FBI Moneypack Ransom

wmbeyer · Oct 24, 2012

Trojan Hunter, Malewarebytes, and Rougue killer all find kill or quarentene the virus but nothing permanently removes it. I cannot access System Resore even in safe mode command prompt then explorer.

DDS and aswMBR logs follow

DDS (Ver_2012-10-19.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Administrator at 7:06:53 on 2012-10-24
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
.
============== Pseudo HJT Report ===============
.
uProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [taskschd] c:\documents and settings\owner\local settings\application data\microsoft\windows\3261\taskschd.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DHCPNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-10-24 09:59:32 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2012-10-24 09:59:32 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 14:02:04 -------- d-----w- c:\documents and settings\administrator\application data\TrojanHunter
2012-10-23 02:35:21 98816 ----a-w- c:\windows\sed.exe
2012-10-23 02:35:21 256000 ----a-w- c:\windows\PEV.exe
2012-10-23 02:35:21 208896 ----a-w- c:\windows\MBR.exe
2012-10-23 02:05:47 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-23 02:05:29 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-23 02:05:29 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-23 02:05:18 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-09-25 21:33:54 -------- d-----w- C:\Lawrence
.
==================== Find3M ====================
.
2012-10-10 01:08:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 01:08:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 03:21:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-23 03:21:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 08:00:27 177496 ----a-w- c:\windows\system32\drivers\40021495.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 7:07:00.34 ===============

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 07:08:47
-----------------------------
07:08:47.406 OS Version: Windows 5.1.2600 Service Pack 3
07:08:47.406 Number of processors: 1 586 0x408
07:08:47.406 ComputerName: BILLSR UserName:
07:08:49.125 Initialize success
07:08:50.718 AVAST engine defs: 12102302
07:08:53.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:08:53.078 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
07:08:53.109 Disk 0 MBR read successfully
07:08:53.109 Disk 0 MBR scan
07:08:54.671 Disk 0 Windows XP default MBR code
07:08:54.703 Disk 0 scanning sectors +320150880
07:08:56.359 Disk 0 scanning C:\WINDOWS\system32\drivers
07:09:34.531 Service scanning
07:09:51.125 Modules scanning
07:09:56.375 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
07:09:56.390 Disk 0 trace - called modules:
07:09:56.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
07:09:56.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a456ab8]
07:09:59.203 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a4d61f8]
07:09:59.343 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4d0940]
07:10:01.250 AVAST engine scan C:\WINDOWS
07:10:10.734 AVAST engine scan C:\WINDOWS\system32
07:14:15.343 AVAST engine scan C:\WINDOWS\system32\drivers
07:14:41.312 AVAST engine scan C:\Documents and Settings\Administrator
07:14:51.906 AVAST engine scan C:\Documents and Settings\All Users
07:18:32.359 Scan finished successfully
07:27:10.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
07:27:10.406 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

http://forums.spybot.info/showthread.php?p=431831#post431831

Blade81 · Oct 26, 2012

Hi

Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision) sticky. :nono:

Look for c:\ComboFix.txt file and copy-paste its contents + fresh DDS logs (both dds.txt and attach.txt) back here.

wmbeyer · Oct 27, 2012

I also downloaded another program called spyhunter and ran it. I can now use my computer without the Fake warning. However running Malware bytes still finds trojans.
I wont run anything else except at your direction. Here is the MB report as well.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.26.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: BILLSR [administrator]

10/26/2012 5:44:30 PM
mbam-log-2012-10-26 (17-44-30).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 316110
Time elapsed: 1 hour(s), 12 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Owner\Application Data\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Documents and Settings\Owner\Application Data\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)

