Cycler Q Or Similar

**_nicademas** · 2010-07-28, 08:17

Hello.

I was fortunate enough, and grateful, to have Katana help with this system at the end of last year. I had emergency and had to leave in hurry and this system went to my wife who has used until recently. Just got it back and found this site info to come back and get it cleaned once and for all.

Since my wife has used it, things have changed. For instance, she has licensed Avast Internet Security running and Comodo firewall. The Avast and Malwarebytes both found this Cycler variant but were unable to remove it. I've always used Spybot and malwarebytes, so not sure how effective Avast is at this sort of thing. I'm using Firefox exclusively and IE is constantly trying to launch, and does so occasionally. My wife knows enough to be dangerous, but not enough to help me provide more info. She does have Ares running on this system, which I can remove. She has a LOT of soccer/baseball video which I want to offload/save, but afraid to do so until it is clean so I don't infect another hard-drive.

Thank you so much in advance for any assistance.

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 1:00:23.40 on Wed 07/28/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1212 [GMT -5:00]

AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

svchost.exe 4
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe 4
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\pmta\jre\bin\java.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229973284213
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\snfz6iz3.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\owner\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-5-26 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-5-26 188168]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-10 28544]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-5-26 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-5-26 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-5-26 119200]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1769216]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-12-22 200192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-1-29 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-1-29 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-1-29 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-1-29 59776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

==================== Find3M ====================

2010-06-28 20:39:55 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-28 20:39:38 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:38:56 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-05-07 14:02:26 43460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 1:01:46.98 ===============

**Blade81** · 2010-08-03, 09:08

Hi,

Since Avast has a firewall you should uninstall Comodo. It's not recommended to have multiple firewalls installed.

Please post fresh contents of both dds.txt & attach.txt files.

Also, please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

**_nicademas** · 2010-08-04, 06:20

Hi Blade.

Thank you so much for helping me get this system back in order.

I removed Comodo, per your advice.
I am including logs for dds and mbrcheck along with attaching the zipped attach.txt, per its instructions to zip and attach.

Please let me know where to go from here.
Thanks!!

==========================
dds:
==========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:45:13.90 on Tue 08/03/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1215 [GMT -5:00]

AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

svchost.exe 4
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe 4
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229973284213
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\snfz6iz3.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\owner\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-5-26 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-5-26 188168]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-10 28544]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-5-26 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-5-26 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-5-26 119200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-12-22 200192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-1-29 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-1-29 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-1-29 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-1-29 59776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-07-13 20:02:38 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 00:56:02 38848 ----a-w- c:\windows\avastSS.scr

==================== Find3M ====================

2010-06-28 20:39:55 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-28 20:39:38 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:38:56 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-05-07 14:02:26 43460 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 22:46:42.76 ===============

