Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: mike23 on January 11, 2011, 06:43:40 PM
-
Hi there,
few days ago my notebook stopped responding randomly during my work on it.
It gets worse now, it freezes right after logging in. I ran various scans to find the problem but nothing appeared. I would really appreciate your help.
Here are the logs from scans:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/12/2011 at 01:48 AM
Application Version : 4.47.1000
Core Rules Database Version : 6175
Trace Rules Database Version: 3987
Scan type : Complete Scan
Total Scan Time : 02:58:55
Memory items scanned : 278
Memory threats detected : 0
Registry items scanned : 10006
Registry threats detected : 0
File items scanned : 318406
File threats detected : 13
Adware.Tracking Cookie
.toplist.cz [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\User test\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ia.media-imdb.com [ C:\Users\User test\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9S5ZSQ7N ]
C:\Users\User test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\User test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5505
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18999
12. 1. 2011 2:05:30
mbam-log-2011-01-12 (02-05-30).txt
Scan type: Quick scan
Objects scanned: 155920
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:08:16, on 12. 1. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 00-1e-68-48-1c-3f:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9c594e05001de) (gupdate1c9c594e05001de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Argonne National Lab - C:\MPICH2\bin\smpd.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 8236 bytes
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
few days ago my notebook stopped responding randomly during my work on it.
It gets worse now, it freezes right after logging in.
Could there be a problem with overheating? Why are you running in Safe Mode?
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Could there be a problem with overheating? Why are you running in Safe Mode?
I think overheating is possible, but right now right after I login to my PC account, desktop with icons appears and nothing can be done there. If I click on a start button for example it doesn't show the menu. Only the windows clocks instead of cursor appears but it stays like this without any action during next minutes. This morning I was able to work normally on a computer, browsing internet etc. As I said, right now I'm not able to do anything in a "normal" mode, so I've entered into Safe Mode and here everything works. I had same issue when I was writing the first post (running scans).
Btw, when I posted the logs in my previous post, in HJT report I noticed there was something with AVG, which was removed from the notebook long time ago, so I used AVG remover to get rid of it. Nothing else was removed /installed.
Logs from the asked scans:
Results of screen317's Security Check version 0.99.8
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Microsoft VM for Java
Java(TM) 6 Update 23
Java(TM) 6 Update 2
Java(TM) SE Development Kit 6 Update 13
Java DB 10.4.1.3
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by User test at 1:14:00,34 on pi 14. 01. 2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.3070.2443 [GMT 1:00]
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\Explorer.EXE
svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 9\Nero ShowTime\ShowTime.exe
C:\Users\User test\Desktop\dds.scr
C:\Windows\system32\conime.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-5 293968]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-5 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-5 51280]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c594e05001de;Služba Google Update (gupdate1c9c594e05001de);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\mpich2\bin\smpd.exe [2010-11-17 483328]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-1 21504]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
==================== Find3M ====================
============= FINISH: 1:14:17,97 ===============
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17. 4. 2008 21:14:17
System Uptime: 14. 1. 2011 1:00:54 (0 hours ago)
Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2095/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 224 GiB total, 63,273 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 2,719 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
"Nero SoundTrax Help
AAC Decoder
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Advertising Center
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
avast! Free Antivirus
CCleaner
Codec Pack - All In 1 6.0.3.0
CyberLink YouCam
DigitalPersona Personal 4.11
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
DVD Suite
ESU for Microsoft Vista
ffdshow [rev 1723] [2007-12-24]
Google Chrome
Google Update Helper
H.264 Decoder
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Update
HP User Guides 0087
HP Wireless Assistant
IBM Installation Manager
IBM Software Development Platform
ICQ7
ImagXpress
Intel® Matrix Storage Manager
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 13
L2 Crest Maker
LabelPrint
LightScribe System Software 1.14.17.1
Lineage II
Lineage® II PTS: The Chaotic Throne - Freya
LispWorks 5.1 Personal
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft XML Parser
MKV Splitter
Motorola SM56 Speakerphone Modem
Movie Templates - Starter Kit
Mozilla Firefox (3.5.16)
MPICH2
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NetBeans IDE 6.5.1
NVIDIA Drivers
PC Translator
Power2Go
PowerDirector
PVSonyDll
QuickPlay SlingPlayer 0.4.4
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 4.1
SoundTrax
SQL Server System CLR Types
Suite Shared Configuration CS4
SUPERAntiSpyware
SWI-Prolog (remove only)
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Ventrilo Client
Winamp
Windows Live Messenger
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinRAR archiver
WinSCP 4.1.7
Xvid 1.1.3 final uninstall
Yahoo! Messenger
==== End Of File ===========================
-
Do you have your OS CD/DVD?