ComboFix 12-10-22.02 - Administrator 10/24/2012 20:09:07.78.1 - x86 MINIMAL
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-24 09:59 . 2012-10-24 09:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-10-24 09:59 . 2012-10-24 09:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2012-10-24 03:11 . 2012-10-24 03:11 -------- d-----w- c:\documents and settings\Owner\Application Data\hellomoto
2012-10-24 02:48 . 2012-10-24 02:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 14:02 . 2012-10-23 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\TrojanHunter
2012-10-23 02:05 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-23 02:05 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-23 02:05 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-23 02:05 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-09-25 21:33 . 2012-09-25 21:35 -------- d-----w- C:\Lawrence
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 01:08 . 2012-04-04 18:12 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 01:08 . 2011-06-13 23:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2012-02-15 07:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 03:21 . 2012-09-23 03:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-23 03:21 . 2010-05-23 05:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 08:00 . 2012-09-02 08:00 177496 ----a-w- c:\windows\system32\drivers\40021495.sys
2012-08-28 15:14 . 2004-02-06 22:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-11-15 08:23 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-11-15 08:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2003-11-15 07:58 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2003-11-15 08:23 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 08:04 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13 . 2012-01-26 17:56 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-26 17:56 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-01-26 17:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-01-26 17:56 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-01-26 17:56 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-01-26 17:56 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-01-26 17:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-01-26 17:56 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-01-26 17:56 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-26 17:56 227648 ----a-w- c:\windows\system32\aswBoot.exe
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-17 3026944]
"nwiz"="nwiz.exe" [2004-05-17 753664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"taskschd"="c:\documents and settings\Owner\Local Settings\Application Data\Microsoft\Windows\3261\taskschd.exe" [2012-10-22 97792]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56145929.sys]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RecordNow!"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswFW;avast! TDI Firewall driver; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswKbd;aswKbd; [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:08]
.
2012-10-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 09:12]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
.
------- Supplementary Scan -------
.
mSearch Bar =
mWindow Title =
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-24 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1192)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-10-24 20:18:48
ComboFix-quarantined-files.txt 2012-10-25 00:18
ComboFix2.txt 2012-10-23 23:19
ComboFix3.txt 2012-10-23 12:54
.
Pre-Run: 129,368,166,400 bytes free
Post-Run: 129,353,105,408 bytes free
.
- - End Of File - - 6AAEF52009FD03CBFCEF7CF123EDCF25

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:24:05 on 2012-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.908 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/home/x/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DHCPNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-10-22 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-10-22 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-10-22 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-22 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-26 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-26 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-26 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-26 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-10-22 133912]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-15 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 116648]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-15 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250808]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 116648]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-2 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
.
=============== Created Last 30 ================
.
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
2012-10-26 00:06:58 -------- d-----w- C:\sh4ldr
2012-10-26 00:06:58 -------- d-----w- c:\program files\Enigma Software Group
2012-10-26 00:06:39 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-10-26 00:06:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 02:35:21 98816 ----a-w- c:\windows\sed.exe
2012-10-23 02:35:21 256000 ----a-w- c:\windows\PEV.exe
2012-10-23 02:35:21 208896 ----a-w- c:\windows\MBR.exe
2012-10-23 02:05:47 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-23 02:05:29 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-23 02:05:29 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-23 02:05:18 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
==================== Find3M ====================
.
2012-10-10 01:08:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 01:08:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 03:21:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-23 03:21:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 08:00:27 177496 ----a-w- c:\windows\system32\drivers\40021495.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 19:24:15.71 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 19:12:43
-----------------------------
19:12:43.765 OS Version: Windows 5.1.2600 Service Pack 3
19:12:43.765 Number of processors: 1 586 0x408
19:12:43.765 ComputerName: BILLSR UserName: Owner
19:12:44.468 Initialize success
19:12:44.593 AVAST engine defs: 12102601
19:12:47.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:12:47.140 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
19:12:47.156 Disk 0 MBR read successfully
19:12:47.156 Disk 0 MBR scan
19:12:47.156 Disk 0 Windows XP default MBR code
19:12:47.156 Disk 0 Partition 1 00 0B FAT32 RECOVERY 5271 MB offset 63
19:12:47.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151052 MB offset 10795680
19:12:47.156 Disk 0 scanning sectors +320150880
19:12:47.203 Disk 0 scanning C:\WINDOWS\system32\drivers
19:12:59.484 Service scanning
19:13:13.593 Modules scanning
19:13:18.843 Disk 0 trace - called modules:
19:13:18.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:13:19.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5abab8]
19:13:19.359 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8a5d2828]
19:13:19.359 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a644940]
19:13:19.765 AVAST engine scan C:\WINDOWS
19:13:24.171 AVAST engine scan C:\WINDOWS\system32
19:15:22.218 AVAST engine scan C:\WINDOWS\system32\drivers
19:15:38.140 AVAST engine scan C:\Documents and Settings\Owner
19:19:23.312 AVAST engine scan C:\Documents and Settings\All Users
19:22:27.703 Scan finished successfully
19:23:54.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:23:54.718 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Blade81 · Oct 27, 2012

