Inactive Please help me clean out trojan horse crypt aqlw

[daps]

Avg keeps popping up... i have been running super anti spy, malwarebites , spybot,

 

[Bobbye]

If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[daps]

thank you.... here it is

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
COREY [administrator]

Protection: Enabled

4/3/2012 3:06:47 PM
mbam-log-2012-04-03 (15-06-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208345
Time elapsed: 37 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-03 16:51:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-75GVC0 rev.08.02D08
Running: 53qi0z0g.exe; Driver: C:\DOCUME~1\COREYS~1\LOCALS~1\Temp\fxtdqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2224
Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 3044

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Corey at 16:03:24 on 2012-04-03
.
============== Running Processes ===============
.
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\notepad.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\WINDOWS\system32\notepad.exe
\\.\globalroot\SystemRoot\system32\svchost.exe
\??\C:\Program Files\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\corey sousa\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: pearsoned.com\myitlab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148952974625
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v46/wof/wof.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://pay.smartbuslive.com/cab/OCXChecker_8000.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.18.39/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.arcadetown.com/swf/feedingfrenzy/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5253/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\corey sousa\application data\mozilla\firefox\profiles\v58hfcua.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? CCCP106;CIF USB Camera (2110A)
R? KLIF;Kaspersky Lab Driver
R? Lbd;Lbd
R? MAC607;MAC607 Filter
R? MR97310_VGA_DUAL_CAMERA;VGA Dual Camera
R? NAVENG;NAVENG
R? NAVEX15;NAVEX15
R? NielGfx;Nielsen USB GFX
R? nielprt;Nielsen Patch Service
R? RAPIProtocol;Imonitor
R? samhid;samhid
R? SAVRT;SAVRT
R? SAVRTPEL;SAVRTPEL
R? SCREAMINGBDRIVER;Screaming Bee Audio
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? kl1;kl1
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? vToolbarUpdater10.2.0;vToolbarUpdater10.2.0
.
=============== Created Last 30 ================
.
2012-04-03 19:03:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 19:03:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 03:26:29 -------- d-----w- c:\documents and settings\corey\application data\Malwarebytes
2012-04-03 03:26:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-02 19:12:32 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-01 06:48:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-31 21:43:48 -------- d-----w- c:\documents and settings\corey\local settings\application data\MSRebar
2012-03-24 17:49:36 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-24 17:49:36 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-13 16:51:31 -------- d-----w- c:\documents and settings\all users\application data\FreeRIP
.
==================== Find3M ====================
.
2012-04-03 18:39:04 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-03 18:39:03 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-03-21 17:07:41 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-03-21 17:07:41 104 --sh--r- c:\windows\system32\D60E6D8FB6.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16:07:22.67 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/22/2005 6:29:09 PM
System Uptime: 4/3/2012 2:55:03 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC666
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 79.332 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP556: 1/4/2012 4:25:24 PM - System Checkpoint
RP557: 1/5/2012 4:41:18 PM - System Checkpoint
RP558: 1/6/2012 7:14:18 PM - System Checkpoint
RP559: 1/7/2012 8:36:20 PM - System Checkpoint
RP560: 1/9/2012 9:56:06 PM - System Checkpoint
RP561: 1/10/2012 10:14:02 PM - Software Distribution Service 3.0
RP562: 1/13/2012 5:01:26 PM - System Checkpoint
RP563: 1/15/2012 9:50:20 PM - System Checkpoint
RP564: 1/19/2012 8:49:14 PM - Software Distribution Service 3.0
RP565: 1/20/2012 9:12:53 PM - System Checkpoint
RP566: 1/22/2012 6:06:12 PM - System Checkpoint
RP567: 1/23/2012 9:02:10 PM - System Checkpoint
RP568: 1/24/2012 12:49:17 AM - Software Distribution Service 3.0
RP569: 1/27/2012 4:02:30 PM - System Checkpoint
RP570: 1/28/2012 6:51:08 PM - System Checkpoint
RP571: 2/1/2012 2:04:07 PM - System Checkpoint
RP572: 2/3/2012 1:08:27 PM - System Checkpoint
RP573: 2/6/2012 5:27:44 PM - System Checkpoint
RP574: 2/8/2012 3:00:32 PM - System Checkpoint
RP575: 2/10/2012 3:36:32 PM - System Checkpoint
RP576: 2/12/2012 2:54:02 PM - System Checkpoint
RP577: 2/15/2012 12:42:26 AM - System Checkpoint
RP578: 2/16/2012 3:00:22 PM - Software Distribution Service 3.0
RP579: 2/18/2012 7:12:50 PM - System Checkpoint
RP580: 2/19/2012 7:43:42 PM - System Checkpoint
RP581: 2/20/2012 9:10:42 PM - System Checkpoint
RP582: 2/22/2012 2:10:50 PM - System Checkpoint
RP583: 2/24/2012 9:32:45 PM - System Checkpoint
RP584: 2/26/2012 9:04:29 PM - System Checkpoint
RP585: 2/28/2012 5:39:27 PM - System Checkpoint
RP586: 3/1/2012 4:39:39 PM - System Checkpoint
RP587: 3/2/2012 9:24:49 PM - System Checkpoint
RP588: 3/4/2012 7:26:49 PM - System Checkpoint
RP589: 3/5/2012 9:44:23 PM - System Checkpoint
RP590: 3/7/2012 12:35:05 AM - System Checkpoint
RP591: 3/9/2012 3:47:02 PM - System Checkpoint
RP592: 3/10/2012 4:43:37 PM - System Checkpoint
RP593: 3/10/2012 6:55:41 PM - Removed AOLIcon
RP594: 3/12/2012 7:34:51 PM - System Checkpoint
RP595: 3/14/2012 12:37:17 PM - Software Distribution Service 3.0
