Author Topic: Infecton I think. (Read 6878 times)

cat-bomb · « **on:** October 09, 2009, 06:58:00 PM »

I downloaded a program that i thought was a audio recording program but it asked me restart and it stopped my antivirus from running and firewall then I open them up manualy and avast is finding stuff. I have ran scans with MBAM and SAS but nothing much was found.

Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 3

10/6/2009 6:38:01 PM
mbam-log-2009-10-06 (18-38-01).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 54374
Time elapsed: 15 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ComboFix\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.

(later did a full scan and found nothing)

Sas found nothing.

cat-bomb · « **Reply #1 on:** October 09, 2009, 11:35:13 PM »

Sorry I forgot the HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:59 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B17324EB-1C4E-453F-BAB4-E82D5F3314C2} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\MP3 Player Utilities 5.10\AVIConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127362109437
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149835123078
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8700 bytes

ankur16 · « **Reply #2 on:** October 10, 2009, 09:36:52 AM »

1) Put a check mark against the below entries and click "Fix checked" .

Quote

O2 - BHO: (no name) - {B17324EB-1C4E-453F-BAB4-E82D5F3314C2} - (no file)
O8 - Extra context menu item: &Search - ?p=ZRfox000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - (no file) (HKCU)

2) Next download RootRepeal.rar and unzip it to your Desktop. You'll need WinRAR to extract it

* Double click RootRepeal.exe to start the program
* Click on the Report tab at the bottom of the program window
* Click the Scan button
* In the Select Scan dialog, check:
o Drivers
o Files
o Processes
o SSDT
o Stealth Objects
o Hidden Services
* Click the OK button
* In the next dialog, select all drives showing
* Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
* When the scan is complete, the Save Report button will become available
* Click this and save the report to your Desktop as RootRepeal.txt
* Go to File, then Exit to close the program
* Attach this log in your next post.

3) Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, allow it.

* Double click DDS.scr to run it and wait for the scan to finish
* When finished DDS.txt will open
* A small while later, a prompt will open. Answer Yes
* DDS will continue scanning
* When done, Attach.txt will open

Copy and paste the DDS.txt and attach Attach.txt

cat-bomb · « **Reply #3 on:** October 10, 2009, 01:05:28 PM »

Here is my logs G.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2009/10/10 11:36
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6D79000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B1F000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6767000   Size: 49152   File Visible: No   Signed: -
Status: -