==========================
mbrcheck:
==========================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7286000 spsl.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF726E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7240000 ACPI.sys
0xF722F000 pci.sys
0xF7487000 ohci1394.sys
0xF7497000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF74A7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7211000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF71F2000 ftdisk.sys
0xF798B000 dmload.sys
0xF71CC000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7717000 pavboot.sys
0xF74C7000 VolSnap.sys
0xF71B4000 atapi.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7194000 fltmgr.sys
0xF7182000 sr.sys
0xF716B000 KSecDD.sys
0xF70DE000 Ntfs.sys
0xF70B1000 NDIS.sys
0xF7084000 aswNdis2.sys
0xF798D000 aswNdis.sys
0xF74F7000 Serial.sys
0xF7507000 sbp2port.sys
0xF706A000 Mup.sys
0xF7537000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6611000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF65FD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF65D9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7547000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF67A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6797000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF65B6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7031000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF6787000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6587000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79C3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7029000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6574000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF6519000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6777000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF64F2000 \SystemRoot\system32\drivers\tifm21.sys
0xF64DE000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6488000 \SystemRoot\system32\drivers\camc6hal.sys
0xF6767000 \SystemRoot\system32\drivers\camc6aud.sys
0xF6464000 \SystemRoot\system32\drivers\portcls.sys
0xF6757000 \SystemRoot\system32\drivers\drmk.sys
0xF6433000 \SystemRoot\system32\DRIVERS\HSFHWATI.sys
0xF6335000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6289000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF783F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF700D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6146000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7B46000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6747000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7005000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF612F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6737000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6727000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7867000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF611E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6717000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7877000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7887000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF60EE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7557000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6090000 \SystemRoot\system32\DRIVERS\update.sys
0xF7937000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7597000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79E5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B99000 \SystemRoot\System32\Drivers\Null.SYS
0xF79E9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF777F000 \SystemRoot\System32\drivers\vga.sys
0xF79ED000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7011000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDFED000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDF94000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDF7D000 \SystemRoot\System32\Drivers\aswFW.SYS
0xEDF57000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF75B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF75C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDF2F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEDE6D000 \SystemRoot\System32\drivers\afd.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDE42000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDDD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7607000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79F3000 \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
0xEDDAB000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEDD32000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xEE024000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7627000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77EF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7637000 \SystemRoot\System32\Drivers\btwusb.sys
0xF797F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7657000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDCF2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A1B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEDD9B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF782F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B63000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E3000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8630000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB85E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB83A1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB7DC4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB86E0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7AE9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB7ACD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB797A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB72FF000 \SystemRoot\System32\Drivers\HTTP.sys
0xF774F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
1296 C:\WINDOWS\system32\smss.exe
1356 csrss.exe
1396 C:\WINDOWS\system32\winlogon.exe
1444 C:\WINDOWS\system32\services.exe
1456 C:\WINDOWS\system32\lsass.exe
1564 C:\WINDOWS\system32\svchost.exe
1644 C:\WINDOWS\system32\ati2evxx.exe
1664 C:\WINDOWS\system32\svchost.exe
1780 svchost.exe
1840 C:\WINDOWS\system32\svchost.exe
1920 svchost.exe
148 C:\WINDOWS\system32\svchost.exe
196 svchost.exe
488 C:\Program Files\Alwil Software\Avast5\afwServ.exe
552 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1032 C:\WINDOWS\system32\ati2evxx.exe
1124 C:\WINDOWS\explorer.exe
428 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
468 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
224 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
632 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
652 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
668 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
720 C:\Program Files\Java\jre6\bin\jusched.exe
1900 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
776 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
848 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
1504 C:\WINDOWS\system32\spoolsv.exe
2252 svchost.exe
2280 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2292 C:\Program Files\Bonjour\mDNSResponder.exe
2380 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2600 C:\WINDOWS\system32\svchost.exe
2632 C:\Program Files\Java\jre6\bin\jqs.exe
2772 sqlservr.exe
2944 C:\WINDOWS\system32\svchost.exe
2960 C:\WINDOWS\system32\svchost.exe
2992 sqlbrowser.exe
3148 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3204 C:\WINDOWS\system32\svchost.exe
3224 wdfmgr.exe
1932 wmiprvse.exe
3712 alg.exe
2528 C:\Program Files\HPQ\shared\hpqwmi.exe
304 C:\WINDOWS\system32\wuauclt.exe
1940 C:\Program Files\Java\jre6\bin\jucheck.exe
2708 C:\WINDOWS\system32\notepad.exe
3576 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHU2100AT, Rev: 00000008

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 0592CB042241091BF23AA65F1611AD7CD72CB7DB

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**Blade81** · 2010-08-04, 08:10

Hi,

1. Download this tool to your desktop.
2. Disable protection (some tutorials for disabling here) and run the tool.
3. If/when it prompts for recovery console install let it do so. Follow other prompts and don't do anything while the tool is running.
4. When the tool has finished it will create a report. Post back that report + fresh dds.txt and MBRCheck logs.

**_nicademas** · 2010-08-06, 05:00

Blade...Thank you!!!!!!!

Done, logs follow.

=======================
CFix log:
=======================
ComboFix 10-07-31.01 - Owner 08/04/2010 22:04:02.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1447 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\wCFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\Microsoft
c:\system volume information\Microsoft\services.exe
c:\system volume information\Microsoft\smss.exe