RP596: 3/16/2012 9:47:18 AM - System Checkpoint
RP597: 3/17/2012 1:28:33 PM - System Checkpoint
RP598: 3/18/2012 6:43:54 PM - System Checkpoint
RP599: 3/20/2012 3:18:51 PM - System Checkpoint
RP600: 3/21/2012 10:19:07 PM - System Checkpoint
RP601: 3/23/2012 6:01:51 PM - System Checkpoint
RP602: 3/25/2012 12:22:07 PM - System Checkpoint
RP603: 3/27/2012 12:07:36 AM - System Checkpoint
RP604: 3/28/2012 9:13:01 AM - System Checkpoint
RP605: 3/29/2012 10:17:31 PM - System Checkpoint
RP606: 3/31/2012 11:23:01 AM - System Checkpoint
RP607: 4/2/2012 1:43:00 AM - System Checkpoint
RP608: 4/3/2012 1:47:07 AM - System Checkpoint
RP609: 4/3/2012 2:34:24 PM - Removed FreeRIP Toolbar v5.1.
RP610: 4/3/2012 2:40:52 PM - Removed IHA_MessageCenter
.
==== Installed Programs ======================
.
$APPNAME> 2.31
µTorrent
32 Bit HP CIO Components Installer
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
AIM 7
Aimersoft DVD Copy(Build 2.5.0.3)
Any Video Converter 3.2.2
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft VideoImpression 1.6
AVG 2012
AviSynth 2.5
Bonjour
BufferChm
CCScore
CDBurnerXP
Conexant D850 56K V.9x DFVc Modem
Convert MP4 to MP3 1.5
Copy
Dell Digital Jukebox Driver
DellSupport
Destinations
DeviceDiscovery
Digital Content Portal
Digital Line Detect
DJ_AIO_05_F4400_Software_Min
EasyRECORD EasyRECORDPlay 1.67.00.00
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
F4400
fflink
FL Studio 9
Freecorder 5
GameRanger
GGE909 PC Recoil Pad
Glary Utilities 2.39.0.1310
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2633952)
HP Imaging Device Functions 13.0
HP Smart Web Printing 4.60
HP Update
HP USB Disk Storage Format Tool
hpPrintProjects
hpWLPGInstaller
IL Download Manager
ImgBurn
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-01-10
iPod for Windows 2006-06-28
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 6.9.0
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LockHunter version 1.0 beta 3, 32 bit edition
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Morpheus Photo Morpher v3.00
Mozilla Firefox 11.0 (x86 en-US)
MRU-Blaster v1.5 (Database 3/28/2004)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
OfficeSharedAddInSetup
OfotoXMI
OpenOffice.org 2.3
PeerBlock 1.1 (r518)
PoiZone
PokerStars
PowerDVD 5.5
QuickTime
Replay Media Catcher
Ringtonesia HTC Touch Pro2 Maker 3
Sakura
Sawer
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
SFR
SHASTA
skin0001
SKINXSDK
Smart PDF Converter 6.3.0.467
SmartWebPrinting
SnctionedMed
SpywareBlaster 4.5
staticcr
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2641690)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Verizon Help and Support Tool
VGA Dual Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Vz In Home Agent
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/3/2012 4:01:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
4/3/2012 3:39:22 PM, error: Service Control Manager [7023] - The SrvcEKIOMngr service terminated with the following error: Access is denied.
4/3/2012 3:24:11 PM, error: Service Control Manager [7023] - The Btwaudio service terminated with the following error: Access is denied.
4/3/2012 3:09:11 PM, error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: Access is denied.
4/3/2012 3:08:18 PM, error: Service Control Manager [7023] - The Imonitor service terminated with the following error: Access is denied.
4/3/2012 2:57:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde KLIF Lbd SYMTDI szkg
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The ZuneWlanCfgSvc service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Wmconnectcds service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Vpcnfltr service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Vaiomediaplatform-musicserver-appserver service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The TcUsb service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The SRS_SSCFilter service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The S3psddr service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Rslinxng service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Rollbackclientservice service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Pivotmou service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Pdlnctdl service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Oraclexeclragent service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The NWSNS service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Gameenum service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Fingrd32 service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Clisvc service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Amsmpu4p service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Aexnsclienttransport service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7023] - The Acprfmgrsvc service terminated with the following error: The specified module could not be found.
4/3/2012 2:57:13 PM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the file specified.
4/3/2012 2:39:32 PM, error: Service Control Manager [7023] - The Gameenum service terminated with the following error: Access is denied.
4/3/2012 2:36:53 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/3/2012 2:25:35 PM, error: Service Control Manager [7023] - The Vpcnfltr service terminated with the following error: Access is denied.
4/3/2012 11:50:48 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/3/2012 11:13:32 AM, error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: Access is denied.
4/3/2012 10:58:24 AM, error: Service Control Manager [7023] - The Pdlnctdl service terminated with the following error: Access is denied.
4/3/2012 10:43:27 AM, error: Service Control Manager [7023] - The Pivotmou service terminated with the following error: Access is denied.
.
==== End Of File ===========================

