PDA

View Full Version : Bad infection



Mirrabooka
2009-10-25, 02:03
Dear Spybot,

My computer is infected with a virus/spyware. It prevents me from booting to my active destop and often causes the computer to freeze up. I have tried running system restore and Spybot SD but the infection has disabled these. My security software is Bigpond security which does not seem to have been successful in preventing the infection. It was disabled but is now running again.

Your help would be much appreciated

Blade81
2009-10-28, 08:26
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

Mirrabooka
2009-10-29, 23:27
Hi Blade,

When I try to launch the DDS window it opens for about a second then disappears. Same happens in safe mode. GMER runs OK. Log posted below:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit quick scan 2009-10-30 08:24:30
Windows 5.1.2600 Service Pack 3
Running: pzbc2w3f.exe; Driver: C:\DOCUME~1\RW\LOCALS~1\Temp\kxtdrpow.sys


---- System - GMER 1.0.15 ----

Code 86BF8EE8 ZwDuplicateObject
Code 86CFDC70 ZwSetInformationFile
Code 86CEBC48 ZwSetSystemInformation
Code 86CB2398 ZwWriteFile
Code 86BF8EE7 NtDuplicateObject
Code 86CFDC6F NtSetInformationFile
Code 86CB2397 NtWriteFile

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat Code 86B1B668

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip GRTdiMon.sys (GRTdiMon TDI Filter Driver/Authentium Inc)
Device \Driver\Tcpip \Device\Tcp GRTdiMon.sys (GRTdiMon TDI Filter Driver/Authentium Inc)
Device \Driver\Tcpip \Device\Udp GRTdiMon.sys (GRTdiMon TDI Filter Driver/Authentium Inc)
Device \Driver\Tcpip \Device\RawIp GRTdiMon.sys (GRTdiMon TDI Filter Driver/Authentium Inc)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Blade81
2009-10-30, 08:06
Hi,

Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

See if you're able to run DDS after that.

Mirrabooka
2009-10-30, 12:01
Exehelper log follows:

exeHelper by Raktor
Build 20091021
Run at 20:52:47 on 10/30/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PopRock
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I still cannot run DDS. The window flashes up for a second and then disappears

Blade81
2009-10-30, 12:07
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Mirrabooka
2009-10-30, 23:10
Running from: C:\Documents and Settings\RW\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\RW\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FB.tmp\ZAP1FB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP200.tmp\ZAP200.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP302.tmp\ZAP302.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\3dadfa52ea2998e88c1462cf025da476

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a8980fd7ec4cd0881ec918c0df651d12\a8980fd7ec4cd0881ec918c0df651d12

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4248c4c189bf5460d6eb98122ea18be\b4248c4c189bf5460d6eb98122ea18be

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

Blade81
2009-10-31, 00:07
Hi,

Looks like the tool didn't get enough time to finish. Please run it again letting it run little longer.

Mirrabooka
2009-10-31, 08:21
Yup looks like I got impatient. here is the full log:

Running from: C:\Documents and Settings\RW\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\RW\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FB.tmp\ZAP1FB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP200.tmp\ZAP200.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP302.tmp\ZAP302.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\3dadfa52ea2998e88c1462cf025da476

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a8980fd7ec4cd0881ec918c0df651d12\a8980fd7ec4cd0881ec918c0df651d12

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4248c4c189bf5460d6eb98122ea18be\b4248c4c189bf5460d6eb98122ea18be

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 11:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 11:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 11:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-10 08:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

Blade81
2009-10-31, 11:58
Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.


Files to move:
C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll
In the avenger window, click the Paste Script from Clipboard, http://img220.imageshack.us/img220/8923/pastets4.png button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.


Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

Mirrabooka
2009-10-31, 23:23
Hi,

I have done what you suggested. here are the results:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Nov 01 08:04:21 2009

08:04:16: Error: can't close file descriptor 3 (error 5: access is denied.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Running from: C:\Documents and Settings\RW\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\RW\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FB.tmp\ZAP1FB.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FB.tmp\ZAP1FB.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP200.tmp\ZAP200.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP200.tmp\ZAP200.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP302.tmp\ZAP302.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP302.tmp\ZAP302.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\3dadfa52ea2998e88c1462cf025da476

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\3dadfa52ea2998e88c1462cf025da476

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a8980fd7ec4cd0881ec918c0df651d12\a8980fd7ec4cd0881ec918c0df651d12

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a8980fd7ec4cd0881ec918c0df651d12\a8980fd7ec4cd0881ec918c0df651d12

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4248c4c189bf5460d6eb98122ea18be\b4248c4c189bf5460d6eb98122ea18be

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4248c4c189bf5460d6eb98122ea18be\b4248c4c189bf5460d6eb98122ea18be

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!