==EOF==

_______Atach.txt_______________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/19/2005 9:16:26 PM
System Uptime: 10/10/2009 11:26:09 AM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 52.559 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.961 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1251: 7/11/2009 2:17:13 AM - System Checkpoint
RP1252: 7/12/2009 3:04:12 AM - System Checkpoint
RP1253: 7/13/2009 3:14:28 AM - System Checkpoint
RP1254: 7/14/2009 3:17:53 AM - System Checkpoint
RP1255: 7/15/2009 12:00:26 AM - Software Distribution Service 3.0
RP1256: 7/16/2009 12:19:56 AM - System Checkpoint
RP1257: 7/16/2009 9:52:43 PM - Automatic Restore Point
RP1258: 7/17/2009 10:34:34 PM - System Checkpoint
RP1259: 7/19/2009 2:15:46 AM - System Checkpoint
RP1260: 7/20/2009 2:25:56 AM - System Checkpoint
RP1261: 7/21/2009 3:19:53 AM - System Checkpoint
RP1262: 7/22/2009 12:00:15 AM - Software Distribution Service 3.0
RP1263: 7/23/2009 3:02:57 AM - System Checkpoint
RP1264: 7/24/2009 3:20:56 AM - System Checkpoint
RP1265: 7/25/2009 4:19:52 AM - System Checkpoint
RP1266: 7/26/2009 5:19:50 AM - System Checkpoint
RP1267: 7/27/2009 5:40:43 AM - System Checkpoint
RP1268: 7/28/2009 6:40:42 AM - System Checkpoint
RP1269: 7/29/2009 12:00:26 AM - Software Distribution Service 3.0
RP1270: 7/30/2009 12:40:10 AM - System Checkpoint
RP1271: 7/31/2009 4:24:54 AM - System Checkpoint
RP1272: 8/1/2009 12:00:22 AM - Software Distribution Service 3.0
RP1273: 8/2/2009 1:15:22 AM - System Checkpoint
RP1274: 8/3/2009 1:22:45 AM - System Checkpoint
RP1275: 8/3/2009 10:16:32 PM - Software Distribution Service 3.0
RP1276: 8/4/2009 10:35:21 PM - System Checkpoint
RP1277: 8/6/2009 4:53:19 AM - System Checkpoint
RP1278: 8/7/2009 5:28:57 AM - System Checkpoint
RP1279: 8/8/2009 6:28:56 AM - System Checkpoint
RP1280: 8/9/2009 7:28:55 AM - System Checkpoint
RP1281: 8/9/2009 7:30:56 PM - Installed Power Tab Editor 1.7
RP1282: 8/10/2009 7:33:26 PM - System Checkpoint
RP1283: 8/11/2009 10:55:48 PM - System Checkpoint
RP1284: 8/13/2009 12:00:37 AM - Software Distribution Service 3.0
RP1285: 8/14/2009 12:00:17 AM - Software Distribution Service 3.0
RP1286: 8/15/2009 12:11:21 AM - System Checkpoint
RP1287: 8/16/2009 12:48:57 AM - System Checkpoint
RP1288: 8/17/2009 1:11:19 AM - System Checkpoint
RP1289: 8/18/2009 4:17:03 PM - System Checkpoint
RP1290: 8/19/2009 4:25:48 PM - System Checkpoint
RP1291: 8/20/2009 4:30:38 PM - System Checkpoint
RP1292: 8/21/2009 4:45:06 PM - System Checkpoint
RP1293: 8/22/2009 11:32:56 PM - System Checkpoint
RP1294: 8/24/2009 11:31:06 AM - System Checkpoint
RP1295: 8/25/2009 12:08:37 PM - System Checkpoint
RP1296: 8/25/2009 3:41:00 PM - Installed Microsoft Money 2006 System Pack
RP1297: 8/26/2009 5:47:13 PM - System Checkpoint
RP1298: 8/27/2009 12:00:22 AM - Software Distribution Service 3.0
RP1299: 8/28/2009 12:08:35 AM - System Checkpoint
RP1300: 8/29/2009 1:58:37 AM - System Checkpoint
RP1301: 8/30/2009 2:21:03 AM - System Checkpoint
RP1302: 8/31/2009 3:21:32 AM - System Checkpoint
RP1303: 9/1/2009 6:12:00 PM - System Checkpoint
RP1304: 9/2/2009 10:42:15 PM - System Checkpoint
RP1305: 9/8/2009 10:58:00 AM - System Checkpoint
RP1306: 9/9/2009 12:00:25 AM - Software Distribution Service 3.0
RP1307: 9/10/2009 12:14:44 AM - System Checkpoint
RP1308: 9/11/2009 1:28:10 AM - System Checkpoint
RP1309: 9/12/2009 2:14:39 AM - System Checkpoint
RP1310: 9/13/2009 3:14:39 AM - System Checkpoint
RP1311: 9/14/2009 4:14:38 AM - System Checkpoint
RP1312: 9/15/2009 4:58:30 AM - System Checkpoint
RP1313: 9/15/2009 5:32:48 PM - Installed ProxyWay
RP1314: 9/16/2009 9:36:44 PM - System Checkpoint
RP1315: 9/18/2009 12:30:11 AM - System Checkpoint
RP1316: 9/19/2009 11:48:43 AM - System Checkpoint
RP1317: 9/20/2009 1:15:25 PM - System Checkpoint
RP1318: 9/21/2009 2:42:19 PM - System Checkpoint
RP1319: 9/21/2009 8:15:39 PM - Removed ProxyWay
RP1320: 9/22/2009 9:37:04 PM - System Checkpoint
RP1321: 9/23/2009 9:39:42 PM - System Checkpoint
RP1322: 9/25/2009 12:32:59 AM - System Checkpoint
RP1323: 9/26/2009 12:39:40 AM - System Checkpoint
RP1324: 9/27/2009 1:39:40 AM - System Checkpoint
RP1325: 9/28/2009 2:39:36 AM - System Checkpoint
RP1326: 9/29/2009 3:39:35 AM - System Checkpoint
RP1327: 9/30/2009 4:39:34 AM - System Checkpoint
RP1328: 10/1/2009 5:05:16 AM - System Checkpoint
RP1329: 10/2/2009 5:39:32 AM - System Checkpoint
RP1330: 10/3/2009 6:39:31 AM - System Checkpoint
RP1331: 10/4/2009 7:39:31 AM - System Checkpoint
RP1332: 10/4/2009 5:54:22 PM - Installed DirectX
RP1333: 10/4/2009 6:00:13 PM - Installed DirectX
RP1334: 10/5/2009 6:17:40 PM - System Checkpoint
RP1335: 10/6/2009 7:18:12 PM - System Checkpoint
RP1336: 10/8/2009 8:50:37 PM - System Checkpoint