Hi,

Please post attach.txt contents too. It should had been created together with dds.txt file (that you already posted) as a result of DDS run.

wmbeyer · Oct 28, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2004 1:46:47 PM
System Uptime: 10/26/2012 7:01:06 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Diablo
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1994/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 148 GiB total, 118.357 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.061 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1156: 10/19/2012 8:15:12 PM - System Checkpoint
RP1157: 10/19/2012 8:15:46 PM - Hopefully clean
RP1158: 10/19/2012 8:18:51 PM - Made by Regsofts
RP1159: 10/20/2012 3:00:16 AM - Software Distribution Service 3.0
RP1160: 10/21/2012 3:00:19 AM - Software Distribution Service 3.0
RP1161: 10/22/2012 3:00:16 AM - Software Distribution Service 3.0
RP1162: 10/23/2012 8:31:20 AM - Software Distribution Service 3.0
RP1163: 10/23/2012 10:47:35 PM - Restore Operation
RP1164: 10/23/2012 10:53:09 PM - Software Distribution Service 3.0
RP1165: 10/25/2012 7:32:38 PM - Software Distribution Service 3.0
RP1166: 10/25/2012 8:06:57 PM - Installed SpyHunter
RP1167: 10/26/2012 3:00:17 AM - Software Distribution Service 3.0
RP1168: 10/26/2012 8:41:27 AM - Made by Regsofts
RP1169: 10/26/2012 8:47:20 AM - Made by Regsofts
RP1170: 10/26/2012 7:02:51 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Acronis*PrivacyExpert
Active@ Password Changer Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.4)
AiO_Scan
AIOMinimal
AiOSoftware
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft ShowBiz 2
ArcSoft Software Suite
avast! Internet Security
CafeScribe Offline
Calculator Powertoy for Windows XP
CCleaner
CD ROM Applied Management Science 2e
CheckIt Diagnostics
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compaq Connections
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
Director
DocProc
Enhanced Multimedia Keyboard Solution
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ERUNT 1.1j
Fax
Free Window Registry Repair
GdiplusUpgrade
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP PSC & OfficeJet 3.0
HP Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
Java Auto Updater
Java(TM) 6 Update 31
Macromedia Shockwave Player
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.65.1.1000
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint 2003 Template Creation Wizard
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
MS Access 97 SP2
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyScribe
NSS Labs Browser Hardening Utility for IE8
NVIDIA Display Driver
NVIDIA Drivers
PC-Doctor for Windows
PhotoGallery
PhotoshopdotcomInspirationBrowser
Photosmart 140,240,7200,7600,7700,7900 Series
Pop-Up Stopper Free Edition
PrintScreen
Professor Answers
Professor Teaches Excel 2003
Professor Teaches PowerPoint 2003
Professor Teaches Word 2003
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
Readme
RealPlayer
RecordNow!
RegCure
Revo Uninstaller Pro 2.5.8
Scan
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
SkinsHP2
Sonic Update Manager
Spybot - Search & Destroy
SpyHunter
Sybase SQL Anywhere 7 Personal Server
System Security Suite 1.04
Top Comp Calculator
TrayApp
TrojanHunter 5.3
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Virtual Magnifying Glass v3.4
WebFldrs XP
WebReg
Westwood Shared Internet Components
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPatrol 2009
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
10/22/2012 9:22:50 PM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the path specified.
10/22/2012 9:22:50 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/22/2012 9:22:50 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/22/2012 9:22:50 PM, error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
10/22/2012 9:19:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/22/2012 9:17:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/22/2012 7:20:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/22/2012 7:03:42 PM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/22/2012 3:01:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
10/22/2012 10:44:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/22/2012 10:35:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/19/2012 7:42:44 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2012 7:42:44 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
10/19/2012 7:42:44 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Blade81 · Oct 28, 2012

Hi,

Run ComboFix again letting it update itself. Post back the log.

Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 11.0) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 9.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u9-windows-i586.exe to install the newest version.

* Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix log.

wmbeyer · Oct 29, 2012

Completed requested tasks

DDS
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Owner at 21:22:56 on 2012-10-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1035 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/home/x/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DHCPNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-10-22 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-10-22 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-10-22 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-22 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-26 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-26 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-26 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-26 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-10-22 133912]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-15 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 116648]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-15 676936]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 116648]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-2 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
.
=============== Created Last 30 ================
.
2012-10-28 20:09:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-10-28 19:48:16 -------- d-----w- c:\program files\ESET
2012-10-28 19:06:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 19:06:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
2012-10-26 00:06:58 -------- d-----w- C:\sh4ldr
2012-10-26 00:06:58 -------- d-----w- c:\program files\Enigma Software Group
2012-10-26 00:06:39 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-10-26 00:06:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 02:35:21 98816 ----a-w- c:\windows\sed.exe
2012-10-23 02:35:21 256000 ----a-w- c:\windows\PEV.exe
2012-10-23 02:35:21 208896 ----a-w- c:\windows\MBR.exe
2012-10-23 02:05:47 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-23 02:05:29 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-23 02:05:29 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-23 02:05:18 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
==================== Find3M ====================
.
2012-10-28 19:05:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-28 19:05:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 08:00:27 177496 ----a-w- c:\windows\system32\drivers\40021495.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 21:23:39.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2004 1:46:47 PM
System Uptime: 10/28/2012 4:04:04 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Diablo
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1994/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 148 GiB total, 117.018 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.061 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1156: 10/19/2012 8:15:12 PM - System Checkpoint
RP1157: 10/19/2012 8:15:46 PM - Hopefully clean
RP1158: 10/19/2012 8:18:51 PM - Made by Regsofts
RP1159: 10/20/2012 3:00:16 AM - Software Distribution Service 3.0
RP1160: 10/21/2012 3:00:19 AM - Software Distribution Service 3.0
RP1161: 10/22/2012 3:00:16 AM - Software Distribution Service 3.0
RP1162: 10/23/2012 8:31:20 AM - Software Distribution Service 3.0
RP1163: 10/23/2012 10:47:35 PM - Restore Operation
RP1164: 10/23/2012 10:53:09 PM - Software Distribution Service 3.0
RP1165: 10/25/2012 7:32:38 PM - Software Distribution Service 3.0
RP1166: 10/25/2012 8:06:57 PM - Installed SpyHunter
RP1167: 10/26/2012 3:00:17 AM - Software Distribution Service 3.0
RP1168: 10/26/2012 8:41:27 AM - Made by Regsofts
RP1169: 10/26/2012 8:47:20 AM - Made by Regsofts
RP1170: 10/26/2012 7:02:51 PM - Restore Operation
RP1171: 10/27/2012 3:00:18 AM - Software Distribution Service 3.0
RP1172: 10/28/2012 3:00:16 AM - Software Distribution Service 3.0
RP1173: 10/28/2012 2:25:14 PM - Removed Adobe Reader X (10.1.4).
RP1174: 10/28/2012 2:27:17 PM - Removed Java(TM) 6 Update 31
RP1175: 10/28/2012 2:37:45 PM - Installed Adobe Reader XI MUI.
RP1176: 10/28/2012 3:05:40 PM - Installed Java 7 Update 9
RP1177: 10/28/2012 3:58:50 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Acronis*PrivacyExpert
Active@ Password Changer Professional
Adobe Photoshop Album Starter Edition
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI MUI
AiO_Scan
AIOMinimal
AiOSoftware
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft ShowBiz 2
ArcSoft Software Suite
avast! Internet Security
CafeScribe Offline
Calculator Powertoy for Windows XP
CCleaner
CD ROM Applied Management Science 2e
CheckIt Diagnostics
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compaq Connections
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
Director
DocProc
Enhanced Multimedia Keyboard Solution
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ERUNT 1.1j
ESET Online Scanner v3
Fax
Free Window Registry Repair
GdiplusUpgrade
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP PSC & OfficeJet 3.0
HP Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
Java 7 Update 9
Java Auto Updater
Macromedia Shockwave Player
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.65.1.1000
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint 2003 Template Creation Wizard
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
MS Access 97 SP2
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyScribe
NSS Labs Browser Hardening Utility for IE8
NVIDIA Display Driver
NVIDIA Drivers
PC-Doctor for Windows
PhotoGallery
PhotoshopdotcomInspirationBrowser
Photosmart 140,240,7200,7600,7700,7900 Series
Pop-Up Stopper Free Edition
PrintScreen
Professor Answers
Professor Teaches Excel 2003
Professor Teaches PowerPoint 2003
Professor Teaches Word 2003
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
Readme
RealPlayer
RecordNow!
RegCure
Revo Uninstaller Pro 2.5.8
Scan
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
SkinsHP2
Sonic Update Manager
Spybot - Search & Destroy
SpyHunter
Sybase SQL Anywhere 7 Personal Server
System Security Suite 1.04
Top Comp Calculator
TrayApp
TrojanHunter 5.3
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Virtual Magnifying Glass v3.4
WebFldrs XP
WebReg
Westwood Shared Internet Components
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPatrol 2009
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
10/28/2012 4:04:31 PM, error: Dhcp [1002] - The IP address lease 192.168.54.1 for the Network Card with network address 000EA664C943 has been denied by the DHCP server 192.168.54.254 (The DHCP Server sent a DHCPNACK message).
10/28/2012 3:07:12 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/28/2012 3:07:01 PM, error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
10/28/2012 2:25:50 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/23/2012 9:23:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/23/2012 9:20:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/23/2012 8:42:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/23/2012 8:33:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
10/23/2012 8:29:02 AM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the path specified.
10/23/2012 8:29:02 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/23/2012 8:29:02 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/23/2012 8:29:02 AM, error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
10/23/2012 7:18:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/22/2012 7:03:42 PM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/22/2012 10:44:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================

