Computer infected with Malware...Please help!

**Shaba** · 2011-04-27, 21:14

Looks good

Please re-run DDS and post back fresh logs.

**XP_User** · 2011-04-28, 07:08

Hi again!

Here are the logs as requested.

Also for your info, I ran some scans again yesterday after my post. Spybot and Avast came clean. However, Ad-Aware came up with with some cookies and a malware (Trojan.Win32.Generic!BT) File was quarantined. I'm not sure if it will come up again.

Hope to hear from you again.
Thank you =)

.
DDS (Ver_11-03-05.01) - FAT32x86
Run by Acer at 12:41:02.12 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1077 [GMT 8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\vsnp2std.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Documents and Settings\Acer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.kern.com.au
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\xian\bitcomet\tools\BitCometBHO_1.4.1.27.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Bmoqijaxesab] rundll32.exe "c:\windows\d2nex40.dll",Startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 1
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\acer\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: &D&ownload &with BitComet - d:\xian\bit comet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - d:\xian\bit comet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\xian\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {56C01E6D-8F7C-42DB-A83F-570287E93910} - rundll32.exe " advise1here Below are the DDS logs as requested on the forum post.Thank you in advance1vFrom time to time, Avast tells me it has blocked some malicious software from running for about a week nowa", UnregisterDll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\yrhfw7oj.default\
FF - component: c:\documents and settings\acer\application data\mozilla\firefox\profiles\yrhfw7oj.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: XULRunner: {6E7994FF-AA74-4F97-AB33-DDFFF80A5364} - c:\documents and settings\acer\local settings\application data\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-17 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-17 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-6-21 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-21 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 42184]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-5 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2146496]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-14 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-11 1174152]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
.
=============== Created Last 30 ================
.
2011-04-17 10:15:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-17 07:29:42 -------- d-sh--w- C:\FOUND.058
2011-04-15 07:06:15 -------- d-----w- c:\docume~1\acer\locals~1\applic~1\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}
2011-04-14 10:04:22 -------- d-----w- c:\windows\system32\NtmsData
2011-04-06 07:25:42 -------- d-----w- c:\program files\PC Connectivity Solution
2011-04-06 07:25:11 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-04-06 07:25:11 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-04-06 07:25:10 23040 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-04-06 07:25:09 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-04-04 00:28:47 -------- d-----w- c:\program files\MKVcleaver
2011-04-03 08:35:28 -------- d-----w- c:\docume~1\acer\applic~1\GetRightToGo
2011-04-01 13:09:42 -------- d-----w- c:\program files\MKVtoolnix
2011-04-01 13:03:19 -------- d-----w- c:\program files\AviSynth 2.5
.
==================== Find3M ====================
.
2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 10:23:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:12 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:40 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:56 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:36 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC70P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8AA2F3D0]<<
_asm { MOV EAX, 0x8aa2f2f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8aa35684; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A93DAB8]
\Driver\Disk[0x8A9977D8] -> IRP_MJ_CREATE -> 0x8AA2F3D0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8aa2f3d0
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 12:50:45.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2006 5:55:00 AM
System Uptime: 4/28/2011 12:32:52 PM (0 hours ago)
.
Motherboard: Acer, Inc. | | Prespa M
Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket M2/S1G1 | 1999/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 35 GiB total, 0.4 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 4.413 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0001
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0001
Service: hamachi
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: X6-00
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: X6-00
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1166: 4/19/2011 4:33:49 PM - System Checkpoint
RP1167: 4/25/2011 2:17:02 PM - System Checkpoint
RP1168: 4/26/2011 7:14:55 PM - System Checkpoint
RP1169: 4/27/2011 8:18:22 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
ACDSee Pro
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3079
Acer eLock Management
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer OrbiCam
Acer OrbiCam Utility Bar
Acer Screensaver
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Any Video Converter 3.1.7
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Parental Control & Encoder
avast! Free Antivirus
AviSynth 2.5
BufferChm
C4400
C4400_Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Codec 8.3q
Compatibility Pack for the 2007 Office system
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Defraggler
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
EasyCleaner
ERUNT 1.1j
eSupportQFolder
eTG complete July 2007
Eusing Free Registry Cleaner
Fitness Dash FINAL 1.0.0.127
Google Toolbar for Internet Explorer
GPBaseService
Hamachi 1.0.1.3
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Image Resizer Powertoy for Windows XP
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Junk Mail filter update
LightScribe 1.4.97.1
Linksys EasyLink Advisor
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.106
MarketResearch
Martindale: The Complete Drug Reference
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKVtoolnix 2.2.0
Mozilla Firefox (3.0.8)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia_Multimedia_Common_Components_2_5
NTI Backup NOW! 4.5
NTI CD & DVD-Maker
OCR Software by I.R.I.S. 10.0
OGA Notifier 1.7.0105.35.0
Ovi Desktop Sync Engine
OviMPlatform
PanoStandAlone
PC Connectivity Solution
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Pure Networks Platform
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Rome - Total War
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
Skype™ 4.1
SmartWebPrintingOC
SnagIt 8
SolutionCenter
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
The Sims 2
The Sims™ 2 Bon Voyage
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoptXP v7.22
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
4/25/2011 1:59:38 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/25/2011 1:58:07 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