Blade81
2009-11-01, 11:19
Good. See if you're able to run DDS now :)

Mirrabooka
2009-11-01, 22:08
OK DDS ran successfully this time:

DDS (Ver_09-09-29.01) - NTFSx86
Run by RW at 7:00:33.59 on Mon 11/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.513 [GMT 11:00]

AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\RW\Desktop\test.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: AuthPopupBHO01.cBHO: {3c7195f6-d788-4d50-ba72-2ee212edac78} - c:\program files\bigpond\security\app\popupbho01.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: BigPond Security Popup Blocker: {2c0a5f28-48d8-408b-9172-9c6121025bce} - c:\program files\bigpond\security\app\popupbho01.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EPSON Stylus Photo R250 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB001" /M "Stylus Photo R250"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

============= SERVICES / DRIVERS ===============

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2009-1-27 21000]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2009-1-27 39688]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-11-19 164480]
R3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-11-19 140672]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-1-30 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-1-30 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-1-30 93328]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\rw\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\rw\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-12 155648]

=============== Created Last 30 ================

2009-11-01 08:04 135,168 a------- C:\zip.exe
2009-11-01 08:04 574 a------- C:\cleanup.bat
2009-10-28 20:37 <DIR> --d----- c:\windows\LastGood(12)
2009-10-28 20:36 <DIR> --d----- c:\windows\LastGood(11)
2009-10-28 20:34 <DIR> --d----- c:\windows\LastGood(10)
2009-10-28 12:28 <DIR> --d----- c:\windows\LastGood(9)
2009-10-28 12:26 <DIR> --d----- c:\windows\LastGood(8)
2009-10-28 12:26 <DIR> --d----- c:\windows\LastGood(7)
2009-10-28 12:24 <DIR> --d----- c:\windows\LastGood(6)
2009-10-25 10:28 <DIR> --d----- c:\windows\LastGood(5)
2009-10-25 10:27 <DIR> --d----- c:\windows\LastGood(4)
2009-10-23 10:25 <DIR> --d----- c:\windows\LastGood(3)
2009-10-21 15:35 <DIR> --d----- c:\windows\LastGood(2)
2009-10-20 07:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-20 07:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy(2)
2009-10-19 18:27 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 16:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy(3)
2009-10-18 19:00 0 a------- c:\windows\win32k.sys
2009-10-17 07:30 1,324 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-09-12 01:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-12 01:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 08:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-05 08:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 21:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 21:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 16:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 16:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 19:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 19:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-14 02:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-12 23:22 182,294 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 20:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 20:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 02:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-05 02:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-05 01:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-05 01:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-05 01:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-10 14:57 526 a------- c:\program files\Shortcut (2) to ComboFix.exe.lnk
2009-07-10 14:57 526 a------- c:\program files\Shortcut to ComboFix.exe.lnk
2009-07-10 12:48 939,956 a------- c:\program files\7z465.exe
2009-07-09 00:41 696 a------- c:\program files\Malwarebytes' Anti-Malware.lnk
2007-01-31 09:48 124 a------- c:\docume~1\rw\applic~1\wklnhst.dat
2008-11-22 12:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 7:01:05.85 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2007 2:35:26 PM
System Uptime: 11/2/2009 6:56:23 AM (1 hours ago)

Motherboard: Dell Inc. | | 0RT486
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1831/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 18.252 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3C74D038424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3C74D038424FC000
Service: NIC1394

==== System Restore Points ===================

RP70: 11/1/2009 8:19:44 AM - System Checkpoint
RP71: 11/1/2009 8:56:56 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Anti-Spyware (Aluria)
Anti-Virus (Command Software)
AppSight COM Black Box
ArcSoft PhotoStudio 5.5
Authentium AntiVirus SDK - 2
Authentium Web Install Helper
BigPond (BIUS)
BigPond Security
BigPond Wireless Broadband 2.10.5
BlackBerry Desktop Software 4.3
Broadcom Management Programs
Canon iP1300
Canon iP4200
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
DataView
Dell Support 3.2.1
Dell System Restore
Digital Line Detect
doPDF 5.3 printer
EPSON Easy Photo Print
EPSON Printer Software
ERUNT 1.1j
ESP
ESPR250 User's Guide
ffvfw (uninstall only)
Firewall (Core 2)
Firewall (User)
FLV Player 2.0, build 23
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 14
MapInfo Professional 8.5
mCore
MCU
mDrWiFi
MediaDirect
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft SQL Server Management Objects Collection
Microsoft SQL Server Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
Mixer
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
OutlookAddinSetup
Petrosys 15.3 for Windows
PetroView
PetroView MapInfo Application
Popup Blocker
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Media Manager
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sentinel Protection Installer 7.5.0
Skype 3.0
Skype add-on for IE
Skype Plugin Manager
SMT Update Manager
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
Synaptics Pointing Device Driver
Telstra ISDN Setup Program
The KINGDOM Software 8.0 (32-bit)
The KINGDOM Software 8.4 (32-bit)
Third Party Prerequisites
Ulead VideoStudio 8.0 SE DVD
UnixToDos
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VGA USB Camera
Viewpoint Media Player (Remove Only)
Web Filtering (Base 2)
Web Filtering (Base)
Web Filtering (Kids Page)
Web Filtering (RuleSpace CFI Anti-Phishing)
Web Filtering (Rulespace CFI)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