 

[daps]

i also uninstalled everything mentioned up top before doing the removal process

 

[Bobbye]

What did you uninstall "up top"?

This malware is one of the newer variants of ZeroAccess. Please follow the scans below in the order I've given them:
-------------------
Download aswMBR to your desktop.

• Double click the aswMBR.exe to run it.
• Click the "Scan" button to start scan:
• On completion of the scan click "Save log", save it to your desktop
• Post in your next reply:

Note: NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
========================================
Bootkit Remover:

Download Bootkit Remover.zip and save to your desktop.

1. Extract (unzip) the file
2. Double-click on the boot cleaner.exe file to run the program.
   (Vista/7 users,right click on remover.exe and click Run As Administrator.)
3. You will see a black screen with data
4. Right click on the screen and click Select All.
5. Press CTRL+C
6. Open a Notepad and press CTRL+V
7. Paste the output in your next reply.

=================================================
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================================
Please read all of the directions carefully. If you have any problem, STOP and tell me about it. DO NOT do a System Restore if you can't make something work!!

 

[daps]

super anti spy, malwarebites , spybot, were the programs i uninstalled before beginning the cleaning process i have one question after the "aswmbr" scan am i clicking fix after scan completion?

 

[daps]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 11:56:16
-----------------------------
11:56:16.046 OS Version: Windows 5.1.2600 Service Pack 3
11:56:16.046 Number of processors: 1 586 0x401
11:56:16.046 ComputerName: COREY UserName:
11:56:16.593 Initialize success
11:57:37.437 AVAST engine defs: 12040400
11:57:50.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:57:51.000 Disk 0 Vendor: WDC_WD1600JB-75GVC0 08.02D08 Size: 152587MB BusType: 3
11:57:51.046 Disk 0 MBR read successfully
11:57:51.062 Disk 0 MBR scan
11:57:51.109 Disk 0 unknown MBR code
11:57:51.125 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:57:51.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149134 MB offset 80325
11:57:51.203 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3412 MB offset 305508105
11:57:51.218 Disk 0 scanning sectors +312496380
11:57:51.312 Disk 0 scanning C:\WINDOWS\system32\drivers
11:58:05.781 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Rootkit-gen [Rtk]
11:58:13.734 Disk 0 trace - called modules:
11:58:13.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86d55fd0]<<
11:58:13.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f99ab8]
11:58:13.890 3 CLASSPNP.SYS[f7666fd7] -> nt!IofCallDriver -> [0x86f73f08]
11:58:13.921 \Driver\00000593[0x86df9788] -> IRP_MJ_CREATE -> 0x86d55fd0
11:58:14.500 AVAST engine scan C:\WINDOWS
11:58:24.640 AVAST engine scan C:\WINDOWS\system32
11:58:26.859 File: C:\WINDOWS\system32\adminserver.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:58:28.656 File: C:\WINDOWS\system32\asyncmac.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:58:39.328 File: C:\WINDOWS\system32\cmuda3.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:58:42.203 File: C:\WINDOWS\system32\coste.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:58:43.984 File: C:\WINDOWS\system32\cwafreportscheduler.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:09.546 File: C:\WINDOWS\system32\dvpapi.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:12.062 File: C:\WINDOWS\system32\elosystemservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:37.406 File: C:\WINDOWS\system32\issvc.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:37.890 File: C:\WINDOWS\system32\iwebcal.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:46.687 File: C:\WINDOWS\system32\LHidUsbK.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:50.437 File: C:\WINDOWS\system32\lvmvdrv.dll **INFECTED** Win32:Sirefef-SM [Trj]
11:59:57.609 File: C:\WINDOWS\system32\mouclass.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:00:11.531 File: C:\WINDOWS\system32\mssql$microsoftbcm.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:00:23.343 File: C:\WINDOWS\system32\nmwcd.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:00:27.500 File: C:\WINDOWS\system32\nwrdr.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:00:32.281 File: C:\WINDOWS\system32\pdlnemsg.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:00:46.046 File: C:\WINDOWS\system32\rspndr.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:00:52.312 File: C:\WINDOWS\system32\shellhwdetection.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:01:07.031 File: C:\WINDOWS\system32\usbaudio.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:01:09.187 File: C:\WINDOWS\system32\v2imount.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:01:11.125 File: C:\WINDOWS\system32\viairda.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:01:11.515 File: C:\WINDOWS\system32\vmnetdhcp.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:01:20.250 File: C:\WINDOWS\system32\wmiaprpl.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:01:35.515 File: C:\WINDOWS\system32\zntport.dll **INFECTED** Win32:Sirefef-SM [Trj]
12:03:01.296 AVAST engine scan C:\WINDOWS\system32\drivers
12:03:17.265 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Rootkit-gen [Rtk]
12:03:38.796 AVAST engine scan C:\Documents and Settings\corey
12:29:07.437 AVAST engine scan C:\Documents and Settings\All Users
12:38:57.921 Scan finished successfully
12:53:15.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\corey\Desktop\MBR.dat"
12:53:15.093 The log file has been saved successfully to "C:\Documents and Settings\corey\Desktop\aswMBR.txt"



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
Boot sector MD5 is: e7e6f498a5aad54bc8d066e2192a8456

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[daps]

