Case of a very bad Virus(win32 worm)

**Ali999** · 2012-01-03, 01:06

Hello all, Alison here. I am hoping one of the board monitors could help me through a bad virus infecting my home computer. We have spent quite a bit of time trying to resolve, but no luck. No matter what we try, the pc is unusable as the virus keeps coming back.

My symptom is a pc which is unusable in Normal mode as the icons take 15 minutes to load and then take 5-6 minutes to open once you double click. I can really only use the pc in Safe mode, so keep that in mind if anyone is able to guide me through a removal process.

Logs are below

Thank you so much!

Alison

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by HP_Owner at 18:45:51 on 2012-01-02
.
============== Running Processes ===============
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Owner.YOUR-D0F670B45A\Desktop\VIRUS\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [nwiz] nwiz.exe /install
uPolicies-explorer: NoInstrumentation = 1
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{E9E973A8-56AB-48A7-B96B-9370E0D7BADA} : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MpFilter;Microsoft Malware Protection Driver
R? MpKsl66d076ed;MpKsl66d076ed
R? MpKsl7f8815e1;MpKsl7f8815e1
R? MpKslb11d6f08;MpKslb11d6f08
R? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
S? !SASCORE;SAS Core Service
.
=============== Created Last 30 ================
.
2012-01-02 22:38:08 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\MpKsl66d076ed.sys
2012-01-02 22:38:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\offreg.dll
2012-01-02 21:59:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\MpKslb11d6f08.sys
2012-01-02 19:33:19 -------- d-----w- c:\program files\ESET
2012-01-02 13:29:23 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bfc7f81-6935-4e2e-9b06-dd52a8e1b441}\mpengine.dll
2012-01-01 23:30:52 20992 ------w- c:\windows\system32\spupdwxp.exe
2012-01-01 23:29:50 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2012-01-01 23:29:32 30208 ------w- c:\windows\system32\napipsec.dll
2012-01-01 23:29:32 193024 ------w- c:\windows\system32\napmontr.dll
2012-01-01 23:29:32 176640 ------w- c:\windows\system32\napstat.exe
2012-01-01 23:29:32 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
2012-01-01 23:29:31 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2012-01-01 23:29:31 1737856 ------w- c:\windows\system32\mtxparhd.dll
2012-01-01 23:29:30 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2012-01-01 23:29:29 1372672 ------w- c:\windows\system32\msxml6.dll
2012-01-01 23:29:29 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2012-01-01 23:29:29 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2012-01-01 23:29:19 76800 ------w- c:\windows\system32\msshavmsg.dll
2012-01-01 23:29:19 155136 ------w- c:\windows\system32\mssha.dll
2012-01-01 23:27:59 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2012-01-01 23:27:59 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2012-01-01 23:27:59 42368 ------w- c:\windows\system32\drivers\agp440.sys
2012-01-01 23:27:59 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2012-01-01 23:27:59 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2012-01-01 23:27:59 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2012-01-01 23:27:59 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2012-01-01 23:27:59 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2012-01-01 23:27:59 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2012-01-01 23:27:58 136192 ------w- c:\windows\system32\aaclient.dll
2012-01-01 15:55:26 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\TestApp
2012-01-01 02:53:14 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-01 02:53:07 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-01 02:53:00 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-01 02:52:51 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-01 02:52:46 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-01 02:52:44 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-01 02:52:39 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-01 02:52:15 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-01-01 02:52:11 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-01-01 02:50:57 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2012-01-01 02:50:53 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2012-01-01 02:50:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2012-01-01 02:50:41 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-01-01 02:50:37 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-01 02:50:33 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2012-01-01 02:50:29 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2012-01-01 02:50:25 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-01-01 02:50:22 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-01-01 02:50:18 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-01-01 02:50:14 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2012-01-01 02:50:07 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2012-01-01 02:50:03 76288 ----a-w- c:\windows\system32\dllcache\uniime.dll
2012-01-01 02:48:57 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-01-01 02:47:58 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-01 02:46:59 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-01-01 02:45:55 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-01 02:44:57 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-01-01 02:43:56 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-01-01 02:42:58 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-01-01 02:41:58 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-01-01 02:41:52 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2012-01-01 02:41:47 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2012-01-01 02:41:37 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2012-01-01 02:41:31 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-01-01 02:41:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-01-01 02:41:25 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2012-01-01 02:41:22 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-01-01 02:41:16 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2012-01-01 02:41:13 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2012-01-01 02:41:10 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2012-01-01 02:41:08 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-01-01 02:41:05 40320 ----a-w- c:\windows\system32\dllcache\ql1080.sys