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-04 03:22 . 2010-08-04 03:22 2568656 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-07-24 17:24 . 2010-07-24 17:24 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-389a5bb4-n\msvcp71.dll
2010-07-24 17:24 . 2010-07-24 17:24 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-389a5bb4-n\msvcr71.dll
2010-07-24 17:24 . 2010-07-24 17:24 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-389a5bb4-n\jmc.dll
2010-07-13 20:02 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 00:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 02:37 . 2008-12-23 22:56 -------- d-----w- c:\documents and settings\Owner\Application Data\DMCache
2010-07-14 04:43 . 2009-10-07 01:07 -------- d-----w- c:\documents and settings\Owner\Application Data\CoreFTP
2010-06-28 20:57 . 2010-04-27 04:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:39 . 2010-05-27 03:42 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-28 20:39 . 2010-05-27 03:42 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:38 . 2010-05-27 03:42 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-06-28 20:37 . 2010-04-27 04:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-27 04:01 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-27 04:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-27 04:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-27 04:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-27 04:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-27 04:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-14 14:31 . 2008-12-22 18:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-07 14:02 . 2009-09-19 03:52 43460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 13:52 . 2010-05-07 13:52 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-07-03_04.10.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-05 03:01 . 2010-08-05 03:01 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
- 2008-12-22 18:40 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2008-12-22 18:40 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-07-16 05:05 . 2010-07-16 06:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010071620100717\index.dat
+ 2010-07-15 05:34 . 2010-07-16 04:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010071520100716\index.dat
+ 2010-07-15 05:34 . 2010-07-15 05:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010062820100705\index.dat
- 2010-06-23 17:15 . 2010-07-03 03:54 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-23 17:15 . 2010-08-05 02:43 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-19 04:44 . 2010-07-14 15:10 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-22 18:08 . 2010-08-05 02:43 262144 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-19 04:44 . 2010-06-11 04:50 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-09-19 04:44 . 2010-06-11 04:50 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-09-19 04:44 . 2010-07-14 15:10 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-01-17 01:32 . 2007-01-17 01:32 136032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 18:54 . 2007-04-19 18:54 169312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2010-07-28 05:54 . 2010-07-28 05:54 208896 c:\windows\ERDNT\7-28-2010\Users\00000002\UsrClass.dat
+ 2010-07-28 05:54 . 2005-10-20 17:02 163328 c:\windows\ERDNT\7-28-2010\ERDNT.EXE
+ 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-06-23 17:15 . 2010-08-05 02:43 8945664 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-23 17:15 . 2010-07-03 03:54 8945664 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-25 16:45 . 2010-05-25 16:45 8445440 c:\windows\Installer\3b1ee111.msp
+ 2010-06-11 22:55 . 2010-06-11 22:55 1827328 c:\windows\Installer\3b1ee0fa.msp
+ 2010-07-01 03:52 . 2010-07-01 03:52 5522944 c:\windows\Installer\3b1ee0e2.msp
+ 2007-05-10 18:43 . 2007-05-10 18:43 6688096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2008-12-22 19:58 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-06-11 22:52 . 2010-06-11 22:52 45542912 c:\windows\Installer\3b1ee0fb.msp
+ 2010-07-28 05:54 . 2010-07-28 05:54 29360128 c:\windows\ERDNT\7-28-2010\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-01-05 413696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:4a0187015

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\SqlSAC.exe"=
"c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [5/26/2010 10:42 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [5/26/2010 10:42 PM 188168]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/10/2009 3:08 PM 28544]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [5/26/2010 10:42 PM 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/26/2010 10:42 PM 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2010 11:01 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2010 11:01 PM 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [5/26/2010 10:42 PM 119200]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/22/2008 1:20 PM 200192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 4:27 PM 135664]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 10:35 AM 50704]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [1/29/2009 12:12 PM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [1/29/2009 12:12 PM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [1/29/2009 12:12 PM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [1/29/2009 12:12 PM 59776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/5/2009 2:44 PM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 21:27]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 21:27]

2010-08-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\snfz6iz3.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Owner\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?4?0?5??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-04 22:27:44
ComboFix-quarantined-files.txt 2010-08-05 03:27
ComboFix.txt 2010-08-05 02:43

Pre-Run: 2,016,551,936 bytes free
Post-Run: 2,086,687,744 bytes free

- - End Of File - - 2E265833318F1DB480303476A037A1A6

=======================
DDS log:
=======================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:35:28.32 on Wed 08/04/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1294 [GMT -5:00]

AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229973284213
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\snfz6iz3.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\owner\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-5-26 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-5-26 188168]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-10 28544]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-5-26 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-5-26 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-5-26 119200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-12-22 200192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-1-29 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-1-29 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-1-29 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-1-29 59776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-07-13 20:02:38 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 00:56:02 38848 ----a-w- c:\windows\avastSS.scr

==================== Find3M ====================

2010-06-28 20:39:55 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-28 20:39:38 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:38:56 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-05-07 14:02:26 43460 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 22:35:54.43 ===============