If so,
1/ Click the Start button.
2/ From the Start Menu, Click All programs followed by Accessories.
3/ In the Accessories menu, Right Click on the Command Prompt option.
4/ From the drop down menu that appears, Click on the Run as administrator option.
5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.
6/ In the Command Prompt window, type: sfc /scannow and then press Enter.
7/ A message will appear stating that the system scan will begin.
8/ Be patient because the scan may take some time.
9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.
10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.
11/ After the scan has completed, Close the command prompt window.
********************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
I followed all your instructions, system file checker didn't find any file needed to be replaced.
ComboFix log:
ComboFix 11-01-14.01 - Tomas . 01. 2011 23:43:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.3070.2009 [GMT 1:00]
Running from: c:\users\User test\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\VI30AUT.DLL
c:\windows\system32\_packet.dlluninstall
c:\windows\system32\KBL.LOG
c:\windows\system32\Microsoft
c:\windows\system32\Microsoft\Protect\S-1-5-18\032c32d4-8269-43d4-8e10-ebdfe36b7c63
c:\windows\system32\Microsoft\Protect\S-1-5-18\16341988-7ab3-4658-a4be-f01ca9a29952
c:\windows\system32\Microsoft\Protect\S-1-5-18\19030c0e-ebf5-41e7-ad0b-f9bdd3dee879
c:\windows\system32\Microsoft\Protect\S-1-5-18\2846e744-2099-45f0-ace1-2f84303e2752
c:\windows\system32\Microsoft\Protect\S-1-5-18\284db111-0c28-40f0-b22b-327476e3fd27
c:\windows\system32\Microsoft\Protect\S-1-5-18\38346fd8-4248-4707-a50d-7ef5ea9f4c7e
c:\windows\system32\Microsoft\Protect\S-1-5-18\809ad93c-5c2b-4cd0-bb71-d817f67a585b
c:\windows\system32\Microsoft\Protect\S-1-5-18\884ee32b-24f6-49ce-a942-2c1b8017a7a9
c:\windows\system32\Microsoft\Protect\S-1-5-18\9d130853-542e-4742-b6f2-3d603c10437d
c:\windows\system32\Microsoft\Protect\S-1-5-18\c79d0c48-7d69-4183-9802-197721b6911d
c:\windows\system32\Microsoft\Protect\S-1-5-18\ddd9006a-d6bf-41f5-9d9c-73bfc5286cd2
c:\windows\system32\Microsoft\Protect\S-1-5-18\e4cce3ed-c053-456b-a86b-ca00d068a154
c:\windows\system32\Microsoft\Protect\S-1-5-18\eb74a6c2-b4f7-43a0-9046-57da0f7c9b00
c:\windows\system32\Microsoft\Protect\S-1-5-18\f509f709-b4f3-4bce-8acc-008a0abc91be
c:\windows\system32\Microsoft\Protect\S-1-5-18\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\061e2a3d-e0a1-4b5f-85e2-15e683b72eb2
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\2505f079-092a-499a-9597-cb2629ee2845
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\3ae06834-5228-4703-8c59-f2e67114009c
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\5ce97b84-b32a-41a0-8281-bc38032396fd
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\6b55cd9d-c94b-48c4-9fe4-635fdcef2ee9
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\6b64a089-f991-46d9-9b73-3a092dbcd89e
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\8e102672-cd65-4885-b217-98605829e237
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\9bfb550b-a2cb-48b7-af78-7e4f98f41e74
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\a316f3ac-acf5-4634-ab39-ab4087828208
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\af4688ff-0ad0-4451-a62d-220dd7f8ee98
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\afb2990e-3bba-4851-b67f-1c184cad7b82
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\b67ac711-ed29-4fcc-a1dc-3569565dff66
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\cfa006c9-d779-4471-86af-91cf9f129da4
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\fa8c83be-2775-4eb5-919c-a88f53ebd76d
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\Preferred
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.