==== Installed Programs ======================

2600
2600_Help
2600Trb
50 FREE MP3s +1 Free Audiobook!
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AIM 6
AiO_Scan
AiOSoftware
AirPlus G
ANIO Service
ANIWZCS2 Service
Anvil Studio
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
ATI Control Panel
ATI Display Driver
avast! Antivirus
Bonjour
BufferChm
Call of Duty(R) 4 - Modern Warfare(TM)
CCScore
Centricity DICOM Viewer
Cheat Engine 5.5
Compaq Connections (remove only)
Compaq Game Console and games
Compaq Multimedia Keyboard Software
Compaq Organize
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
DecX Version 2.0
Destinations
Director
DocProc
DocumentViewer
Doom 3 (TM) Demo
Doom Builder
Doom Builder 2.0
DOOM Collector's Edition
Download Updater (AOL LLC)
Easy Internet Sign-up
eMusic Download Manager 4.1.3
ERUNT 1.1j
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fax
fflink
Free YouTube to Mp3 Converter version 3.2
Full Tilt Poker
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP DigitalMedia Archive
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
HpSdpAppCoreApp
HPSystemDiagnostics
HyperCam 2
IconPackager
InstantShare
InterVideo WinDVD Player
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KeyNote 1.6.5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LightScribe 1.4.31.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft Money 2006 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.14)
MP3 Player Utilities 5.10
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB927977)
Myst III: Exile
netbrdg
NLOP
Notifier
Odamex 0.4.3
OfotoXMI
OpenOffice.org 3.1
Otto
PanoStandAlone
Pawsoft Fass
PC-Doctor 5 for Windows
PC Tools Firewall Plus 5.0
PhotoGallery
PokerStars
Power Tab Editor 1.7
ProductContext
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Readme
RealPlayer
Revo Uninstaller 1.83
Risen3D version 2.2.04
RollerCoaster Tycoon Deluxe
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SFR
SHASTA
SKIN0001
SkinsHP1
SKINXSDK
Skulltag
SlimDX Redistributable (March 2009)
Soldat 1.4.2
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpywareBlaster 4.2
staticcr
Styler
SUPERAntiSpyware Free Edition
System Requirements Lab
tooltips
TrayApp
TuxGuitar
TweetDeck
UltimateBet
UltraISO Premium V9.33
Uninstall 1.0.0.1
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Video Convert
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Warcraft II BNE
Warcraft III: All Products
WebFldrs XP
WebReg
WebSite Downloader 1.1
What's Running 2.2
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WIRELESS
Yahoo! Messenger
ZDaemon (remove only)

==== Event Viewer Messages From Past Week ========

10/9/2009 3:04:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}
10/6/2009 6:04:01 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/6/2009 6:03:13 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
10/6/2009 6:03:08 PM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: An invalid argument was supplied.
10/6/2009 6:02:41 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
10/6/2009 5:57:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/6/2009 5:50:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP Fips SASDIFSV SASKUTIL vmm
10/6/2009 5:50:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/6/2009 5:49:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/6/2009 5:28:14 PM, error: Service Control Manager [7024] - The Media Center Extender Service service terminated with service-specific error 2147549183 (0x8000FFFF).
10/6/2009 5:28:09 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/6/2009 5:26:05 PM, error: Service Control Manager [7034] - The SeekService Service service terminated unexpectedly. It has done this 1 time(s).
10/6/2009 5:26:02 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 1:02:47 AM, error: PSched [14103] - QoS [Adapter {012DDFBD-173E-40EE-AEE4-EF4EE6AE8AC0}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================

________DDS.txt___________

DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Compaq_Administrator at 11:55:04.59 on Sat 10/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.640 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: avast! antivirus 4.8.1351 [VPS 091006-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Video Converter... - c:\program files\mp3 player utilities 5.10\aviconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127362109437
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149835123078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\p1c3jbp5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-6 159600]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 547744]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-14 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-14 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-14 138680]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-5-6 73840]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-5-6 146800]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-14 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-14 352920]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-5-6 95640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?]

