My other computer was hit with something that blocked internet access, so I have to use an old laptop a friend gave me. Before getting started on my desktop, I scanned the laptop with Malwarebytes. It found over 80 problems, mostly trojans, so I am starting with cleaning up the laptop:
Here is the Malwarebytes log:
********************************************************************************
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8399
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/19/2011 3:14:18 PM
mbam-log-2011-12-19 (15-14-18).txt
Scan type: Quick scan
Objects scanned: 150359
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 46
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 15
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{314F88D6-80CE-408a-9E8F-B2389B81E8B8} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80EF304A-B1C4-425C-8535-95AB6F1EEFB8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{F7FA36A4-3177-4B57-B9C1-E9C5B2E0D3A9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{FF46F4AB-A85F-487E-B399-3F191AC0FE23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11A69AE4-FBED-4832-A2BF-45AF82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421B84-3488-49A7-AD18-CBF84A3EFAF6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B221E01-F517-4959-8C41-81948E7F2F17} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A7F202E-AF91-4889-9DD5-2FE241085CC1} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A95B2816-1D7E-4561-A202-68C0DE02353A} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D88E1558-7C2D-407A-953A-C044F5607CEA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAAD2038-C371-473D-86F1-5B11D39C3775} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AVIEBHO.IEFW (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AVIEBHO.IEFW.2 (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO_MyJavaCore.Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO_MyJavaCore.Mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GPBlocker.IEPBlocker (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GPBlocker.IEPBlocker.1 (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\OINCS.OINAnalytics (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\OINCS.OINAnalytics.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testCPV6.BHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testCPV6.BHO.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PG.DLL (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11A69AE4-FBED-4832-A2BF-45AF82825583} (Trojan.Vundo) -> Value: {11A69AE4-FBED-4832-A2BF-45AF82825583} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11A69AE4-FBED-4832-A2BF-45AF82825583} (Trojan.Vundo) -> Value: {11A69AE4-FBED-4832-A2BF-45AF82825583} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Value: {59A40AC9-E67D-4155-B31D-4B7330FCD2D6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Value: {59A40AC9-E67D-4155-B31D-4B7330FCD2D6} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} (Trojan.Vundo) -> Value: {178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} (Trojan.Vundo) -> Value: {178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Value: rdomain -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Value: prodname -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> Value: compname -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\localservice\application data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\salesmonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\salesmonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\application data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\application data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.
c:\program files\outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\components (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\start menu\Programs\outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
c:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\a8 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\comms2 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipd2 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\que1 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\all users\start menu\online security guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\bmd3d4612f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\bmd3d4612f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\application data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
c:\program files\outerinfo\Terms.rtf (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\chrome.manifest (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\install.rdf (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\components\outerinfoads.xpt (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\start menu\Programs\outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
GMER Log
************************************************************************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-20 20:30:17
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N040ATMR04-0 rev.MO2OAD1A
Running: sv3gqsr4.exe; Driver: C:\DOCUME~1\Hadrian\LOCALS~1\Temp\kgkdqpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE973BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE973A45]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE9F07A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS Log:
*******************************************************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hadrian at 20:34:43 on 2011-12-20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.222 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uDefault_Page_URL = hxxp://my.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hadrian\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [EarthLink Installer] "f:\windows\access\program files\earthlink totalaccess\_setup.exe" /sf:\Windows
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{E4F93558-F62E-4862-B14D-AE0414151EEB} : DhcpNameServer = 192.168.1.1
LSA: Authentication Packages = msv1_0 c:\windows\system32\khhfc.dll
LSA: Notification Packages = cli c:\windows\system32\dubunide.dll
Hosts: 82.98.231.89 browser-security.microsoft.com
Hosts: 82.98.231.89 best-click-scanner.info
Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hadrian\application data\mozilla\firefox\profiles\craoxl7k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\hadrian\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-19 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-25 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-25 44768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 136176]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 136176]
S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-1-5 117248]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-12-19 23:01:49 -------- d-----w- c:\documents and settings\hadrian\application data\Malwarebytes
2011-12-19 23:01:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-19 23:01:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 23:01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 21:44:19 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 20:35:55.03 ===============