2011-01-14 22:59 . 2011-01-14 22:59 -------- d-s---w- c:\windows\system32\Microsoft
2011-01-10 01:45 . 2011-01-10 01:45 -------- d-----w- c:\program files\ESET
2011-01-09 12:35 . 2011-01-09 12:35 -------- d-----w- C:\Malwarebytes
2011-01-09 12:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-09 12:35 . 2011-01-09 12:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-09 12:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-07 21:06 . 2006-02-04 02:50 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-01-07 21:06 . 2006-02-04 02:50 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-01-06 18:38 . 2011-01-06 18:38 -------- d-----w- c:\program files\Trend Micro
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- C:\crests
2011-01-06 16:49 . 2011-01-06 16:49 -------- d-----w- c:\windows\system32\DigitalPersona
2011-01-06 16:49 . 2011-01-06 16:49 17388247 ----a-w- c:\windows\system32\PROCESSLIST.BIN
2011-01-06 16:48 . 2011-01-06 16:48 -------- d-----w- c:\windows\system32\AppLogs
2011-01-06 16:22 . 2011-01-07 08:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-06 09:23 . 2011-01-06 09:23 -------- d-----w- C:\temp
2011-01-05 21:15 . 2011-01-05 21:15 -------- d-----w- c:\program files\CCleaner
2011-01-05 20:55 . 2011-01-05 20:55 -------- d-----w- c:\windows\Sun
2011-01-05 20:21 . 2011-01-05 20:21 -------- d-----w- c:\windows\Profiles
2011-01-05 13:34 . 2011-01-05 13:34 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-01-05 13:22 . 2010-12-31 20:00 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-05 13:22 . 2010-12-31 19:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-05 13:22 . 2010-12-31 19:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-05 13:22 . 2010-12-31 19:56 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-05 13:22 . 2010-12-31 19:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-05 13:21 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-05 13:21 . 2010-12-31 20:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-03 12:46 . 2011-01-03 12:46 -------- d-----w- c:\program files\Alwil Software
2010-12-16 01:30 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-16 01:30 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-16 01:30 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-16 01:30 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 01:30 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 01:30 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 15:44 . 2010-06-11 08:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-17 13:01 . 2010-11-17 13:01 1835008 ----a-w- c:\windows\system32\mpich2nemesisp.dll
2010-11-17 12:55 . 2010-11-17 12:55 167936 ----a-w- c:\windows\system32\mpich2mpi.dll
2010-11-17 12:54 . 2010-11-17 12:54 1593344 ----a-w- c:\windows\system32\mpich2nemesis.dll
2010-11-17 12:47 . 2010-11-17 12:47 1531904 ----a-w- c:\windows\system32\mpich2mtp.dll
2010-11-17 12:41 . 2010-11-17 12:41 1327104 ----a-w- c:\windows\system32\mpich2mt.dll
2010-11-17 12:35 . 2010-11-17 12:35 135168 ----a-w- c:\windows\system32\fmpich2s.dll
2010-11-17 12:32 . 2010-11-17 12:32 131072 ----a-w- c:\windows\system32\fmpich2g.dll
2010-11-17 12:29 . 2010-11-17 12:29 159744 ----a-w- c:\windows\system32\fmpich2.dll
2010-11-17 12:22 . 2010-11-17 12:22 147456 ----a-w- c:\windows\system32\mpich2mpe.dll
2010-11-17 12:22 . 2010-11-17 12:22 135168 ----a-w- c:\windows\system32\mpe.dll
2010-11-17 12:21 . 2010-11-17 12:21 1507328 ----a-w- c:\windows\system32\mpich2p.dll
2010-11-17 12:09 . 2010-11-17 12:09 1302528 ----a-w- c:\windows\system32\mpich2.dll
2010-10-24 23:23 . 2010-10-24 23:23 48640 ----a-w- c:\windows\system32\libfdnvin.dll
2010-10-19 09:41 . 2009-10-03 04:29 222080 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c594e05001de;Služba Google Update (gupdate1c9c594e05001de);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 133104]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-11 3369044]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-19 717296]
S1 aswSP;aswSP;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\mpich2\bin\smpd.exe [2010-11-17 483328]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 10:59]
2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 10:59]
2011-01-14 c:\windows\Tasks\User_Feed_Synchronization-{D2A0AE53-50C6-4859-9121-3AA04C36CCDD}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = 00-1e-68-48-1c-3f:80
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tl2evah6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DigitalPersona Extension: [email protected] - c:\program files\DigitalPersona\Bin\firefoxext
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
AddRemove-Adobe_faf656ef605427ee2f42989c3ad31b8 - c:\program files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe
AddRemove-PC Translator - c:\users\Tomas\AppData\Local\Temp\UN32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-15 00:03
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1852)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\RtHDVCpl.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-01-15 00:14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 23:14
Pre-Run: Volných bajtů: 67 558 154 240
Post-Run: Volných bajtů: 71 218 511 872
- - End Of File - - D17D285AC7D10F7495B7A76A2AC3322A
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:17:05, on 15. 1. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 00-1e-68-48-1c-3f:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9c594e05001de) (gupdate1c9c594e05001de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Argonne National Lab - C:\MPICH2\bin\smpd.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 7663 bytes
-
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
- Once the scan is complete, you may receive another notice about rootkit activity.
- Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
-
Hello Dave,
I really apologize myself for replying with this delay but I've been away from home for about 1 week because of school & work.
I have encountered with one problem during performing scan with gmer. Scan started normally however while testing "devices", the windows message window popped up with the text "gmer.exe stoppped working". I've tried to run scan multiple times but scan stopped everytime on the same file. So I managed to uncheck the devices checkbox and the scan passed through the rest of the items without any problem.
Here's the produced log file:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-23 22:39:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\Tomas\AppData\Local\Temp\fxldypow.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 86FC9F00
INT 0x52 ? 86FC9F00
INT 0x72 ? 86FC9F00
INT 0x72 ? 86FC9F00
INT 0x82 ? 8552FBF8
INT 0x92 ? 8552BBF8
INT 0xA2 ? 8552BBF8
INT 0xB3 ? 86FC9F00
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9078682E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90786652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9078678C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 823B4DF0 7 Bytes JMP 90786790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8242028F 5 Bytes JMP 907821EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82479063 5 Bytes JMP 90783C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 8247A905 7 Bytes JMP 90786656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 824DA90A 7 Bytes JMP 90786832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spmq.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8E6E841B 5 Bytes JMP 86FC94E0
.text aw5s5kh8.SYS 8FA01000 22 Bytes [82, D3, 21, 82, 6C, D2, 21, ...]
.text aw5s5kh8.SYS 8FA01017 181 Bytes [00, 32, E7, 79, 80, 3D, E5, ...]
.text aw5s5kh8.SYS 8FA010CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text aw5s5kh8.SYS 8FA010DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text aw5s5kh8.SYS 8FA010E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[372] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[716] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[760] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[772] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[892] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[912] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] USER32.dll!SetWindowsHookExA 77206322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] USER32.dll!SetWinEventHook 77209F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] USER32.dll!UnhookWinEvent 7720C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1028] ADVAPI32.dll!CreateServiceA 75F672A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 777C9390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 777DBA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 75F29EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!DeleteService 75F2A07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 75F66CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 75F66DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 75F66F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 75F67099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 75F671E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software
-
Sorry. That didn't seem to work correctly. Let's try another.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list]
-
Log produced by SysProt AntiRootkit:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\splj.sys
Service Name: ---
Module Base: 8A297000
Module End: 8A397000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\aaswxk88.SYS
Service Name: ---
Module Base: 90005000
Module End: 9003C000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 91059000
Module End: 91120000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwLoadDriver
At Address: 823ADDF0
Jump To: 91022790
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Hooked Function: ZwCreateSection
At Address: 82473905
Jump To: 91022656
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Hooked Function: ZwCreateProcessEx
At Address: 824D390A
Jump To: 91022832
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Hooked Function: ObMakeTemporaryObject
At Address: 8241928F
Jump To: 9101E1EE
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Hooked Function: ObInsertObject
At Address: 82472063
Jump To: 9101FC88
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=e4f37c386c7ba04286ca3b3c4bbd8c2b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-31 08:09:49
# local_time=2011-01-31 09:09:49 )
# country="Slovakia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 2094921 2094921 0 0
# compatibility_mode=768 16777215 100 0 2375260 2375260 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 0 133963151 0 0
# compatibility_mode=8192 67108863 100 0 974914 974914 0 0
# scanned=335990
# found=1
# cleaned=1
# scan_time=30965
C:\Users\Tomas\Documents\L2 edit\L2 FileEdit [Int-Kamael].zip
-
Ok. That looks good. If there are no other issues, let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!