11/2/2009 6:58:11 AM, error: Dhcp [1002] - The IP address lease 203.51.165.98 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.177.159.253 (The DHCP Server sent a DHCPNACK message).
11/2/2009 6:52:45 AM, error: Dhcp [1002] - The IP address lease 60.231.18.78 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 203.51.165.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 9:20:06 AM, error: Dhcp [1002] - The IP address lease 124.186.168.116 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 121.219.107.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 9:19:11 AM, error: Dhcp [1002] - The IP address lease 124.183.110.76 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.186.168.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 9:14:53 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
11/1/2009 9:06:53 AM, error: Dhcp [1002] - The IP address lease 124.177.71.101 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.183.110.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 8:40:45 PM, error: Dhcp [1002] - The IP address lease 124.177.69.239 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 60.231.18.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 8:18:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'KB904706' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/1/2009 8:07:41 AM, error: Dhcp [1002] - The IP address lease 124.179.68.167 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.177.71.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 8:06:43 PM, error: Dhcp [1002] - The IP address lease 143.238.233.16 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.177.69.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 7:58:17 AM, error: Dhcp [1002] - The IP address lease 124.184.182.240 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.179.68.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 6:01:14 PM, error: Dhcp [1002] - The IP address lease 121.216.228.192 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 143.238.233.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 5:57:41 PM, error: Dhcp [1002] - The IP address lease 124.179.18.80 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 121.216.228.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 5:56:45 PM, error: Dhcp [1002] - The IP address lease 124.177.122.126 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.179.18.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 5:56:06 PM, error: Dhcp [1002] - The IP address lease 58.170.197.229 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.177.122.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 12:05:26 PM, error: Dhcp [1002] - The IP address lease 60.229.30.120 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 58.170.197.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 12:05:12 PM, error: Dhcp [1002] - The IP address lease 124.186.99.31 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 60.229.30.253 (The DHCP Server sent a DHCPNACK message).
11/1/2009 11:45:37 AM, error: Dhcp [1002] - The IP address lease 121.219.107.61 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.186.99.253 (The DHCP Server sent a DHCPNACK message).
10/31/2009 8:02:58 AM, error: Dhcp [1002] - The IP address lease 58.165.80.151 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.184.182.253 (The DHCP Server sent a DHCPNACK message).
10/30/2009 9:55:23 AM, error: Dhcp [1002] - The IP address lease 124.185.20.38 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.186.96.253 (The DHCP Server sent a DHCPNACK message).
10/30/2009 8:47:30 AM, error: Dhcp [1002] - The IP address lease 124.180.125.77 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.185.20.253 (The DHCP Server sent a DHCPNACK message).
10/30/2009 8:21:35 AM, error: Dhcp [1002] - The IP address lease 143.238.64.132 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.180.125.253 (The DHCP Server sent a DHCPNACK message).
10/30/2009 8:17:47 PM, error: Dhcp [1002] - The IP address lease 124.186.96.196 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 58.165.80.253 (The DHCP Server sent a DHCPNACK message).
10/30/2009 8:13:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/30/2009 8:01:42 AM, error: Dhcp [1002] - The IP address lease 124.176.104.125 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 143.238.64.253 (The DHCP Server sent a DHCPNACK message).
10/29/2009 2:07:10 PM, error: Print [6161] - The document outbind://43-000000008DFB10C4DDBF084B89D5223A726BD379E40E7000/ owned by RW failed to print on printer Canon iP4200. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 236360. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\ROGER. Win32 error code returned by the print processor: 13 (0xd).
10/29/2009 2:00:08 PM, error: Print [6161] - The document outbind://37-000000008DFB10C4DDBF084B89D5223A726BD379E40D7000/ owned by RW failed to print on printer Canon iP4200. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 248160. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\ROGER. Win32 error code returned by the print processor: 13 (0xd).
10/28/2009 8:46:28 AM, error: Dhcp [1002] - The IP address lease 124.183.73.210 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.185.151.253 (The DHCP Server sent a DHCPNACK message).
10/28/2009 8:42:25 PM, error: Dhcp [1002] - The IP address lease 124.185.151.244 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.176.104.253 (The DHCP Server sent a DHCPNACK message).
10/28/2009 8:40:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10/28/2009 8:40:03 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
10/28/2009 8:30:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/28/2009 8:29:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/28/2009 8:25:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/28/2009 8:25:13 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2009 8:25:13 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2009 8:25:13 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2009 8:25:13 PM, error: Service Control Manager [7001] - The Authentium TDI Mon service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2009 12:09:59 PM, error: Service Control Manager [7034] - The BigPond Security System Service service terminated unexpectedly. It has done this 1 time(s).
10/27/2009 8:52:11 AM, error: Dhcp [1002] - The IP address lease 58.170.22.187 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 124.177.104.253 (The DHCP Server sent a DHCPNACK message).
10/26/2009 7:09:50 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer RHI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{71EBE600-1C0A-4104-97. The master browser is stopping or an election is being forced.
10/26/2009 7:09:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/26/2009 7:08:54 PM, error: Dhcp [1002] - The IP address lease 123.211.114.235 for the Network Card with network address 00A0D5FFFF93 has been denied by the DHCP server 58.170.22.253 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Blade81
2009-11-02, 09:04
Hello again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Mirrabooka
2009-11-03, 02:39
Hi again,
Signs of improvement!

DDS (Ver_09-09-29.01) - NTFSx86
Run by RW at 11:33:43.21 on Tue 11/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.492 [GMT 11:00]

AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\RW\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: AuthPopupBHO01.cBHO: {3c7195f6-d788-4d50-ba72-2ee212edac78} - c:\program files\bigpond\security\app\popupbho01.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~3\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: BigPond Security Popup Blocker: {2c0a5f28-48d8-408b-9172-9c6121025bce} - c:\program files\bigpond\security\app\popupbho01.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EPSON Stylus Photo R250 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB001" /M "Stylus Photo R250"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~3\SDHelper.dll
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

============= SERVICES / DRIVERS ===============

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2009-1-27 21000]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2009-1-27 39688]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-11-19 164480]
R3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-11-19 140672]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-1-30 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-1-30 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-1-30 93328]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\rw\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\rw\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-12 155648]