**XP_User** · 2011-04-28, 07:11

I forgot to mention this.

As windows starts, an error message appears

Error loading C:\WINDOWS\d2nex40.dll
The specified module could not be found.

Should I worry about this? Please advise
Thank you

**Shaba** · 2011-04-28, 19:24

It can be a malware leftover.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

**XP_User** · 2011-04-29, 14:36

Hello again!

I've done the combofix scan as requested.

Before I ran the scan, I've closed all firewalls and antivirus. However, when the scan was started, it said that it detected ad-aware ad-watch was still running. Not sure why, and because I couldn't cancel the operation, I proceeded with the scan. The log of that scan is below. I'm not sure if I should rerun the scan or not.
And, according to the instructions, internet will be disconnected when the scan starts...but there was still a connection throughout the scan.
Just thought you may want to know.

Have a good weekend.

Thank you!

ComboFix 11-04-28.03 - Acer 04/29/2011 19:53:19.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1293 [GMT 8:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Acer\Application Data\igxpgd32.dat
c:\documents and settings\Acer\Application Data\Sun\cetw.txt
c:\documents and settings\Acer\Application Data\Sun\lfmt.txt
c:\documents and settings\Acer\Application Data\Sun\mxd1.txt
c:\documents and settings\Acer\Local Settings\Application Data\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}
c:\documents and settings\Acer\Local Settings\Application Data\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}\chrome.manifest
c:\documents and settings\Acer\Local Settings\Application Data\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}\chrome\content\_cfg.js
c:\documents and settings\Acer\Local Settings\Application Data\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}\chrome\content\overlay.xul
c:\documents and settings\Acer\Local Settings\Application Data\{6E7994FF-AA74-4F97-AB33-DDFFF80A5364}\install.rdf
c:\documents and settings\Acer\RavMonLog
C:\t.txt
c:\windows\system32\autorun.ini
c:\windows\system32\iexp_log.txt
c:\windows\system32\paqbonus.exe
c:\windows\system32\winping.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-22 11:50 . 2011-04-22 11:50 -------- d-----w- c:\program files\ERUNT
2011-04-19 13:23 . 2011-04-19 13:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-17 11:12 . 2011-04-17 11:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-17 10:15 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-17 07:29 . 2011-04-17 07:29 -------- d-----w- C:\FOUND.058
2011-04-14 10:04 . 2011-04-14 10:04 -------- d-----w- c:\windows\system32\NtmsData
2011-04-06 07:25 . 2011-04-06 07:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-04-06 07:25 . 2010-07-30 06:16 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-04-06 07:25 . 2010-07-30 06:16 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-04-06 07:25 . 2010-07-30 06:16 23040 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-04-06 07:25 . 2010-07-30 06:16 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-04-04 00:28 . 2011-04-04 00:28 -------- d-----w- c:\program files\MKVcleaver
2011-04-03 08:35 . 2011-04-03 08:35 -------- d-----w- c:\documents and settings\Acer\Application Data\GetRightToGo
2011-04-01 13:09 . 2011-04-01 13:09 -------- d-----w- c:\program files\MKVtoolnix
2011-04-01 13:03 . 2011-04-01 13:03 -------- d-----w- c:\program files\AviSynth 2.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-07-26 06:06 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2008-06-21 15:23 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2008-06-21 15:24 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2008-06-21 15:24 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2008-06-21 15:24 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2008-06-21 15:24 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2008-06-21 15:24 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2008-06-21 15:24 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2008-06-21 15:24 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-18 10:23 . 2009-05-11 09:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 05:33 . 2004-08-03 21:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-03 21:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-03 21:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-01-09 03:08 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-03 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-03 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42 . 2004-08-03 21:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-03 21:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-03 21:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 06:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-03 21:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 07:52 . 2009-10-31 13:48 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-11 13:25 . 2004-08-03 21:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-03 21:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-03 21:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-03 21:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-08-03 21:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-26 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 766041]