ComboFix 12-04-04.02 - corey sousa 04/04/2012 15:41:08.1.1 - x86
Running from: c:\documents and settings\corey\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\corey\Application Data\PriceGong
c:\documents and settings\corey\Application Data\PriceGong\Data\1.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\a.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\b.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\c.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\d.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\e.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\f.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\g.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\h.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\i.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\J.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\k.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\l.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\m.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\n.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\o.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\p.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\q.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\r.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\s.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\t.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\u.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\v.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\w.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\x.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\y.xml
c:\documents and settings\corey\Application Data\PriceGong\Data\z.xml
c:\documents and settings\corey\WINDOWS
c:\program files\Common
c:\windows\$NtUninstallKB14989$
c:\windows\$NtUninstallKB14989$\1495557033\@
c:\windows\$NtUninstallKB14989$\1495557033\cfg.ini
c:\windows\$NtUninstallKB14989$\1495557033\Desktop.ini
c:\windows\$NtUninstallKB14989$\1495557033\L\odetmngk
c:\windows\$NtUninstallKB14989$\1495557033\oemid
c:\windows\$NtUninstallKB14989$\1495557033\U\00000001.@
c:\windows\$NtUninstallKB14989$\1495557033\U\00000002.@
c:\windows\$NtUninstallKB14989$\1495557033\U\00000004.@
c:\windows\$NtUninstallKB14989$\1495557033\U\80000000.@
c:\windows\$NtUninstallKB14989$\1495557033\U\80000004.@
c:\windows\$NtUninstallKB14989$\1495557033\U\80000032.@
c:\windows\$NtUninstallKB14989$\1495557033\version
c:\windows\$NtUninstallKB14989$\2439194020
c:\windows\desktop
c:\windows\Fonts\acrsec.fon
c:\windows\system32\bcftdi.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6dd70b72bd506f5a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\aea1533be4eeba5c.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f87fe2a78c3a640c.fb
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cpqalert.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\FVNETusb.dll
c:\windows\system32\mysql.dll
c:\windows\system32\se58unic.dll
c:\windows\system32\termdd.dll
c:\windows\system32\tunmp.dll
c:\windows\system32\vcsw.dll
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETWORKLOG
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 19:35 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-04 19:35 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-04-04 18:17 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-04 18:17 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-04 18:16 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-04 18:16 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-04 18:16 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-04 18:16 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-04 18:16 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-04 18:16 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-04 18:15 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-04 18:15 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-04 18:14 . 2012-04-04 18:14 -------- d-----w- c:\program files\AVAST Software
2012-04-04 18:14 . 2012-04-04 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-03 19:03 . 2012-04-03 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 19:03 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 03:26 . 2012-04-03 03:26 -------- d-----w- c:\documents and settings\corey sousa\Application Data\Malwarebytes
2012-04-03 03:26 . 2012-04-03 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-02 19:12 . 2012-04-02 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-01 09:26 . 2012-04-01 09:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-31 21:43 . 2012-03-31 21:43 -------- d-----w- c:\documents and settings\corey sousa\Local Settings\Application Data\MSRebar
2012-03-24 17:49 . 2012-03-24 17:49 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-24 17:49 . 2012-03-24 17:49 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 16:51 . 2012-03-13 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP
2012-03-13 16:51 . 2012-03-13 16:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 18:39 . 2011-11-30 18:54 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-03 18:39 . 2011-11-30 18:54 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2004-08-10 19:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-24 17:49 . 2011-04-07 02:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 16:42 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"matrsd"=rundll32.exe "c:\docume~1\COREYS~1\LOCALS~1\Temp\matrsd.dll",CreateTextureFromFileInMemoryEx
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\corey sousa\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 2:16 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 2:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 2:17 PM 20696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/3/2012 3:03 PM 20464]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 MAC607;MAC607 Filter; [x]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;c:\windows\system32\drivers\mr97310v.sys [6/14/2005 11:11 AM 116247]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
MSFWHLPR
servicelayer
epsonbidirectionalagent
atimtag
Jukebox
array_utility_service4,0,1,3
ELmon
ATKGFNEXSrv
EMSCR
SbieDrv
LoopBeMidi1
acdservice
egathdrv
toshidpt
avgems
symwsc
XilinxPC4Driver
olcamsrv
Mtlstrm
SQLWriter
omniusb
ofcservice
logmein
snpstd2
enxpsvr
Airgo
s716unic
quickhealfirewall
SE26mdfl
dtsrvc
actser
VMAUDIO
dnsexit
rslinxng
sony_ssm.sys
cpuidlep
CX23880
xnacc
bantext
ZTEusbmdm6k
bltrust
cccredmgr
ESDCR
W700mdfl
WinFl32
NEOFLTR_600_13319
pgfilter
oracleformsserver-forms60server-oraform
sandradatasrv
ps2
rimusb
lirsgt
aswmon2
trackcam4
{834170a7-af3b-4d34-a757-e05eb29ee96d}
isamsmt
NetTcpActivator
smartwiservice
mgabg
w29n51
ARCSOFTVIRTUALCAPTURE
BCMWLNPF
ssoftservice
addfiltr
d-link_st3402
nvax
w300mdfl
eabusb
basic2
NxSysMon
RAPIProtocol
pctavsvc
TMMEmu
BLKWGU(Belkin)
websenserealtimeanalyzer
aiclient
nscservice
smstsmgr
nsengine
snapman380
UpdateCenterService
dlaudf_m
SE2Cbus
omci
wlankeeper
HBtnKey
sdhelper
websensecamserver
Packet
mxnic
vwd
centennialclientagent
DumaNT
tphdexlgsvc
tifm21
w810mdfl
L8042mou
lxrjd31d
gtndis5
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-03-24 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2012-04-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-23 18:08]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:17]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:17]
.
2009-12-09 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-12-08 18:10]
.
2012-04-04 c:\windows\Tasks\User_Feed_Synchronization-{96756161-EF71-44D0-ACCD-74F90450BE23}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: pearsoned.com\myitlab
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\corey sousa\Application Data\Mozilla\Firefox\Profiles\v58hfcua.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
c:\documents and settings\corey sousa\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-04 16:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 20:25
.
Pre-Run: 84,701,974,528 bytes free
Post-Run: 84,810,153,984 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2D629B783F92D811D9659D6E9A01E6C6