=============== Created Last 30 ================

2009-11-03 11:13 161,792 a------- c:\windows\SWREG.exe
2009-11-03 11:13 98,816 a------- c:\windows\sed.exe
2009-11-03 11:13 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:13 <DIR> --d----- C:\ComboFix
2009-11-01 08:04 135,168 a------- C:\zip.exe
2009-11-01 08:04 574 a------- C:\cleanup.bat
2009-10-28 20:37 <DIR> --d----- c:\windows\LastGood(12)
2009-10-28 20:36 <DIR> --d----- c:\windows\LastGood(11)
2009-10-28 20:34 <DIR> --d----- c:\windows\LastGood(10)
2009-10-28 12:28 <DIR> --d----- c:\windows\LastGood(9)
2009-10-28 12:26 <DIR> --d----- c:\windows\LastGood(8)
2009-10-28 12:26 <DIR> --d----- c:\windows\LastGood(7)
2009-10-28 12:24 <DIR> --d----- c:\windows\LastGood(6)
2009-10-25 10:28 <DIR> --d----- c:\windows\LastGood(5)
2009-10-25 10:27 <DIR> --d----- c:\windows\LastGood(4)
2009-10-23 10:25 <DIR> --d----- c:\windows\LastGood(3)
2009-10-21 15:35 <DIR> --d----- c:\windows\LastGood(2)
2009-10-20 07:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-19 18:27 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 19:00 0 a------- c:\windows\win32k.sys
2009-10-17 07:30 1,324 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-10-11 08:10 236,544 a------- c:\windows\PEV.exe
2009-09-12 01:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-12 01:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 08:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-05 08:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 21:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 21:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 16:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 16:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 19:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 19:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-14 02:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 20:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 20:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-10 14:57 526 a------- c:\program files\Shortcut (2) to ComboFix.exe.lnk
2009-07-10 14:57 526 a------- c:\program files\Shortcut to ComboFix.exe.lnk
2009-07-10 12:48 939,956 a------- c:\program files\7z465.exe
2009-07-09 00:41 696 a------- c:\program files\Malwarebytes' Anti-Malware.lnk
2007-01-31 09:48 124 a------- c:\docume~1\rw\applic~1\wklnhst.dat
2008-11-22 12:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 11:34:01.57 ===============