2012-01-01 02:39:54 5504 ----a-w- c:\windows\system32\dllcache\perc2hib.sys
2012-01-01 02:38:58 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-01-01 02:38:55 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2012-01-01 02:38:52 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-01-01 02:38:49 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2012-01-01 02:38:46 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-01-01 02:38:42 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-01-01 02:38:30 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-01-01 02:38:27 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-01-01 02:38:24 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2012-01-01 02:38:16 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-01-01 02:38:13 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-01 02:38:10 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-01-01 02:38:02 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-01-01 02:36:58 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2012-01-01 02:36:55 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2012-01-01 02:36:53 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-01-01 02:36:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2012-01-01 02:36:46 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-01-01 02:36:45 452736 ----a-w- c:\windows\system32\dllcache\mtxparhm.sys
2012-01-01 02:36:42 1309184 ----a-w- c:\windows\system32\dllcache\mtlstrm.sys
2012-01-01 02:36:42 126686 ----a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2012-01-01 02:36:24 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-01-01 02:36:14 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-01-01 02:36:11 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-01-01 02:36:00 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-01-01 02:35:57 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-01-01 02:35:44 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-01-01 02:35:36 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-01-01 02:35:28 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2012-01-01 02:35:21 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2012-01-01 02:35:19 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2012-01-01 02:35:14 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2012-01-01 02:35:11 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2012-01-01 02:35:07 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2012-01-01 02:35:02 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2012-01-01 02:33:43 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-01-01 02:33:40 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-01-01 02:33:26 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-01-01 02:33:23 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-01-01 02:33:21 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-01-01 02:33:16 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2012-01-01 02:33:13 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2012-01-01 02:33:10 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2012-01-01 02:33:00 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2012-01-01 02:31:57 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-01-01 02:30:59 150239 ----a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-01-01 02:29:59 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
2012-01-01 02:28:56 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-01-01 02:27:59 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2012-01-01 02:26:58 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys
2012-01-01 02:25:59 3584 ----a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2012-01-01 02:24:59 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys
2012-01-01 02:23:59 39552 ----a-w- c:\windows\system32\dllcache\brparwdm.sys
2012-01-01 02:22:59 63663 ----a-w- c:\windows\system32\dllcache\ati1rvxx.sys
2012-01-01 02:21:21 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-01-01 01:15:14 3584 ----a-r- c:\documents and settings\hp_owner.your-d0f670b45a\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2012-01-01 01:15:14 -------- d-----w- c:\program files\Windows Installer Clean Up
2012-01-01 01:14:59 -------- d-----w- c:\program files\MSECACHE
2011-12-31 23:46:33 -------- d-----w- c:\program files\common files\HP
2011-12-28 16:53:14 -------- d-----w- c:\windows\SendTo
2011-12-28 16:52:36 -------- d-----w- c:\windows\forms
2011-12-28 16:52:35 -------- d-----w- c:\program files\Windows Messaging
2011-12-28 16:51:52 -------- d-----w- c:\program files\Microsoft Office2
2011-12-28 02:32:52 745232 ----a-w- c:\program files\common files\microsoft shared\vba\VBE_cd.DLL
2011-12-28 02:32:52 745232 ----a-w- c:\program files\common files\microsoft shared\vba\VBE.dll
2011-12-27 22:21:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-27 22:11:06 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\Malwarebytes
2011-12-27 22:08:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 21:36:53 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Yahoo!
2011-12-24 02:02:25 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\Registry Mechanic
2011-12-24 01:51:49 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-12-24 01:51:49 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-12-24 01:51:49 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-12-24 01:51:49 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-12-24 01:51:48 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-12-24 01:51:22 -------- d-----w- c:\program files\common files\PC Tools
2011-12-24 01:51:20 -------- d-----w- c:\program files\PC Tools
2011-12-24 01:48:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-12-24 01:48:56 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\Product_RM
2011-12-24 01:30:25 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