 

[daps]

scan results

C:\Documents and Settings\corey\Local Settings\Application Data\MSRebar\SysVer\SysVer.exe a variant of MSIL/Adware.SanctionedMedia.A application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application

 

[Bobbye]

i have one question after the "aswmbr" scan am i clicking fix after scan completion?

NO

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================
Please uninstall the Uniblue Registry Booster Not only is it infected, but we do not recommend that anyone use a registry Cleaner. After it's uninstalled, use Windows Explorer to access Computer> Local Drive(C)> Programs> find the program folder and do a right click> Delete
================================
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes	
  C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe 
  
  :Files 
   C:\Documents and Settings\corey\Local Settings\Application Data\MSRebar\SysVer\SysVer.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================

• Open Notepad
• Copy and paste the text in the codebox into Notepad:

@ECHO OFF
START boot cleaner.exe fix \\.\PhysicalDrive0  
EXIT

• Go FILE > SAVE AS and in the drop down box select SAVE AS TYPE to ALL FILES
• In the FILE NAME box type fix.bat.
• Save fix.bat to your Desktop.
• Double click on fixbat to run.
  You may see a black box appear; this is normal.
• When done, run bootkit.exe again and post its output.

====================================================
You may have noticed this warning in ComboFix: NETSVCS REQUIRES REPAIRS - current entries shown. Please download and run MS Fix-it to resolve this.
=================================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::

Folder::
c:\documents and settings\corey sousa\Local Settings\Application Data\MSRebar
Extra::
File::
c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
Firefox::
Firefox-: - Profile - c:\documents and settings\corey sousa\application data\mozilla\firefox\profiles\v58hfcua.default\ 
Firefox-: prefs.js - Search.DefaultURL 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"=-
"matrsd"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please update an rerun the Eset scan.

 

[Bobbye]

i have one question after the "aswmbr" scan am i clicking fix after scan completion?

NO

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================
Please uninstall the Uniblue Registry Booster Not only is it infected, but we do not recommend that anyone use a registry Cleaner. After it's uninstalled, use Windows Explorer to access Computer> Local Drive(C)> Programs> find the program folder and do a right click> Delete
================================
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes	
  C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe 
  
  :Files 
   C:\Documents and Settings\corey\Local Settings\Application Data\MSRebar\SysVer\SysVer.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================

• Open Notepad
• Copy and paste the text in the codebox into Notepad:

@ECHO OFF
START boot cleaner.exe fix  \ \.\PhysicalDrive0  
EXIT

• Go FILE > SAVE AS and in the drop down box select SAVE AS TYPE to ALL FILES
• In the FILE NAME box type fix.bat.
• Save fix.bat to your Desktop.
• Double click on fixbat to run.
  You may see a black box appear; this is normal.
• When done, run bootkit.exe again and post its output.

====================================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::

Folder::
c:\documents and settings\corey sousa\Local Settings\Application Data\MSRebar
Extra::
File::
c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
Firefox::
Firefox-: - Profile - c:\documents and settings\corey sousa\application data\mozilla\firefox\profiles\v58hfcua.default\ 
Firefox-: prefs.js - Search.DefaultURL 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"=-
"matrsd"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================

 

[daps]

when running OTMovit by Old Timer it freezes

 

[Bobbye]

Uninstall the OTM you now have.

Update and rescan with Eset. Let me see the log.