=============== Created Last 30 ================

2009-10-09 16:15   552   a-------   c:\windows\system32\d3d8caps.dat
2009-10-04 18:48   <DIR>   --d-----   c:\docume~1\compaq~1\applic~1\LimeWire
2009-09-17 16:38   <DIR>   --d-----   c:\program files\DecXv20
2009-09-17 16:37   249,856   --------   c:\windows\Setup1.exe
2009-09-17 16:37   73,216   a-------   c:\windows\ST6UNST.EXE

==================== Find3M ====================

2009-09-10 14:54   38,224   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53   19,160   a-------   c:\windows\system32\drivers\mbam.sys
2009-08-15 19:02   34   a-------   c:\documents and settings\compaq_administrator\jagex_runescape_preferences.dat
2009-08-06 19:24   327,896   a-------   c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24   209,632   a-------   c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24   35,552   a-------   c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24   53,472   a-------   c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24   96,480   a-------   c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23   575,704   a-------   c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23   1,929,952   a-------   c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23   274,288   a-------   c:\windows\system32\mucltui.dll
2009-08-06 19:23   215,920   a-------   c:\windows\system32\muweb.dll
2009-08-05 02:01   204,800   a-------   c:\windows\system32\mswebdvd.dll
2009-08-05 02:01   204,800   --------   c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48   11,067,392   --------   c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18   5,937,152   --------   c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:49   0   a-------   c:\documents and settings\compaq_administrator\settings.dat
2009-07-17 12:01   58,880   a-------   c:\windows\system32\atl.dll
2009-07-17 12:01   58,880   --------   c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43   10,841,088   a-------   c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43   286,208   a-------   c:\windows\system32\wmpdxm.dll
2009-07-13 23:43   286,208   a-------   c:\windows\system32\dllcache\wmpdxm.dll
2009-05-01 09:44   24,278   a-------   c:\docume~1\compaq~1\applic~1\wklnhst.dat
2008-12-07 00:15   22,328   a-------   c:\docume~1\compaq~1\applic~1\PnkBstrK.sys
2008-10-04 14:40   268   a---h---   c:\program files\sqmdata12.sqm
2008-05-03 10:23   69,120   a-------   c:\docume~1\compaq~1\applic~1\obgargu.exe
2007-10-22 21:20   251   a-------   c:\program files\wt3d.ini
2008-07-31 08:26   32,768   a--sh---   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat

============= FINISH: 11:55:19.59 ===============

cat-bomb · « **Reply #4 on:** October 11, 2009, 10:16:40 PM »

Oh I think I forgot to include that I have no internet in normal mode, only in safemode.

ankur16 · « **Reply #5 on:** October 11, 2009, 11:00:46 PM »

Did you run DDS in normal mode?The below instructions should be performed in normal mode.

1) Please uninstall all viewpoint products .

*Go to control panel>>Add/Remove Programs.Select all viewpoint products such as viewpoint media player etc. and remove them.

2) Please uninstall Adobe Reader 7.Download the latest version from here.

3) Please download combofix from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe directly to your Desktop

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are performing below portion of the instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

a). Close any open browsers.

b). Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (Right click on the avast icon in system tray and choose Stop On-Access Protection )

c). Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

KillAll::

DDS::

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

File::

c:\program files\sqmdata12.sqm

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.Now drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.

cat-bomb · « **Reply #6 on:** October 12, 2009, 09:12:52 AM »

I will get it done when I get home today. And I ran DDS in safemode.

cat-bomb · « **Reply #7 on:** October 12, 2009, 06:28:51 PM »

Here you go, also I have internet in normal mode now!!!!