ComboFix 09-11-01.04 - RW 11/03/2009 11:15:40.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.503 [GMT 11:00]
Running from: C:\Documents and Settings\RW\Desktop\ComboFix.exe
AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\Install.inf
C:\WINDOWS\system32\fwxgqvn.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-10-31 21:04:04 . 2009-10-31 21:04:04 574 ----a-w- C:\cleanup.bat
2009-10-31 21:04:04 . 2009-10-31 21:04:04 135168 ----a-w- C:\zip.exe
2009-10-28 09:37:08 . 2009-10-28 09:37:08 0 d-----w- C:\WINDOWS\LastGood(12)
2009-10-28 09:36:16 . 2009-10-28 09:36:16 0 d-----w- C:\WINDOWS\LastGood(11)
2009-10-28 09:34:13 . 2009-10-28 09:34:13 0 d-----w- C:\WINDOWS\LastGood(10)
2009-10-28 01:28:49 . 2009-10-28 01:28:49 0 d-----w- C:\WINDOWS\LastGood(9)
2009-10-28 01:26:59 . 2009-10-28 01:26:59 0 d-----w- C:\WINDOWS\LastGood(8)
2009-10-28 01:26:02 . 2009-10-28 01:26:02 0 d-----w- C:\WINDOWS\LastGood(7)
2009-10-28 01:24:17 . 2009-10-28 01:24:17 0 d-----w- C:\WINDOWS\LastGood(6)
2009-10-24 23:28:23 . 2009-10-24 23:28:23 0 d-----w- C:\WINDOWS\LastGood(5)
2009-10-24 23:27:29 . 2009-10-24 23:27:29 0 d-----w- C:\WINDOWS\LastGood(4)
2009-10-22 23:25:31 . 2009-10-22 23:25:31 0 d-----w- C:\WINDOWS\LastGood(3)
2009-10-21 04:35:38 . 2009-10-21 04:35:38 0 d-----w- C:\WINDOWS\LastGood(2)
2009-10-19 20:25:55 . 2009-11-02 23:47:49 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-10-19 19:32:29 . 2009-10-19 20:23:36 0 d-----w- C:\WINDOWS\BDOSCAN8
2009-10-19 07:27:00 . 2009-10-19 20:25:09 0 dc----w- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 07:26:40 . 2009-10-19 20:25:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-18 08:00:10 . 2009-10-31 20:55:37 0 ----a-w- C:\WINDOWS\win32k.sys
2009-10-16 20:30:40 . 2009-11-03 00:04:35 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 00:09:11 . 2007-02-04 20:38:51 0 d-----w- C:\Documents and Settings\RW\Application Data\Skype
2009-11-02 23:26:43 . 2007-02-13 23:43:07 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-19 07:26:40 . 2007-02-10 08:49:50 0 d-----w- C:\Program Files\Lavasoft
2009-10-18 02:14:44 . 2008-11-22 00:36:29 0 d-----w- C:\Program Files\Common Files\Adobe
2009-09-11 14:18:39 . 2005-08-15 20:18:27 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 21:03:36 . 2005-08-15 20:18:25 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-09-03 07:05:48 . 2007-01-09 10:52:02 79032 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 06:59:10 . 2009-09-03 06:59:10 211928 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-29 07:36:27 . 2005-08-15 20:18:45 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-08-29 07:36:24 . 2005-08-15 20:18:19 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-08-29 07:36:24 . 2005-08-15 20:18:07 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-08-26 08:00:21 . 2005-08-15 20:19:03 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-06 08:24:18 . 2005-08-15 20:40:17 327896 ----a-w- C:\WINDOWS\system32\wucltui.dll
2009-08-06 08:24:18 . 2005-08-15 20:40:17 209632 ----a-w- C:\WINDOWS\system32\wuweb.dll
2009-08-06 08:24:10 . 2005-08-15 20:40:16 35552 ----a-w- C:\WINDOWS\system32\wups.dll
2009-08-06 08:24:10 . 2005-05-25 17:16:30 44768 ----a-w- C:\WINDOWS\system32\wups2.dll
2009-08-06 08:24:06 . 2005-08-15 20:40:16 53472 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 08:24:04 . 2005-08-15 20:18:04 96480 ----a-w- C:\WINDOWS\system32\cdm.dll
2009-08-06 08:23:54 . 2005-08-15 20:40:16 575704 ----a-w- C:\WINDOWS\system32\wuapi.dll
2009-08-06 08:23:46 . 2005-08-15 20:40:16 1929952 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2009-08-05 09:01:48 . 2005-08-15 20:18:27 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-10 03:57:45 . 2009-07-10 03:57:45 526 ----a-w- C:\Program Files\Shortcut (2) to ComboFix.exe.lnk
2009-07-10 03:57:39 . 2009-07-10 03:57:39 526 ----a-w- C:\Program Files\Shortcut to ComboFix.exe.lnk
2009-07-10 01:48:06 . 2009-07-10 01:48:06 939956 ----a-w- C:\Program Files\7z465.exe
2009-07-08 13:41:05 . 2009-07-08 13:41:05 696 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-09 18:24:00 20480]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 04:36:52 25370152]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 17:40:32 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 06:01:14 67584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 10:48:02 761947]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44:18 98304]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 21:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 21:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 21:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 21:00:00 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 01:28:06 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 01:28:26 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 10:51:42 1032192]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 07:57:24 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-09 10:44:02 26112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-07 21:20:00 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-10 17:40:32 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 17:40:34 86960]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 08:16:54 184320]
"EPSON Stylus Photo R250 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE" [2005-04-25 04:00:00 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 04:45:20 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-01 22:45:41 155648]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 03:49:50 1121280]
"BigPondWirelessBroadbandCM"="C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-02-26 05:21:36 2162688]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-15 21:56:14 236016]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41:08 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45:00 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-07 02:38:45 148888]
"ESP"="c:\Program Files\bigpond\security\app\start.exe" [2009-01-27 02:00:44 62952]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 17:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 01:08:30 935288]
"SigmatelSysTrayApp"="stsystra.exe" - C:\WINDOWS\stsystra.exe [2006-03-24 15:30:44 282624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-1-9 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files (x86)\\BMC Software\\AppSight\\Bin\\BBXCOMServer.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP port 135
"4979:TCP"= 4979:TCP:TCP port 4979

R0 GRFILTER;Authentium NDIS Driver;C:\WINDOWS\system32\drivers\GRFilter.sys [1/27/2009 1:24:28 PM 21000]
R2 GRTdiMon;Authentium TDI Mon;C:\WINDOWS\system32\drivers\GRTdiMon.sys [1/27/2009 1:24:28 PM 39688]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 4:01:16 AM 13824]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 2:02:10 AM 328992]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\drivers\wsp_pkt.sys [7/14/2006 4:02:22 AM 13696]
R3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);C:\WINDOWS\system32\drivers\swnc8u52.sys [11/19/2007 6:06:30 PM 164480]
R3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);C:\WINDOWS\system32\drivers\swumx52.sys [11/19/2007 6:06:30 PM 140672]
S0 Lbd;Lbd;C:\WINDOWS\system32\DRIVERS\Lbd.sys --> C:\WINDOWS\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\drivers\cmo_bus.sys [1/30/2007 7:02:49 PM 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\drivers\cmo_mdfl.sys [1/30/2007 7:03:06 PM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\drivers\cmo_mdm.sys [1/30/2007 7:03:06 PM 93328]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\RW\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> C:\DOCUME~1\RW\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\drivers\PA707UCM.SYS [3/12/2007 12:00:07 PM 155648]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF301D7E-380D-484C-8D3F-4D6686D978DF}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 00:58:32 . 2006-10-17 00:58:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

Blade81
2009-11-03, 08:11
Good. Are you familiar with these firewall port openings:
"135:TCP"= 135:TCP:TCP port 135
"4979:TCP"= 4979:TCP:TCP port 4979

Looks like ComboFix log was partial one. Could you post the complete one, please?