 

[daps]

C:\Documents and Settings\corey sousa\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000089 a variant of Win32/InstallCore.D application
C:\Documents and Settings\corey sousa\Local Settings\temp\ICReinstall\cnet2_CheetahDVDBurner_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\corey sousa\Local Settings\temp\ICReinstall\cnet2_dvdmaker_zip (1).exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\corey sousa\Local Settings\temp\ICReinstall\cnet2_dvdmaker_zip.exe a variant of Win32/InstallCore.D application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Qoobox\Quarantine\C\Documents and Settings\corey sousa\Local Settings\Application Data\MSRebar\SysVer\SysVer.exe.vir a variant of MSIL/Adware.SanctionedMedia.A application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0086013.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP607\A0094143.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP609\A0097237.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP616\A0105034.exe a variant of MSIL/Adware.SanctionedMedia.A application

 

[Bobbye]

Let's try it again:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Documents and Settings\corey sousa\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000089 
  C:\Documents and Settings\corey sousa\Local Settings\temp\ICReinstall\cnet2_CheetahDVDBurner_exe.exe a 
  C:\Documents and Settings\corey sousa\Local Settings\temp\ICReinstall\cnet2_dvdmaker_zip (1).exe 
  C:\Documents and Settings\corey sousa\Local Settings\temp\ICReinstall\cnet2_dvdmaker_zip.exe 
  C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe 
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================
Again, recommend you uninstall the Uniblue RegistryBooster.

The remaining entries from the Eset scan are for the Active X Object that is required when you download from CNet. You may want to consider downloading from the software home site.
The System Volume processes are restore points. They are no longer active in the system and will be removed when we finish.

The Qoobox is where Combofix sends the quarantined files. They are no longer active in the system and will be removed when Combofix is uninstalled.
==============================================
Did you run the script in Combofix? Log?

 

[daps]

