downloadstudio\ds_list.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Subscribe To RSS/Podcast Using DownloadStudio... - d:\program files\conceiva\downloadstudio\ds_rss.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280593758765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193685829185
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - d:\program files\yamaha\midradio player\MidRadio.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mickey\applic~1\mozilla\firefox\profiles\qcjh6jt1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 12080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\mickey\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\mickey\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\mickey\application data\mozilla\firefox\profiles\qcjh6jt1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\mickey\application data\mozilla\firefox\profiles\qcjh6jt1.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\mickey\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\mickey\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\mickey\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\program files\adobe\acrobat 6.0\acrobat\browser\nppdf32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPRiff.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\winnt\system32\drivers\BsStor.sys [2006-11-21 9344]
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [2010-7-24 165584]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2010-7-24 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-24 40384]
R2 BsUDF;B.H.A UDF Filesystem;c:\winnt\system32\drivers\BsUDF.sys [2010-4-25 441856]
R2 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [2007-11-6 34064]
R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [2008-10-1 2368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-24 40384]
R3 HCW848NT;Hauppauge Win/TV;c:\winnt\system32\drivers\hcw848nt.sys [2009-5-12 140440]
S1 oreans32;oreans32;\??\c:\winnt\system32\drivers\oreans32.sys --> c:\winnt\system32\drivers\oreans32.sys [?]
S2 gupdate1c9ccc0364d47d2;Google Update Service (gupdate1c9ccc0364d47d2);c:\program files\google\update\GoogleUpdate.exe [2009-5-4 133104]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\winnt\system32\drivers\ousbehci.sys [2005-11-12 42752]
S3 epmntdrv;epmntdrv;c:\winnt\system32\epmntdrv.sys [2010-8-1 13192]
S3 EuGdiDrv;EuGdiDrv;c:\winnt\system32\EuGdiDrv.sys [2010-8-1 8456]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2005-11-12 55680]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\winnt\system32\drivers\philcam1.sys [2007-7-5 75776]
S4 hpdj00;hpdj00;c:\docume~1\mickey\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp officejet 4200 series -product=aio --> c:\docume~1\mickey\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp officejet 4200 series -product=aio [?]

=============== Created Last 30 ================

2010-09-24 22:02:45 98304 ----a-w- c:\winnt\system32\IMC32.ACM
2010-09-24 22:02:44 391168 ----a-w- c:\winnt\system32\I263_32.DRV

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:\winnt\avastSS.scr
2010-08-15 13:02:06 87608 ----a-w- c:\docume~1\mickey\applic~1\inst.exe
2010-08-15 13:02:06 47360 ----a-w- c:\docume~1\mickey\applic~1\pcouffin.sys
2010-08-05 14:31:04 73728 ----a-w- c:\winnt\system32\javacpl.cpl
2010-08-05 14:31:04 423656 ----a-w- c:\winnt\system32\deployJava1.dll
2010-08-02 18:10:16 40993883 ----a-w- c:\winnt\system32\MySlideshow.scr
2005-05-13 23:12:00 217073 -csha-r- c:\winnt\meta4.exe
2005-10-24 17:13:58 66560 -csha-r- c:\winnt\MOTA113.exe
2005-10-14 03:27:00 422400 -csha-r- c:\winnt\x2.64.exe
2008-12-21 21:46:54 351744 --sha-w- c:\winnt\system32\avisynth.dll
2005-06-26 20:32:28 616448 --sha-w- c:\winnt\system32\cygwin1.dll
2005-06-22 03:37:42 45568 --sha-w- c:\winnt\system32\cygz.dll
2004-01-25 06:00:00 70656 --sha-w- c:\winnt\system32\i420vfw.dll
2006-04-27 15:24:24 2945024 --sha-w- c:\winnt\system32\Smab.dll
2005-02-28 18:16:22 240128 --sha-w- c:\winnt\system32\x.264.exe
2004-01-25 06:00:00 70656 --sha-w- c:\winnt\system32\yv12vfw.dll

============= FINISH: 11:47:39.82 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2007 3:53:46 PM
System Uptime: 10/10/2010 11:41:15 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2R32-MVP
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3006/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3006/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 4.199 GiB free.
D: is FIXED (NTFS) - 102 GiB total, 18.29 GiB free.
E: is FIXED (NTFS) - 112 GiB total, 34.948 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&12AA6A69&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&12AA6A69&0&0001
Service:

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&258F370F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&258F370F&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\177439C11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\177439C11D800
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ROOT\IMAGEDRV\0000
Manufacturer: Unknown Manufacturer
Name: SCSI/RAID Host Controller
PNP Device ID: ROOT\IMAGEDRV\0000
Service: Imagedrv