Mirrabooka
2009-11-03, 12:35
I can safely say that I know nothing about
"135:TCP"= 135:TCP:TCP port 135
"4979:TCP"= 4979:TCP:TCP port 4979

I re-ran Combo-Fix. Looks like it went to the end this time:


ComboFix 09-11-02.02 - RW 11/03/2009 21:17.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.441 [GMT 11:00]
Running from: c:\documents and settings\RW\Desktop\ComboFix.exe
AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\fwxgqvn.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-10-31 21:04 . 2009-10-31 21:04 574 ----a-w- C:\cleanup.bat
2009-10-31 21:04 . 2009-10-31 21:04 135168 ----a-w- C:\zip.exe
2009-10-28 09:37 . 2009-10-28 09:37 -------- d-----w- c:\windows\LastGood(12)
2009-10-28 09:36 . 2009-10-28 09:36 -------- d-----w- c:\windows\LastGood(11)
2009-10-28 09:34 . 2009-10-28 09:34 -------- d-----w- c:\windows\LastGood(10)
2009-10-28 01:28 . 2009-10-28 01:28 -------- d-----w- c:\windows\LastGood(9)
2009-10-28 01:26 . 2009-10-28 01:26 -------- d-----w- c:\windows\LastGood(8)
2009-10-28 01:26 . 2009-10-28 01:26 -------- d-----w- c:\windows\LastGood(7)
2009-10-28 01:24 . 2009-10-28 01:24 -------- d-----w- c:\windows\LastGood(6)
2009-10-24 23:28 . 2009-10-24 23:28 -------- d-----w- c:\windows\LastGood(5)
2009-10-24 23:27 . 2009-10-24 23:27 -------- d-----w- c:\windows\LastGood(4)
2009-10-22 23:25 . 2009-10-22 23:25 -------- d-----w- c:\windows\LastGood(3)
2009-10-21 04:35 . 2009-10-21 04:35 -------- d-----w- c:\windows\LastGood(2)
2009-10-19 20:25 . 2009-11-02 23:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 19:32 . 2009-10-19 20:23 -------- d-----w- c:\windows\BDOSCAN8
2009-10-19 07:27 . 2009-10-19 20:25 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 07:26 . 2009-10-19 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-18 08:00 . 2009-10-31 20:55 0 ----a-w- c:\windows\win32k.sys
2009-10-16 20:30 . 2009-11-03 09:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 10:16 . 2007-02-04 20:38 -------- d-----w- c:\documents and settings\RW\Application Data\Skype
2009-11-02 23:26 . 2007-02-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-18 02:14 . 2008-11-22 00:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 14:18 . 2005-08-15 20:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-15 20:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 07:05 . 2007-01-09 10:52 79032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 06:59 . 2009-09-03 06:59 211928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-29 07:36 . 2005-08-15 20:18 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-15 20:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-15 20:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2005-08-15 20:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 08:24 . 2005-08-15 20:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 08:24 . 2005-08-15 20:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 08:24 . 2005-08-15 20:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 08:24 . 2005-05-25 17:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 08:24 . 2005-08-15 20:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 08:24 . 2005-08-15 20:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 08:23 . 2005-08-15 20:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 08:23 . 2005-08-15 20:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-10 03:57 . 2009-07-10 03:57 526 ----a-w- c:\program files\Shortcut (2) to ComboFix.exe.lnk
2009-07-10 03:57 . 2009-07-10 03:57 526 ----a-w- c:\program files\Shortcut to ComboFix.exe.lnk
2009-07-10 01:48 . 2009-07-10 01:48 939956 ----a-w- c:\program files\7z465.exe
2009-07-08 13:41 . 2009-07-08 13:41 696 ----a-w- c:\program files\Malwarebytes' Anti-Malware.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-09 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"EPSON Stylus Photo R250 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE" [2005-04-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-01 155648]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-02-26 2162688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-15 236016]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-07 148888]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2009-01-27 62952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-9 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files (x86)\\BMC Software\\AppSight\\Bin\\BBXCOMServer.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP port 135
"4979:TCP"= 4979:TCP:TCP port 4979

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [1/27/2009 1:24 PM 21000]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [1/27/2009 1:24 PM 39688]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 4:01 AM 13824]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 2:02 AM 328992]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 4:02 AM 13696]
R3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [11/19/2007 6:06 PM 164480]
R3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [11/19/2007 6:06 PM 140672]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [1/30/2007 7:02 PM 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [1/30/2007 7:03 PM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [1/30/2007 7:03 PM 93328]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\RW\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\RW\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [3/12/2007 12:00 PM 155648]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{FF301D7E-380D-484C-8D3F-4D6686D978DF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-792168025-4015722930-3137413640-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1696)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
Completion time: 2009-11-03 21:25
ComboFix-quarantined-files.txt 2009-11-03 10:25

Pre-Run: 19,417,137,152 bytes free
Post-Run: 19,374,518,272 bytes free

- - End Of File - - 3633F9DA76FDE299205C82DD0DEFDA92

Blade81
2009-11-03, 18:21
Hi again,

Uninstall Ad-Aware SE Personal since it's not supported anymore. You may get newer version from Lavasoft site if needed.

Open notepad and copy/paste the text in the quotebox below into it:



Rootkit::
c:\windows\win32k.sys
DDS::
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"4979:TCP"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the system running?

Mirrabooka
2009-11-05, 13:26
It took a long time to get Kaspersky to run to completion owing to my poor internet connection. However it is now done. The system is running well although internet speed is unusually slow. Not sure of the reason. I occasionally get a message saying "ESP NT system service launcher has encountered a problem and needs to close". This seems to temporarily freeze up the internet and also my BP security system.