sorry here is the combofix

ComboFix 12-04-16.02 - corey sousa 04/16/2012 23:28:57.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.499 [GMT -4:00]
Running from: c:\documents and settings\corey sousa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\corey sousa\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-07 18:19 . 2012-04-07 20:08 -------- d-----w- c:\documents and settings\corey sousa\Local Settings\Application Data\Nero
2012-04-07 17:53 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-04-07 17:53 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-04-07 17:53 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-04-07 17:53 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-04-07 17:53 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-04-07 17:53 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-04-07 17:52 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-04-07 02:39 . 2008-06-09 02:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2012-04-07 02:39 . 2012-04-07 02:39 -------- d-----w- c:\program files\ffdshow
2012-04-07 02:14 . 2012-04-07 02:14 -------- d-----w- c:\documents and settings\corey sousa\Local Settings\Application Data\Xilisoft
2012-04-07 02:14 . 2012-04-07 02:14 -------- d-----w- c:\documents and settings\corey sousa\Application Data\Xilisoft
2012-04-07 00:53 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-04-07 00:53 . 2012-04-07 00:53 -------- d-----w- c:\program files\VirtualDJ
2012-04-07 00:52 . 2012-04-07 00:52 -------- d-----w- c:\program files\Cheetah Burner
2012-04-06 19:25 . 2012-04-06 19:25 -------- d-----w- c:\documents and settings\corey sousa\Application Data\ElevatedDiagnostics
2012-04-06 17:36 . 2012-04-06 17:36 -------- d-----w- C:\_OTM
2012-04-05 21:11 . 2012-04-05 21:11 -------- d-----w- c:\documents and settings\corey sousa\Application Data\AVG2012
2012-04-05 21:07 . 2012-04-07 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-04-05 21:06 . 2012-04-05 21:06 -------- d-----w- c:\program files\AVG
2012-04-04 20:31 . 2012-04-04 20:31 -------- d-----w- c:\program files\ESET
2012-04-04 19:35 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-04 19:35 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-04-04 18:17 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-04 18:17 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-04 18:16 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-04 18:16 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-04 18:16 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-04 18:16 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-04 18:16 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-04 18:16 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-04 18:15 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-04 18:15 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-04 18:14 . 2012-04-04 18:14 -------- d-----w- c:\program files\AVAST Software
2012-04-04 18:14 . 2012-04-04 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-03 19:03 . 2012-04-03 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 19:03 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 03:26 . 2012-04-03 03:26 -------- d-----w- c:\documents and settings\corey sousa\Application Data\Malwarebytes
2012-04-03 03:26 . 2012-04-03 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-02 19:12 . 2012-04-02 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-01 09:26 . 2012-04-01 09:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-24 17:49 . 2012-03-24 17:49 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-24 17:49 . 2012-03-24 17:49 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 18:08 . 2011-05-19 01:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 20:21 . 2011-11-30 18:54 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-05 20:21 . 2011-11-30 18:54 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-04-05 05:35 . 2010-05-08 23:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-05 05:35 . 2007-05-04 02:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-01 11:01 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 18:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 18:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-24 17:49 . 2011-04-07 02:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 16:42 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\corey sousa\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 2:16 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 2:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 2:17 PM 20696]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 290832]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/3/2012 3:04 PM 652360]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/13/2012 12:42 PM 918880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/3/2012 3:03 PM 20464]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/25/2011 11:28 PM 19056]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 2:17 PM 136176]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 2:17 PM 136176]