ComboFix 09-10-12.02 - Compaq_Administrator 10/12/2009 17:15.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.553 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\program files\sqmdata12.sqm"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVM
c:\program files\sqmdata12.sqm
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\viassary-hp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation

((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 00:09 . 2009-10-13 00:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-09 23:15 . 2009-10-09 23:15   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2009-10-05 01:48 . 2009-10-05 02:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\LimeWire
2009-09-17 23:38 . 2009-09-17 23:38   --------   d-----w-   c:\program files\DecXv20
2009-09-17 23:37 . 2009-09-17 23:37   249856   ------w-   c:\windows\Setup1.exe
2009-09-17 23:37 . 2009-09-17 23:37   73216   ----a-w-   c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 00:22 . 2009-01-19 02:09   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-10-12 03:02 . 2009-06-18 01:05   --------   d-----w-   c:\program files\Skulltag
2009-10-12 00:36 . 2009-01-18 03:08   --------   d-----w-   c:\program files\Doom Builder
2009-10-08 01:18 . 2009-09-03 04:57   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-10-07 01:21 . 2009-01-10 00:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-06 19:40 . 2009-06-06 15:58   --------   d-----w-   c:\program files\UltimateBet
2009-10-05 00:59 . 2009-07-06 01:28   --------   d-----w-   c:\program files\Doom Builder 2
2009-09-24 05:34 . 2009-09-05 16:56   --------   d-----w-   c:\program files\odamex
2009-09-23 16:25 . 2006-05-19 00:15   --------   d-----w-   c:\program files\PokerStars
2009-09-22 02:54 . 2009-04-08 04:47   --------   d-----w-   c:\program files\eMusic Download Manager
2009-09-10 21:54 . 2009-05-31 01:51   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-05-31 01:52   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-09 13:57 . 2005-09-22 03:54   --------   d-----w-   c:\program files\Common Files\AOL
2009-09-09 07:10 . 2009-06-14 04:04   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-09 04:16 . 2005-09-22 03:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL
2009-09-08 16:29 . 2009-09-07 17:28   --------   d-----w-   c:\program files\AOL 9.0
2009-09-07 17:31 . 2005-09-22 03:56   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AOL
2009-09-07 17:30 . 2009-09-07 17:28   --------   d-----w-   c:\program files\Common Files\aolshare
2009-09-07 17:30 . 2005-09-22 03:56   --------   d-----w-   c:\program files\Common Files\Nullsoft
2009-09-07 17:24 . 2006-05-14 03:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL Downloads
2009-08-30 15:04 . 2009-08-30 15:04   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\PokerCreations
2009-08-30 14:47 . 2009-08-30 14:47   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\NLOP
2009-08-30 14:47 . 2009-08-30 14:47   --------   d-----w-   c:\program files\NLOP
2009-08-25 22:47 . 2009-08-25 22:41   --------   d-----w-   c:\program files\Microsoft Money 2006
2009-08-25 13:42 . 2005-10-14 03:21   62864   ----a-w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 16:10 . 2009-06-14 22:32   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-14 22:33   93392   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-14 22:33   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-14 22:33   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-14 22:33   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-14 22:33   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-14 22:33   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-14 22:33   26944   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-14 22:33   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-08-16 02:02 . 2008-07-03 06:14   34   ----a-w-   c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat
2009-08-07 02:24 . 2004-08-10 19:00   327896   ----a-w-   c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-10 19:00   209632   ----a-w-   c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-09-22 04:09   44768   ----a-w-   c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-10 19:00   35552   ----a-w-   c:\windows\system32\wups.dll
2009-08-07 02:24 . 2004-08-10 19:00   53472   ----a-w-   c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-10 19:00   96480   ----a-w-   c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-10 19:00   575704   ----a-w-   c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2006-06-09 23:24   274288   ----a-w-   c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2005-05-26 11:19   215920   ----a-w-   c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2004-08-10 19:00   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 19:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-17 19:49 . 2009-07-17 19:49   0   ----a-w-   c:\documents and settings\Compaq_Administrator\settings.dat
2009-07-17 19:01 . 2004-08-10 19:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-15 07:00 . 2009-07-15 07:00   229208   ----a-w-   c:\windows\system32\drivers\VMM.sys
2007-10-23 04:20 . 2007-10-23 04:20   251   ----a-w-   c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Soldat\\Soldat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skulltag\\Skulltag.exe"=
"c:\\Program Files\\Skulltag\\Idese.exe"=
"c:\\Program Files\\Skulltag\\Rcon_Utility.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/14/2009 3:33 PM 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/6/2009 9:37 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 5:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2009 3:33 PM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:00 PM 14336]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [5/6/2009 9:37 PM 73840]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 7:17 PM 547744]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [5/6/2009 9:36 PM 95640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\HPCeeSchedule.job
- c:\progra~1\EASYIN~1\Ceement\HPCEE.exe [2005-05-24 23:46]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Video Converter... - c:\program files\MP3 Player Utilities 5.10\AVIConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\p1c3jbp5.default\
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Centricity DICOM Viewer - c:\program files\Centricity\DICOM Viewer\3.1.1\EN-US\setupw2k