Here are the log files you asked for:

ComboFix 09-11-02.02 - RW 11/04/2009 16:33.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.526 [GMT 11:00]
Running from: c:\documents and settings\RW\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RW\Desktop\CFScript.txt
AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 02:11 . 2006-06-19 05:19 646 ----a-w- c:\windows\system32\hppapr03.DAT
2009-11-04 02:11 . 2006-06-08 05:20 323584 ----a-w- c:\windows\system32\hppcpr03.DLL
2009-10-31 21:04 . 2009-10-31 21:04 574 ----a-w- C:\cleanup.bat
2009-10-31 21:04 . 2009-10-31 21:04 135168 ----a-w- C:\zip.exe
2009-10-28 09:37 . 2009-10-28 09:37 -------- d-----w- c:\windows\LastGood(12)
2009-10-28 09:36 . 2009-10-28 09:36 -------- d-----w- c:\windows\LastGood(11)
2009-10-28 09:34 . 2009-10-28 09:34 -------- d-----w- c:\windows\LastGood(10)
2009-10-28 01:28 . 2009-10-28 01:28 -------- d-----w- c:\windows\LastGood(9)
2009-10-28 01:26 . 2009-10-28 01:26 -------- d-----w- c:\windows\LastGood(8)
2009-10-28 01:26 . 2009-10-28 01:26 -------- d-----w- c:\windows\LastGood(7)
2009-10-28 01:24 . 2009-10-28 01:24 -------- d-----w- c:\windows\LastGood(6)
2009-10-24 23:28 . 2009-10-24 23:28 -------- d-----w- c:\windows\LastGood(5)
2009-10-24 23:27 . 2009-10-24 23:27 -------- d-----w- c:\windows\LastGood(4)
2009-10-22 23:25 . 2009-10-22 23:25 -------- d-----w- c:\windows\LastGood(3)
2009-10-21 04:35 . 2009-10-21 04:35 -------- d-----w- c:\windows\LastGood(2)
2009-10-19 20:25 . 2009-11-02 23:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 19:32 . 2009-10-19 20:23 -------- d-----w- c:\windows\BDOSCAN8
2009-10-19 07:27 . 2009-10-19 20:25 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 07:26 . 2009-10-19 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-16 20:30 . 2009-11-04 01:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 05:13 . 2007-02-04 20:38 -------- d-----w- c:\documents and settings\RW\Application Data\Skype
2009-11-02 23:26 . 2007-02-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-18 02:14 . 2008-11-22 00:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 14:18 . 2005-08-15 20:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-15 20:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 07:05 . 2007-01-09 10:52 79032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 06:59 . 2009-09-03 06:59 211928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-29 07:36 . 2005-08-15 20:18 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-15 20:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-15 20:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2005-08-15 20:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 08:24 . 2005-08-15 20:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 08:24 . 2005-08-15 20:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 08:24 . 2005-08-15 20:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 08:24 . 2005-05-25 17:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 08:24 . 2005-08-15 20:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 08:24 . 2005-08-15 20:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 08:23 . 2005-08-15 20:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 08:23 . 2005-08-15 20:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-10 03:57 . 2009-07-10 03:57 526 ----a-w- c:\program files\Shortcut (2) to ComboFix.exe.lnk
2009-07-10 03:57 . 2009-07-10 03:57 526 ----a-w- c:\program files\Shortcut to ComboFix.exe.lnk
2009-07-10 01:48 . 2009-07-10 01:48 939956 ----a-w- c:\program files\7z465.exe
2009-07-08 13:41 . 2009-07-08 13:41 696 ----a-w- c:\program files\Malwarebytes' Anti-Malware.lnk
.

((((((((((((((((((((((((((((( SnapShot@2009-11-03_00.24.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-04 05:40 . 2009-11-04 05:40 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
+ 2009-11-04 05:12 . 2006-04-24 19:07 69120 c:\windows\system32\spool\prtprocs\w32x86\hpzpp43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 69120 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpzpp43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 69120 c:\windows\system32\spool\drivers\w32x86\3\hpzpp43e.dll
+ 2009-11-04 05:13 . 2004-08-04 01:26 619520 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\UNIRES.DLL
+ 2009-11-04 05:13 . 2004-08-04 01:26 197120 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\UNIDRVUI.DLL
+ 2009-11-04 05:12 . 2004-08-04 01:26 264704 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\UNIDRV.DLL
+ 2009-11-04 05:12 . 2004-07-09 16:56 169472 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\pclxl.dll
+ 2009-11-04 05:12 . 2006-04-24 16:39 562688 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpzss43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 408576 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpzev43e.dll
+ 2009-11-04 05:12 . 2006-04-28 02:10 663624 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpcdmc32.dll
+ 2009-11-04 05:12 . 2006-04-24 16:39 562688 c:\windows\system32\spool\drivers\w32x86\3\hpzss43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 408576 c:\windows\system32\spool\drivers\w32x86\3\hpzev43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 2461696 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpzui43e.dll
+ 2009-11-04 05:12 . 2006-04-24 15:31 3950592 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpzst43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 1390592 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpzls43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:08 1336320 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpz6r43e.dll
+ 2009-11-04 05:12 . 2006-06-01 09:41 1441792 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co79b4\hpbcfgre.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 2461696 c:\windows\system32\spool\drivers\w32x86\3\hpzui43e.dll
+ 2009-11-04 05:12 . 2006-04-24 15:31 3950592 c:\windows\system32\spool\drivers\w32x86\3\hpzst43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:07 1390592 c:\windows\system32\spool\drivers\w32x86\3\hpzls43e.dll
+ 2009-11-04 05:12 . 2006-04-24 19:08 1336320 c:\windows\system32\spool\drivers\w32x86\3\hpz6r43e.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-09 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"EPSON Stylus Photo R250 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE" [2005-04-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-01 155648]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-02-26 2162688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-15 236016]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-07 148888]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2009-01-27 62952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-9 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files (x86)\\BMC Software\\AppSight\\Bin\\BBXCOMServer.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [1/27/2009 1:24 PM 21000]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [1/27/2009 1:24 PM 39688]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 4:01 AM 13824]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 2:02 AM 328992]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 4:02 AM 13696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [1/30/2007 7:02 PM 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [1/30/2007 7:03 PM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [1/30/2007 7:03 PM 93328]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\RW\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\RW\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [3/12/2007 12:00 PM 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [11/19/2007 6:06 PM 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [11/19/2007 6:06 PM 140672]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{FF301D7E-380D-484C-8D3F-4D6686D978DF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 16:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-792168025-4015722930-3137413640-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(416)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\brss01a.exe
c:\program files\bigpond\security\App\syssvcnt.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\stacsv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\bigpond\security\app\Console.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-04 16:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 05:46
ComboFix2.txt 2009-11-03 10:25