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: Imagedrv

==== System Restore Points ===================

RP562: 8/16/2010 12:46:59 PM - Software Distribution Service 3.0
RP563: 10/6/2010 12:14:16 PM - Software Distribution Service 3.0
RP564: 10/7/2010 10:42:24 AM - Software Distribution Service 3.0

==== Installed Programs ======================

4200
4200_Help
4200Tour
4200Trb
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0.1
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
American Airlines TravelDesk
AP Tuner 3.08
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
AudibleManager
Auto Gordian Knot 2.55
AutoUpdate
avast! Free Antivirus
AviSynth 2.5
Azureus
B's CLiP
BioShock
BufferChm
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Codec Pack - All In 1 6.0.2.6
Cool & Quiet
Copy
COWON S9 User's Guide
Creative Mass Storage Drivers
Creative System Information
CreativeProjects
CreativeProjectsTemplates
CryEngine(R)2 Sandbox(TM)2
CueTour
Delta Flight Schedules
Delta Force
Delta Force 2
Destinations
Director
DivX
DocProc
DocumentViewer
Doom 3
DriveImage XML
Dual-Core Optimizer
DVD-RAM Driver
DVD Decrypter (Remove Only)
DVDFab 7.0.9.3 (08/08/2010)
EASEUS Partition Master 6.0.1 Home Edition
Far Cry 2
Fax
FLV Player 1.3.3
Free Mp3 Wma Converter V 1.5.3
Free Window Registry Repair
Giveio (remove only)
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GTK+ Runtime Environment 2.2.4.1
Guitar Shed
HandBrake 0.9.3
Hauppauge WinTV2000
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
ImageDrive (Ahead Software)
InstantShare
InterVideo WinDVD 4
IrfanView (remove only)
IsoBuster 1.8
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
JMB36X Raid Configurer
Joint Operations: Escalation
Joint Operations: International Conflict Mod
Joint Operations: Typhoon Rising
Magic DVD Ripper V5.4.2
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MediaMonkey 3.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser and SDK
Move Media Player
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MWSnap 3
Nero - Burning Rom (Web installer)
NetworkActiv Sniffer 1.4
News Rover
nLite 1.4.1
NVIDIA Drivers
OpenAL
overland
PC Inspector File Recovery
PC Probe II
PhotoGallery
Photomatix Pro version 3.2
Picasa 2
PixiePack Codec Pack
Player
Power Tab Editor 1.7
PowerISO
PrintScreen
ProductContext
PunkBuster for Joint Operations: Typhoon Rising
PunkBuster Services
QFolder
QuickCam Drivers
QuickProjects
QuickTime
Readme
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
RealUpgrade 1.0
RivaTuner v2.06
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923810)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SkinsHP1
SoulSeek 157 NS 13c
SoulSeek Client 156c
SoundMAX
System Requirements Lab
TMPGEnc 4.0 XPress Trial Version
TMPGEnc DVD Author 1.5
TrayApp
TreeSize Free V1.77
Tunebite
TurboCAD Learning Edition
UltraISO V7.25 ME
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
Ventrilo Client
Virtual Cable Tester
WebFldrs XP
WebReg
What's Running 2.1
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPcap 4.0.2
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
YAMAHA MidRadio Player

==== Event Viewer Messages From Past Week ========

10/6/2010 5:23:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D606E5AE4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/6/2010 11:59:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imagedrv oreans32
10/6/2010 11:59:43 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/6/2010 11:59:43 AM, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/6/2010 11:59:43 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
10/6/2010 11:59:43 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/6/2010 11:59:43 AM, error: Service Control Manager [7000] - The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/10/2010 9:22:57 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
10/10/2010 9:22:57 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/10/2010 9:22:57 AM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2010 9:22:57 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
I'm going to have the Moderator separate this thread for the 2nd PC, from Reply 18 on, with same subject. It's too much to try and scroll through multiple logs for multiple PCs. After he moves it, he'll close this thread and I'll pick up the new one.
 
Please disregard. I'll be gone from home for the next four weeks and won't be able to work on them. I'll try to resume when I return home.
Thanks
 
Please send me a PM when you return. I'll close this thread for now to make sure no posts go on it. I can reopen it when you return.
 

Similar threads

A
A clever trick turns antivirus software into unstoppable data wiping scourges
Replies
1
Views
774
johnhzzz16
J
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
P
Solved PC is reinfecting or some bootkit
2
Replies
27
Views
9K
Broni
Broni

Latest posts

Back