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3802107105-356159331-2220808391-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2009-10-13 17:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 00:26

Pre-Run: 55,247,224,832 bytes free
Post-Run: 55,081,291,776 bytes free

256   --- E O F ---   2009-09-09 07:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:34 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\MP3 Player Utilities 5.10\AVIConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127362109437
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149835123078
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8313 bytes

cat-bomb · « **Reply #8 on:** October 12, 2009, 08:46:11 PM »

Never mind, I cannot get Firefox or IE to work in normal mode.

ankur16 · « **Reply #9 on:** October 13, 2009, 07:03:35 AM »

1) Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
a) Close any open browsers.
b) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

file::

c:\documents and settings\All Users\Application Data\Viewpoint

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.Now drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt in your next reply.

2) Please upload these files to virustotal (one by one ) and post the results in your next reply.

c:\windows\system32\XDva037.sys
c:\windows\system32\XDva167.sys

cat-bomb · « **Reply #10 on:** October 13, 2009, 06:08:17 PM »

Here is my new log. The two file could not be found.

ComboFix 09-10-13.01 - Compaq_Administrator 10/13/2009 16:58.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.573 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\documents and settings\All Users\Application Data\Viewpoint"
.

((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 00:32 . 2009-10-13 00:32   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-13 00:30 . 2009-10-13 04:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-10-13 00:09 . 2009-10-13 00:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-09 23:15 . 2009-10-09 23:15   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2009-10-05 01:48 . 2009-10-05 02:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\LimeWire
2009-09-17 23:38 . 2009-09-17 23:38   --------   d-----w-   c:\program files\DecXv20
2009-09-17 23:37 . 2009-09-17 23:37   249856   ------w-   c:\windows\Setup1.exe
2009-09-17 23:37 . 2009-09-17 23:37   73216   ----a-w-   c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 23:50 . 2009-01-19 02:09   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 23:32 . 2009-01-18 03:08   --------   d-----w-   c:\program files\Doom Builder
2009-10-13 16:30 . 2009-06-06 15:58   --------   d-----w-   c:\program files\UltimateBet
2009-10-13 14:07 . 2009-06-18 01:05   --------   d-----w-   c:\program files\Skulltag
2009-10-08 01:18 . 2009-09-03 04:57   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-10-07 01:21 . 2009-01-10 00:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-05 00:59 . 2009-07-06 01:28   --------   d-----w-   c:\program files\Doom Builder 2
2009-09-24 05:34 . 2009-09-05 16:56   --------   d-----w-   c:\program files\odamex
2009-09-23 16:25 . 2006-05-19 00:15   --------   d-----w-   c:\program files\PokerStars
2009-09-22 02:54 . 2009-04-08 04:47   --------   d-----w-   c:\program files\eMusic Download Manager
2009-09-10 21:54 . 2009-05-31 01:51   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-05-31 01:52   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-09 13:57 . 2005-09-22 03:54   --------   d-----w-   c:\program files\Common Files\AOL
2009-09-09 07:10 . 2009-06-14 04:04   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-09 04:16 . 2005-09-22 03:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL
2009-09-08 16:29 . 2009-09-07 17:28   --------   d-----w-   c:\program files\AOL 9.0
2009-09-07 17:31 . 2005-09-22 03:56   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AOL
2009-09-07 17:30 . 2009-09-07 17:28   --------   d-----w-   c:\program files\Common Files\aolshare
2009-09-07 17:30 . 2005-09-22 03:56   --------   d-----w-   c:\program files\Common Files\Nullsoft
2009-09-07 17:24 . 2006-05-14 03:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL Downloads
2009-08-30 15:04 . 2009-08-30 15:04   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\PokerCreations
2009-08-30 14:47 . 2009-08-30 14:47   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\NLOP
2009-08-30 14:47 . 2009-08-30 14:47   --------   d-----w-   c:\program files\NLOP
2009-08-25 22:47 . 2009-08-25 22:41   --------   d-----w-   c:\program files\Microsoft Money 2006