Pre-Run: 19,052,883,968 bytes free
Post-Run: 18,965,577,728 bytes free

- - End Of File - - 34C80D3E8BD7F0B811E92A9DC38317C9

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 5, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 05, 2009 07:21:37
Records in database: 3134773
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 82617
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:05:10


File name / Threat / Threats count
C:\Documents and Settings\RW\Bin\cute3532.exe Infected: not-a-virus:AdWare.Win32.Aureate 1
C:\Program Files\unix2dos\setup.exe Infected: Trojan.Win32.BHO.abeo 1

Selected area has been scanned.

DDS (Ver_09-09-29.01) - NTFSx86
Run by RW at 22:16:48.03 on Thu 11/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.542 [GMT 11:00]

AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
svchost.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\RW\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: AuthPopupBHO01.cBHO: {3c7195f6-d788-4d50-ba72-2ee212edac78} - c:\program files\bigpond\security\app\popupbho01.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~3\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BigPond Security Popup Blocker: {2c0a5f28-48d8-408b-9172-9c6121025bce} - c:\program files\bigpond\security\app\popupbho01.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EPSON Stylus Photo R250 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB001" /M "Stylus Photo R250"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~3\SDHelper.dll
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2009-1-27 21000]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2009-1-27 39688]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-1-30 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-1-30 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-1-30 93328]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\rw\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\rw\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-12 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-11-19 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-11-19 140672]

=============== Created Last 30 ================

2009-11-04 17:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-04 16:31 <DIR> --d----- C:\ComboFix
2009-11-04 13:11 323,584 a------- c:\windows\system32\hppcpr03.DLL
2009-11-04 13:11 646 a------- c:\windows\system32\hppapr03.DAT
2009-11-03 11:13 161,792 a------- c:\windows\SWREG.exe
2009-11-03 11:13 98,816 a------- c:\windows\sed.exe
2009-11-03 11:13 77,312 a------- c:\windows\MBR.exe
2009-11-01 08:04 135,168 a------- C:\zip.exe
2009-11-01 08:04 574 a------- C:\cleanup.bat
2009-10-28 20:37 <DIR> --d----- c:\windows\LastGood(12)
2009-10-28 20:36 <DIR> --d----- c:\windows\LastGood(11)
2009-10-28 20:34 <DIR> --d----- c:\windows\LastGood(10)
2009-10-28 12:28 <DIR> --d----- c:\windows\LastGood(9)
2009-10-28 12:26 <DIR> --d----- c:\windows\LastGood(8)
2009-10-28 12:26 <DIR> --d----- c:\windows\LastGood(7)
2009-10-28 12:24 <DIR> --d----- c:\windows\LastGood(6)
2009-10-25 10:28 <DIR> --d----- c:\windows\LastGood(5)
2009-10-25 10:27 <DIR> --d----- c:\windows\LastGood(4)
2009-10-23 10:25 <DIR> --d----- c:\windows\LastGood(3)
2009-10-21 15:35 <DIR> --d----- c:\windows\LastGood(2)
2009-10-20 07:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-19 18:27 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 07:30 1,324 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-11-04 17:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-11 08:10 236,544 a------- c:\windows\PEV.exe
2009-09-12 01:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-12 01:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 08:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-05 08:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 21:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 21:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 16:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 16:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 19:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 19:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-14 02:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-07-10 14:57 526 a------- c:\program files\Shortcut (2) to ComboFix.exe.lnk
2009-07-10 14:57 526 a------- c:\program files\Shortcut to ComboFix.exe.lnk
2009-07-10 12:48 939,956 a------- c:\program files\7z465.exe
2009-07-09 00:41 696 a------- c:\program files\Malwarebytes' Anti-Malware.lnk
2007-01-31 09:48 124 a------- c:\docume~1\rw\applic~1\wklnhst.dat
2008-11-22 12:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 22:17:29.20 ===============

Blade81
2009-11-05, 16:26
Hi,

Are you familiar with those Kaspersky findings? If not, delete the files.

That error message you mentioned seems to be related to your BP Security software. It's recommended to reinstall it.

Mirrabooka
2009-11-05, 23:58
Yes, I am familiar with those findings from Kaspersky. I will re-install BP Security. Thanks very much for your help.

Blade81
2009-11-06, 07:18
You're welcome. Let me know how it goes.

Blade81
2009-11-14, 17:16
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.