ComboFix 12-10-26.05 - Owner 10/28/2012 15:08:31.79.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1090 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 19:06 . 2012-10-28 19:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 19:06 . 2012-10-28 19:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-26 00:07 . 2012-10-26 00:07 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2012-10-26 00:07 . 2012-10-26 00:07 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2012-10-26 00:07 . 2012-10-26 00:07 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2012-10-26 00:06 . 2012-10-26 00:07 -------- d-----w- C:\sh4ldr
2012-10-26 00:06 . 2012-10-26 00:06 -------- d-----w- c:\program files\Enigma Software Group
2012-10-26 00:06 . 2012-10-26 00:07 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-10-26 00:06 . 2012-10-26 00:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-25 04:27 . 2012-10-25 04:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-10-24 09:59 . 2012-10-24 09:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-10-24 09:59 . 2012-10-24 09:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2012-10-24 02:48 . 2012-10-24 02:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 14:02 . 2012-10-23 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\TrojanHunter
2012-10-23 02:05 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-23 02:05 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-23 02:05 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-23 02:05 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 19:05 . 2003-10-11 12:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-28 19:05 . 2010-05-23 05:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 23:54 . 2012-02-15 07:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 08:00 . 2012-09-02 08:00 177496 ----a-w- c:\windows\system32\drivers\40021495.sys
2012-08-28 15:14 . 2004-02-06 22:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-11-15 08:23 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-11-15 08:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2003-11-15 07:58 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2003-11-15 08:23 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 08:04 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13 . 2012-01-26 17:56 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-26 17:56 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-01-26 17:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-01-26 17:56 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-01-26 17:56 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-01-26 17:56 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-01-26 17:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-01-26 17:56 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-01-26 17:56 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-26 17:56 227648 ----a-w- c:\windows\system32\aswBoot.exe
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-17 3026944]
"nwiz"="nwiz.exe" [2004-05-17 753664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56145929.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10/22/2012 10:05 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10/22/2012 10:05 PM 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [10/22/2012 10:05 PM 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/22/2012 10:05 PM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 1:56 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2012 1:56 PM 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2012 1:56 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [10/22/2012 10:05 PM 133912]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 3:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 3:02 AM 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/16/2012 5:10 AM 399432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/15/2012 3:20 AM 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2012 5:21 PM 116648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/15/2012 3:20 AM 676936]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [10/8/2012 7:21 PM 766400]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 12:01 PM 19984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2012 5:21 PM 116648]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/2/2011 2:28 PM 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 3:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 3:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 3:21 AM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5/13/2011 3:21 AM 114280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 09:12]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/home/x/
uDefault_Search_URL =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(440)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-10-28 15:17:18
ComboFix-quarantined-files.txt 2012-10-28 19:17
ComboFix2.txt 2012-10-25 00:18
ComboFix3.txt 2012-10-23 23:19
ComboFix4.txt 2012-10-23 12:54
.
Pre-Run: 125,902,036,992 bytes free
Post-Run: 125,897,302,016 bytes free
.
- - End Of File - - 255A2AF30EB315D472265F0EEB10C286