2011-12-23 01:55:00 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Google
2011-12-23 00:06:04 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\IECompatCache
2011-12-18 15:36:19 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Help
2011-12-18 15:20:46 -------- d-----w- c:\windows\system32\scripting
2011-12-18 15:20:44 -------- d-----w- c:\windows\system32\en
2011-12-18 15:20:44 -------- d-----w- c:\windows\system32\bits
2011-12-18 15:12:39 617472 ----a-w- c:\windows\system32\comctl32.dll
2011-12-18 15:06:34 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\IsolatedStorage
2011-12-18 15:06:09 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\HP
2011-12-18 08:02:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-12-18 01:48:51 0 ----atw- c:\windows\system32\spdwnwxp.exe
2011-12-18 01:36:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-18 01:36:26 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-18 01:36:26 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-12-17 19:23:15 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-12-17 19:23:14 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-12-17 19:22:53 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2011-12-17 19:22:51 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
2011-12-17 19:22:51 48128 ----a-w- c:\windows\system32\hpzll054.dll
2011-12-17 18:41:35 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-12-17 18:41:35 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-12-17 18:41:35 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2011-12-17 18:41:35 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-12-17 18:41:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-12-17 18:41:33 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2011-12-17 16:51:23 -------- d-----w- c:\program files\Convar
2011-12-17 13:42:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 13:23:02 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\PrivacIE
2011-12-17 13:19:40 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\IETldCache
2011-12-17 12:54:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-17 12:54:58 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-17 12:54:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-17 12:54:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-17 12:54:58 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-12-17 12:54:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-12-17 12:54:58 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-12-17 04:46:31 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-12-17 04:28:09 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-17 04:27:55 353792 ------w- c:\windows\system32\dllcache\srv.sys
2011-12-17 04:27:26 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-12-17 04:27:26 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-12-17 04:27:16 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-12-17 04:26:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-12-17 04:20:09 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2011-12-17 04:20:09 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-12-17 04:20:09 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-12-17 04:20:09 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-12-17 04:20:09 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-12-17 04:20:09 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-12-17 04:20:09 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-12-17 04:20:09 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-12-17 04:20:09 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-12-17 04:20:08 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-12-17 04:20:08 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-17 04:20:07 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-17 04:19:18 138496 ------w- c:\windows\system32\dllcache\afd.sys
2011-12-17 04:09:31 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-12-17 04:07:03 2560 ------w- c:\windows\system32\xpsp4res.dll
2011-12-17 04:07:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-12-17 04:01:14 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-17 04:01:14 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-12-17 04:01:12 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-17 03:35:45 -------- d-----w- c:\windows\system32\PreInstall
2011-12-17 02:54:36 -------- d-sh--r- C:\cmdcons
2011-12-17 02:49:40 6345 ----a-r- c:\windows\system32\DevMngr.vxd
2011-12-17 02:41:29 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\local settings\application data\Adobe
2011-12-17 02:36:36 -------- d-sh--r- c:\windows\system32\dllcache
2011-12-17 02:26:05 -------- d-sh--w- c:\documents and settings\hp_owner.your-d0f670b45a\UserData
2011-12-17 01:09:22 -------- d-----w- c:\documents and settings\hp_owner.your-d0f670b45a\application data\SUPERAntiSpyware.com
2011-12-17 01:04:30 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-12-11 03:50:59 -------- dc-h--w- c:\windows\ie8
2011-12-04 17:20:01 -------- d-----w- c:\program files\Conduit
.
==================== Find3M ====================
.
.
============= FINISH: 18:49:01.18 ===============

Attach.txt Log:

.
==== Installed Programs ======================
.
Adobe Acrobat 6.0 Standard
Adobe Flash Player 11 ActiveX
AiO_Scan_CDA
AiOSoftwareNPI
BroadJump Client Foundation
BufferChm
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Easy Internet Sign-up
ESET Online Scanner v3
F300
F300_Help
Fax_CDA
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HP Support Overview
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareAlert
InstantShareDevicesMFC
J2SE Runtime Environment 5.0 Update 6
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft Office 97, Professional Edition
Microsoft Security Client
Microsoft Security Essentials
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NewCopy_CDA
NVIDIA Drivers
PC-Doctor 5 for Windows
PC Tools Registry Mechanic 11.0
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP (remove only)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== End Of File ===========================

Thread: Case of a very bad Virus(win32 worm)

Thread Tools

Display

Threaded View

Case of a very bad Virus(win32 worm)

Posting Permissions