Thanks in advance for your help
Steve
Here is the Malwarebytes log:
********************************************************************************
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8399
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/19/2011 3:14:18 PM
mbam-log-2011-12-19 (15-14-18).txt
Scan type: Quick scan
Objects scanned: 150359
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 46
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 15
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{314F88D6-80CE-408a-9E8F-B2389B81E8B8} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80EF304A-B1C4-425C-8535-95AB6F1EEFB8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{F7FA36A4-3177-4B57-B9C1-E9C5B2E0D3A9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{FF46F4AB-A85F-487E-B399-3F191AC0FE23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11A69AE4-FBED-4832-A2BF-45AF82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421B84-3488-49A7-AD18-CBF84A3EFAF6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B221E01-F517-4959-8C41-81948E7F2F17} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A7F202E-AF91-4889-9DD5-2FE241085CC1} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A95B2816-1D7E-4561-A202-68C0DE02353A} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D88E1558-7C2D-407A-953A-C044F5607CEA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAAD2038-C371-473D-86F1-5B11D39C3775} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AVIEBHO.IEFW (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AVIEBHO.IEFW.2 (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO_MyJavaCore.Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO_MyJavaCore.Mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GPBlocker.IEPBlocker (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GPBlocker.IEPBlocker.1 (Rogue.Menace.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\OINCS.OINAnalytics (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\OINCS.OINAnalytics.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testCPV6.BHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testCPV6.BHO.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PG.DLL (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11A69AE4-FBED-4832-A2BF-45AF82825583} (Trojan.Vundo) -> Value: {11A69AE4-FBED-4832-A2BF-45AF82825583} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11A69AE4-FBED-4832-A2BF-45AF82825583} (Trojan.Vundo) -> Value: {11A69AE4-FBED-4832-A2BF-45AF82825583} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Value: {59A40AC9-E67D-4155-B31D-4B7330FCD2D6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59A40AC9-E67D-4155-B31D-4B7330FCD2D6} (Trojan.Agent) -> Value: {59A40AC9-E67D-4155-B31D-4B7330FCD2D6} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} (Trojan.Vundo) -> Value: {178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} (Trojan.Vundo) -> Value: {178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Value: rdomain -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Value: prodname -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> Value: compname -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\localservice\application data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\salesmonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\salesmonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\application data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\application data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.
c:\program files\outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\components (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\start menu\Programs\outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
c:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\a8 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\comms2 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipd2 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\que1 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\all users\start menu\online security guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\bmd3d4612f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\bmd3d4612f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\application data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
c:\program files\outerinfo\Terms.rtf (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\chrome.manifest (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\install.rdf (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\outerinfo\FF\components\outerinfoads.xpt (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\documents and settings\Hadrian\start menu\Programs\outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
GMER Log
************************************************************************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-20 20:30:17
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N040ATMR04-0 rev.MO2OAD1A
Running: sv3gqsr4.exe; Driver: C:\DOCUME~1\Hadrian\LOCALS~1\Temp\kgkdqpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE973BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE973A45]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE9F07A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS Log:
*******************************************************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hadrian at 20:34:43 on 2011-12-20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.222 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uDefault_Page_URL = hxxp://my.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hadrian\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [EarthLink Installer] "f:\windows\access\program files\earthlink totalaccess\_setup.exe" /sf:\Windows
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{E4F93558-F62E-4862-B14D-AE0414151EEB} : DhcpNameServer = 192.168.1.1
LSA: Authentication Packages = msv1_0 c:\windows\system32\khhfc.dll
LSA: Notification Packages = cli c:\windows\system32\dubunide.dll
Hosts: 82.98.231.89 browser-security.microsoft.com
Hosts: 82.98.231.89 best-click-scanner.info
Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hadrian\application data\mozilla\firefox\profiles\craoxl7k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\hadrian\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-19 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-25 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-25 44768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 136176]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 136176]
S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-1-5 117248]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-12-19 23:01:49 -------- d-----w- c:\documents and settings\hadrian\application data\Malwarebytes
2011-12-19 23:01:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-19 23:01:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 23:01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 21:44:19 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 20:35:55.03 ===============
Thanks in advance for your help
Steve