S3 MAC607;MAC607 Filter; [x]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;c:\windows\system32\drivers\mr97310v.sys [6/14/2005 11:11 AM 116247]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [7/18/2009 12:50 PM 7548]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
MSFWHLPR
servicelayer
epsonbidirectionalagent
atimtag
Jukebox
array_utility_service4,0,1,3
ELmon
ATKGFNEXSrv
EMSCR
SbieDrv
LoopBeMidi1
acdservice
egathdrv
toshidpt
avgems
symwsc
XilinxPC4Driver
olcamsrv
Mtlstrm
SQLWriter
omniusb
ofcservice
logmein
snpstd2
enxpsvr
Airgo
s716unic
quickhealfirewall
SE26mdfl
dtsrvc
actser
VMAUDIO
dnsexit
rslinxng
sony_ssm.sys
cpuidlep
CX23880
xnacc
bantext
ZTEusbmdm6k
bltrust
cccredmgr
ESDCR
W700mdfl
WinFl32
NEOFLTR_600_13319
pgfilter
oracleformsserver-forms60server-oraform
sandradatasrv
ps2
rimusb
lirsgt
aswmon2
trackcam4
{834170a7-af3b-4d34-a757-e05eb29ee96d}
isamsmt
NetTcpActivator
smartwiservice
mgabg
w29n51
ARCSOFTVIRTUALCAPTURE
BCMWLNPF
ssoftservice
addfiltr
d-link_st3402
nvax
w300mdfl
eabusb
basic2
NxSysMon
RAPIProtocol
pctavsvc
TMMEmu
BLKWGU(Belkin)
websenserealtimeanalyzer
aiclient
nscservice
smstsmgr
nsengine
snapman380
UpdateCenterService
dlaudf_m
SE2Cbus
omci
wlankeeper
HBtnKey
sdhelper
websensecamserver
Packet
mxnic
vwd
centennialclientagent
DumaNT
tphdexlgsvc
tifm21
w810mdfl
L8042mou
lxrjd31d
gtndis5
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-04-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2012-04-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-23 18:08]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:17]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:17]
.
2012-04-17 c:\windows\Tasks\User_Feed_Synchronization-{96756161-EF71-44D0-ACCD-74F90450BE23}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: pearsoned.com\myitlab
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\corey sousa\Application Data\Mozilla\Firefox\Profiles\v58hfcua.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\WININET.dll
c:\documents and settings\corey sousa\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-16 23:53:13
ComboFix-quarantined-files.txt 2012-04-17 03:53
ComboFix2.txt 2012-04-17 03:23
ComboFix3.txt 2012-04-06 20:05
ComboFix4.txt 2012-04-05 15:16
ComboFix5.txt 2012-04-17 03:26
.
Pre-Run: 73,043,238,912 bytes free
Post-Run: 73,028,001,792 bytes free
.
- - End Of File - - DE69134FF6CEC75F3B4466B2DA324908

 

[daps]

unable to find uniblue on my computer to uninstall, and otm did it again i left my computer on while i slept at 12 a.m overnight to see if it would work i woke up today the computer clock still said 12am (frooze computer unaccesable) and the otm results empty

 

[daps]

if you are unable to help me just let me know....

 

[Bobbye]

Please accept my apology for lack of reply. I've been checking threads and have found several that stopped sending feedback after the site upgrade.

If you are still having the problems, I'd like to get some current information. We need to handle this first:

The current Combofix logs shows: NETSVCS REQUIRES REPAIRS.


1. You will need to Uninstall ComboFix and all Backups of the files it deleted

• 
  [*] Click START> then RUN
  [*] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

2. Please download and extract the following file: XPSP3 netsvcs
Then double click on it to merge it into the Registry.

3. Download and run Combofix again. The NETSVCS should be repired and I can review the log for new entries. Please use the link and follow the previous directions I gave for the initia; scan.

4. Let's get an online AV scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
4. Continue with the directions.
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Please leave the two new logs in your next reply, along with any new information.

 

[Bobbye]

I explained the delay to you. Do you plan to continue?