Blade81 · Oct 29, 2012

Hi,

Did ESET scan find anything? I didn't see its report listed.

wmbeyer · Oct 29, 2012

If it gave a rewritten report, I did not see one. All that I saw was a no virus found. And when I clicked on the ok, it gave me an offer to buy it. Nothing else.

wmbeyer · Oct 29, 2012

I went into the program file and found a log. Here it is.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=473ccfb36c50ce4092380fc432cfe249
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-28 09:03:43
# local_time=2012-10-28 05:03:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=258 16777214 0 2 33772770 33772770 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=111304
# found=0
# cleaned=0
# scan_time=2943

Blade81 · Oct 30, 2012

Good. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

wmbeyer · Nov 1, 2012

Sorry I am taking so long to get back to you. Before following all your steps, I decided to run my AV programs one more time. All came up clean except Trojan Hunter. It found the following;

Found trojan file: C:\Program Files\Microsoft Money\System\dw15.exe (Luder.109)

Found trojan file: C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP1179\A0120002.exe (Luder.109)

After deleteing these files, I performed the tasked that you asked for and then re-ran all my AV detection programs. All came up clean.

Do you believe that I am clean?

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Owner at 18:45:31 on 2012-11-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.869 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realone player\update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/home/x/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realone player\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DHCPNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-10-22 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-10-22 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-10-22 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-22 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-26 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-26 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-26 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-26 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-10-22 133912]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-15 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 116648]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-15 676936]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 116648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-2 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
.
=============== Created Last 30 ================
.
2012-11-01 01:42:37 -------- d-----w- c:\program files\LSoft Technologies
2012-11-01 01:39:34 -------- d-----w- c:\program files\common files\xing shared
2012-11-01 01:33:55 -------- d-----w- c:\windows\system32\Adobe
2012-11-01 01:27:28 -------- d-----w- c:\documents and settings\owner\local settings\application data\Secunia PSI
2012-11-01 01:27:07 -------- d-----w- c:\program files\Secunia
2012-10-29 06:27:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 06:27:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-28 20:09:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-10-28 19:48:16 -------- d-----w- c:\program files\ESET
2012-10-28 19:06:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 19:06:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
2012-10-26 00:07:02 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
2012-10-26 00:06:58 -------- d-----w- C:\sh4ldr
2012-10-26 00:06:58 -------- d-----w- c:\program files\Enigma Software Group
2012-10-26 00:06:39 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-10-26 00:06:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-24 02:48:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 02:05:47 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-23 02:05:29 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-23 02:05:29 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-23 02:05:18 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
==================== Find3M ====================
.
2012-10-28 19:05:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-28 19:05:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 08:00:27 177496 ----a-w- c:\windows\system32\drivers\40021495.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 18:46:14.20 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2004 1:46:47 PM