=======================
mbrcheck log:
=======================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 ohci1394.sys
0xF7497000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF74A7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF798B000 dmload.sys
0xF72E4000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7717000 pavboot.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72AC000 fltmgr.sys
0xF729A000 sr.sys
0xF7283000 KSecDD.sys
0xF71F6000 Ntfs.sys
0xF71C9000 NDIS.sys
0xF719C000 aswNdis2.sys
0xF798D000 aswNdis.sys
0xF74F7000 Serial.sys
0xF7507000 sbp2port.sys
0xF7182000 Mup.sys
0xF7937000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7667000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF69AF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF699B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6977000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7687000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6954000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7149000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6925000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6912000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF68B7000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6890000 \SystemRoot\system32\drivers\tifm21.sys
0xF687C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6826000 \SystemRoot\system32\drivers\camc6hal.sys
0xF76C7000 \SystemRoot\system32\drivers\camc6aud.sys
0xF6802000 \SystemRoot\system32\drivers\portcls.sys
0xF76D7000 \SystemRoot\system32\drivers\drmk.sys
0xF67D1000 \SystemRoot\system32\DRIVERS\HSFHWATI.sys
0xF66D3000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6627000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF781F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7131000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF64E4000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7BB0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7129000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF64CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7527000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7847000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF641C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7537000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7857000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7867000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF63EC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7547000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF638E000 \SystemRoot\system32\DRIVERS\update.sys
0xF6AC5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7587000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79C3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BDD000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF775F000 \SystemRoot\System32\drivers\vga.sys
0xF79CB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF777F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF797B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE2EB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE292000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE27B000 \SystemRoot\System32\Drivers\aswFW.SYS
0xEE255000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF75B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF75C7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEE18D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE16B000 \SystemRoot\System32\drivers\afd.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE140000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE0D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79D1000 \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
0xEE0A9000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEE058000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF77CF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6372000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7627000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7637000 \SystemRoot\System32\Drivers\btwusb.sys
0xEE336000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7647000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDFF0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF796B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7807000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B2D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E3000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8640000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB85DC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB83A1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB81E4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB81E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB7FD5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7D18000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7EC5000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7737000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
0xF7991000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF7827000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0xB77F9000 \SystemRoot\System32\Drivers\HTTP.sys
0xF786F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
1200 C:\WINDOWS\system32\smss.exe
1340 csrss.exe
1380 C:\WINDOWS\system32\winlogon.exe
1424 C:\WINDOWS\system32\services.exe
1436 C:\WINDOWS\system32\lsass.exe
1592 C:\WINDOWS\system32\ati2evxx.exe
1620 C:\WINDOWS\system32\svchost.exe
1720 svchost.exe
1776 C:\WINDOWS\system32\svchost.exe
1864 svchost.exe
1992 svchost.exe
400 C:\Program Files\Alwil Software\Avast5\afwServ.exe
472 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1204 C:\WINDOWS\system32\spoolsv.exe
1664 svchost.exe
1688 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1816 C:\Program Files\Bonjour\mDNSResponder.exe
1880 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
344 C:\WINDOWS\system32\svchost.exe
364 C:\Program Files\Java\jre6\bin\jqs.exe
536 sqlservr.exe
1080 sqlbrowser.exe
116 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1988 C:\WINDOWS\system32\svchost.exe
180 wdfmgr.exe
2124 C:\WINDOWS\system32\ati2evxx.exe
3332 alg.exe
1072 C:\WINDOWS\explorer.exe
3604 C:\WINDOWS\system32\wuauclt.exe
2236 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2168 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHU2100AT, Rev: 00000008

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**Blade81** · 2010-08-06, 08:32

Hi again,

Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report & a fresh dds.txt log. Any issues left?

**_nicademas** · 2010-08-07, 23:22

Hi Blade.

Just wanted to drop a quick note advising that I will not be able to complete these latest tasks until tomorrow evening.

Will post back once complete.
Thanks!!!

**Blade81** · 2010-08-07, 23:34

Ok. Thanks for the heads up

**_nicademas** · 2010-08-10, 07:15

Hi Blade.

All steps taken as requested.
Processes are acting normally and the system is "behaving" as if it is clean.

Logs follow...

--------------------------------------------------------------------------------
Kaspersky...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 08, 2010 20:42:20
Records in database: 4133163
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Objects scanned: 61834
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:23:20

No threats found. Scanned area is clean.

Selected area has been scanned.

--------------------------------------------------------------------------------
DDS....
--------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 0:10:32.10 on Tue 08/10/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1224 [GMT -5:00]

AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k HPService
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229973284213
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\snfz6iz3.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\owner\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-5-26 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-5-26 188168]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-10 28544]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-5-26 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-5-26 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-12-22 200192]
S?3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-5-26 119200]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-1-29 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-1-29 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-1-29 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-1-29 59776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-08-09 04:38:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-09 04:38:19 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 04:19:37 0 d-----w- c:\program files\Foxit Software
2010-07-13 20:02:38 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 00:56:02 38848 ----a-w- c:\windows\avastSS.scr

==================== Find3M ====================

2010-06-28 20:39:55 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-28 20:39:38 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:38:56 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

============= FINISH: 0:11:37.15 ===============

**Blade81** · 2010-08-10, 08:21

I'm happy to hear that it's working now

Let's see some final steps.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

hosts file:
- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
2. Click the start button (at the lower left hand corner of your screen)
3. Click run
4. In the dialog box, type services.msc
5. hit enter, then locate dns client
6. Highlight it, then double-click it.
7. On the dropdown box, change the setting from automatic to manual.
8. Click ok
Download and run Secunia Personal Software Inspector (PSI) and fix its findings.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

Thread: Cycler Q Or Similar

Thread Tools

Display

Cycler Q Or Similar

Thanks!!

complete..

No time as yet

All complete.

Posting Permissions