"snp2std"="c:\windows\vsnp2std.exe" [2006-08-09 675840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 346112]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\Acer\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-9 576000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2006-07-28 02:40 208896 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer OrbiCam]
2006-10-16 09:36 434176 ----a-w- c:\windows\AcerOrbiCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2006-08-16 03:20 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 03:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-08-16 03:20 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 14:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2011-01-24 15:25 2200376 ----a-w- c:\program files\CCleaner\ccleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 06:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 13:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 08:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-09-07 11:52 479232 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-10-20 07:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2006-05-15 03:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-16 03:23 16248320 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-08-16 03:21 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-28 22:29 36972 ----a-w- c:\program files\Java\jre1.5.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Publications\\StandaloneBrowser.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Therapeutic Guidelines\\complete\\eTG.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\XIAN\\Bit Comet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12279:TCP"= 12279:TCP:NortonAV
"16911:TCP"= 16911:TCP:NortonAV
"18805:TCP"= 18805:TCP:NortonAV
"17632:TCP"= 17632:TCP:NortonAV
"18258:TCP"= 18258:TCP:NortonAV
"12522:TCP"= 12522:TCP:NortonAV
"15433:TCP"= 15433:TCP:BitComet 15433 TCP
"15433:UDP"= 15433:UDP:BitComet 15433 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"15150:TCP"= 15150:TCP:BitComet 15150 TCP
"15150:UDP"= 15150:UDP:BitComet 15150 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/17/2009 9:47 PM 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/2/2007 7:50 PM 664064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/17/2011 6:15 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/21/2008 11:24 PM 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/21/2008 11:24 PM 19544]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/14/2008 3:43 AM 204800]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 5:05 PM 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 5:05 PM 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 15:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - d:\xian\Bit Comet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - d:\xian\Bit Comet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\yrhfw7oj.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Bmoqijaxesab - c:\windows\d2nex40.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-{56C01E6D-8F7C-42DB-A83F-570287E93910} - advise1here Below are the DDS logs as requested on the forum post.Thank you in advance1vFrom time to time
AddRemove-AviSynth - j:\ac3 convertion\AviSynth 2.5\Uninstall.exe
AddRemove-Fitness Dash FINAL 1.0.0.127 - j:\my games\PlayFirst Games - Fitness Dash FINAL - New Dash [Wendy99]\Fitness Dash FINAL\Uninstall.exe
AddRemove-MKVtoolnix - j:\ac3 convertion\MKVtoolnix\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 20:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-29 20:04:29
ComboFix-quarantined-files.txt 2011-04-29 12:04
.
Pre-Run: 127,533,056 bytes free
Post-Run: 294,453,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 275C60841268AE47310B797D66CFCE6F

**Shaba** · 2011-05-01, 07:39

Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
Once the files have been downloaded, click on the SETTINGS...button.
In the scan settings make sure the following are selected:
- Detect malicious programs of the following categories:
  Viruses, Worms, Trojan Horses, Rootkits
  Spyware, Adware, Dialers and other potentially dangerous programs
- Scan compound files (doesn't apply to the File scan area):
  Archives
  Mail databases
  By default the above items should already be checked.
- Click the SAVE...button, if you made any changes.
Now under the Scan section on the left:
- Select My Computer
The program will start scanning your system. This takes a while, be patient... let it run.
Once the scan is complete it will display if your system has been infected.
Save the scan results as a Text file ... save it to your desktop.
Copy and paste the saved scan results file in your next reply.

**XP_User** · 2011-05-02, 03:53

Hi Shaba,

I couldn't do the scan. I've tried a few times but an error message always pops up. The message says : anti-virus database was updated after license expiry. I'm not sure what else I can do...

Please advise...

Thank you!

Thread: Computer infected with Malware...Please help!

Thread Tools

Display

Hybrid View

Posting Permissions