2009-08-25 13:42 . 2005-10-14 03:21   62864   ----a-w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 16:10 . 2009-06-14 22:32   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-14 22:33   93392   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-14 22:33   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-14 22:33   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-14 22:33   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-14 22:33   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-14 22:33   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-14 22:33   26944   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-14 22:33   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-08-16 02:02 . 2008-07-03 06:14   34   ----a-w-   c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat
2009-08-07 02:24 . 2004-08-10 19:00   327896   ----a-w-   c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-10 19:00   209632   ----a-w-   c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-09-22 04:09   44768   ----a-w-   c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-10 19:00   35552   ----a-w-   c:\windows\system32\wups.dll
2009-08-07 02:24 . 2004-08-10 19:00   53472   ------w-   c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-10 19:00   96480   ----a-w-   c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-10 19:00   575704   ----a-w-   c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2006-06-09 23:24   274288   ----a-w-   c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2005-05-26 11:19   215920   ----a-w-   c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2004-08-10 19:00   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 19:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-17 19:49 . 2009-07-17 19:49   0   ----a-w-   c:\documents and settings\Compaq_Administrator\settings.dat
2009-07-17 19:01 . 2004-08-10 19:00   58880   ----a-w-   c:\windows\system32\atl.dll
2007-10-23 04:20 . 2007-10-23 04:20   251   ----a-w-   c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_00.22.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 23:50 . 2009-10-13 23:50   16384 c:\windows\Temp\Perflib_Perfdata_390.dat
+ 2005-06-07 06:55 . 2009-10-13 23:55   72652 c:\windows\system32\perfc009.dat
+ 2009-10-13 00:30 . 2009-10-13 00:30   20480 c:\windows\Installer\84803.msi
+ 2005-06-07 06:55 . 2009-10-13 23:55   444472 c:\windows\system32\perfh009.dat
+ 2009-10-13 00:33 . 2009-10-13 00:33   3938816 c:\windows\Installer\84809.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.0\AOL.EXE" [2007-04-18 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Soldat\\Soldat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skulltag\\Skulltag.exe"=
"c:\\Program Files\\Skulltag\\Idese.exe"=
"c:\\Program Files\\Skulltag\\Rcon_Utility.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/14/2009 3:33 PM 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/6/2009 9:37 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 5:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2009 3:33 PM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:00 PM 14336]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [5/6/2009 9:37 PM 73840]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 7:17 PM 547744]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [5/6/2009 9:36 PM 95640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\HPCeeSchedule.job
- c:\progra~1\EASYIN~1\Ceement\HPCEE.exe [2005-05-24 23:46]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\p1c3jbp5.default\
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3802107105-356159331-2220808391-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-14 17:06
ComboFix-quarantined-files.txt 2009-10-14 00:06
ComboFix2.txt 2009-10-13 00:26

Pre-Run: 54,755,573,760 bytes free
Post-Run: 54,760,435,712 bytes free

222   --- E O F ---   2009-09-09 07:04

cat-bomb · « **Reply #11 on:** October 13, 2009, 07:42:38 PM »

Things are running great right now, I have full connection with Firefox in normal mode.

ankur16 · « **Reply #12 on:** October 14, 2009, 11:05:36 AM »

1) Please manually delete this file

c:\documents and settings\All Users\Application Data\Viewpoint

2) * Right-Click My Computer choose Explore, click on Tools, Folder Options.
* Click the View tab.
* Place a tick next to Display content of System folders, (answer OK to warnings)
* Under Hidden files and folders, click Show hidden files and folders.
* If you see a warning message, click Yes.
* Click Apply.
* Click OK.

Now please upload these files to virustotal and post the results in your next reply.

c:\windows\system32\XDva037.sys
c:\windows\system32\XDva167.sys

Computer Hope Forum

News:

Author Topic: Infecton I think. (Read 6878 times)

cat-bomb

Infecton I think.

cat-bomb

Re: Infecton I think.

ankur16

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

ankur16

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

ankur16

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

cat-bomb

Re: Infecton I think.

ankur16

Re: Infecton I think.