System Uptime: 11/1/2012 6:47:56 AM (12 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Diablo
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1994/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 148 GiB total, 118.767 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.062 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1185: 10/31/2012 9:20:49 PM - System Checkpoint
RP1186: 10/31/2012 9:24:20 PM - Software Distribution Service 3.0
RP1187: 10/31/2012 9:34:56 PM - Installed MSXML 4.0 SP3 Parser
RP1188: 10/31/2012 9:42:37 PM - Installed Active@ ISO Burner
RP1189: 10/31/2012 9:44:03 PM - Configured Active@ ISO Burner
RP1190: 10/31/2012 11:57:08 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Acronis*PrivacyExpert
Active@ ISO Burner
Active@ Password Changer Professional
Adobe Flash Player 11 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI MUI
Adobe Shockwave Player 11.6
AiO_Scan
AIOMinimal
AiOSoftware
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft ShowBiz 2
ArcSoft Software Suite
avast! Internet Security
CafeScribe Offline
Calculator Powertoy for Windows XP
CCleaner
CD ROM Applied Management Science 2e
CheckIt Diagnostics
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compaq Connections
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
Director
DocProc
Enhanced Multimedia Keyboard Solution
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ERUNT 1.1j
ESET Online Scanner v3
Fax
Free Window Registry Repair
GdiplusUpgrade
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP PSC & OfficeJet 3.0
HP Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 37
Macromedia Shockwave Player
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.65.1.1000
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint 2003 Template Creation Wizard
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
MS Access 97 SP2
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 6 Service Pack 2 (KB973686)
MyScribe
NSS Labs Browser Hardening Utility for IE8
NVIDIA Display Driver
NVIDIA Drivers
PC-Doctor for Windows
PhotoGallery
PhotoshopdotcomInspirationBrowser
Photosmart 140,240,7200,7600,7700,7900 Series
Pop-Up Stopper Free Edition
PrintScreen
Professor Answers
Professor Teaches Excel 2003
Professor Teaches PowerPoint 2003
Professor Teaches Word 2003
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RecordNow!
RegCure
RegHunter
Revo Uninstaller Pro 2.5.8
Scan
Secunia PSI (3.0.0.4001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
SkinsHP1
SkinsHP2
Sonic Update Manager
Spybot - Search & Destroy
SpyHunter
swMSM
Sybase SQL Anywhere 7 Personal Server
System Security Suite 1.04
Top Comp Calculator
TrayApp
TrojanHunter 5.3
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Virtual Magnifying Glass v3.4
WebFldrs XP
WebReg
Westwood Shared Internet Components
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2009
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
10/28/2012 4:04:31 PM, error: Dhcp [1002] - The IP address lease 192.168.54.1 for the Network Card with network address 000EA664C943 has been denied by the DHCP server 192.168.54.254 (The DHCP Server sent a DHCPNACK message).
10/28/2012 3:07:12 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/28/2012 3:07:01 PM, error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
10/28/2012 2:25:50 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/26/2012 3:01:50 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
10/25/2012 8:01:25 PM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the path specified.
10/25/2012 8:01:25 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/25/2012 8:01:25 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/25/2012 8:01:25 PM, error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
10/25/2012 7:58:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/25/2012 7:55:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/25/2012 7:53:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================

Blade81 · Nov 2, 2012

Hi,

Yes, it looks ok to me

FBI Moneypack Ransom

wmbeyer

New member

Blade81

Security Expert: Emeritus

wmbeyer

New member

Blade81

Security Expert: Emeritus

wmbeyer

New member

Blade81

Security Expert: Emeritus

wmbeyer

New member

Blade81

Security Expert: Emeritus

wmbeyer

New member

wmbeyer

New member

Blade81

Security Expert: Emeritus

wmbeyer

New member

Blade81

Security Expert: Emeritus