Not Sure what I got but dont like it!!!

C

CDaddy_20

New member
Anti virus will not run and computer is very slow!

Any help would be greatful!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:47 AM, on 11/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {102BAD8B-CD05-46ff-94FF-A2C1ABD5F7D5} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~2\DEFEND~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8880 bytes
 
Hi,


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
First off thanks so much for your time and helping me!!
Here are the first two the other is still running.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/5/2005 12:09:46 AM
System Uptime: 11/22/2009 12:16:11 AM (58 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 101.645 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/15/2009 8:27:44 PM - System Checkpoint
RP2: 10/16/2009 3:00:21 AM - Software Distribution Service 3.0
RP3: 10/17/2009 3:00:18 AM - Software Distribution Service 3.0
RP4: 10/22/2009 3:00:18 AM - Software Distribution Service 3.0
RP5: 11/5/2009 4:00:18 AM - Software Distribution Service 3.0
RP6: 11/11/2009 3:00:42 AM - Software Distribution Service 3.0

==== Installed Programs ======================

1600
1600_Help
1600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
AllDirtTrackPack2
Apple Mobile Device Support
Apple Software Update
ArcSoft Collage Creator
ArcSoft Greeting Card Creator
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ATI Control Panel
ATI Display Driver
AutoUpdate
AVIConverter 2.0
Bonjour
Bookworm Deluxe 1.03
Broadcom Advanced Control Suite 2
BufferChm
CCleaner (remove only)
CCScore
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
Creative MediaSource
CreativeProjects
CreativeProjectsTemplates
CueTour
Defender Pro Internet Security
Defender Pro PC Repair
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
DellSupport
Destinations
Director
Dirt Track Racing 2
Dirt Trackpack
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
EA.com Update
eMusic Download Manager
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
EPSON Web-To-Page
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fax
fflink
FLV Player
GGE909 PC Recoil Pad
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
Identity Theft Protector 2.0
InstantShare
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iriver Music Manager
iRiver Updater
iTunes
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 16
Kaspersky Online Scanner
Kawasaki Fantasy Motocross
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Logitech Gaming Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.20)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
netbrdg
NHL 2001
Notifier
OfotoXMI
ORR2 v2.1
PanoStandAlone
Photo Click
PhotoGallery
PhotoImpression
PowerDVD 5.3
ProductContext
Pure Networks Network Magic
QFolder
QuickTime
Readme
RealPlayer Basic
rFactor (remove only)
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SHASTA
skin0001
SkinsHP1
SKINXSDK
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson PC Suite 1.20.207
Sound Blaster Audigy 2 ZS
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
staticcr
TeamSpeak 2 RC2
The DirtFactor Late Model
tooltips
TrayApp
UNIVERSAL Rumble Wheel
Unload
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Ventrilo Client
VHR-09 Version 7.0
VideoImpression
VPRINTOL
WCORR Sim Racing Version 1.26
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WIRELESS
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

11/19/2009 11:12:51 PM, error: Service Control Manager [7034] - The Defender Pro Internet Security service terminated unexpectedly. It has done this 2 time(s).
11/19/2009 11:02:24 PM, error: Service Control Manager [7034] - The Defender Pro Internet Security service terminated unexpectedly. It has done this 1 time(s).
11/19/2009 10:38:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Defender Pro Internet Security service to connect.
11/19/2009 10:38:24 AM, error: Service Control Manager [7000] - The Defender Pro Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2009 10:38:24 AM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: The system cannot find the file specified.
11/19/2009 10:25:54 AM, error: Service Control Manager [7034] - The Pure Networks Network Magic Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

DDS (Ver_09-11-24.02) - NTFSx86
Run by Brian2 at 9:59:23.23 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.575 [GMT -5:00]

AV: Defender Pro Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.excite.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {102BAD8B-CD05-46ff-94FF-A2C1ABD5F7D5} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AVP] "c:\program files\defender pro\defender pro internet security 6.0\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: Add to Anti-Banner - c:\program files\defender pro\defender pro internet security 6.0\ie_banner_deny.htm
IE: { - c:\program files\messenger\msmsgs.exe
IE: {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - {93F764AC-24D1-484F-92EA-3C84E31CDF72}
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\defender pro\defender pro internet security 6.0\scieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxp://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\defend~2\defend~1.0\adialhk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian2\applic~1\mozilla\firefox\profiles\cjltoakj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com
FF - component: c:\program files\mozilla firefox\extensions\kodak-companion@mozilla.com\platform\winnt\components\pickup.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S3 danceflt;XboxCtrl_filt_Service;c:\windows\system32\drivers\danceflt.sys [2008-5-27 31183]
S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10710.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10710.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2007-1-23 7548]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-3-22 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-3-22 85696]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-21 15:49:44 2787360 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-21 15:49:44 254732 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-21 15:49:43 1155020 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 15:49:42 87105568 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-15 07:55:37 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-15 07:55:37 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2005-09-24 00:33:26 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2007-07-27 13:23:57 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007072720070728\index.dat

============= FINISH: 10:00:35.96 ===============
 
Hi,

Looks like whole log didn't get posted. Could you archive the log into a zip file and attach it to your post?
 
sorry didnt see the post about the zipfile till now.

hope this works never done it before sorry
if not let me know and I will try again
 
That's ok. I removed gmer log related replies :)

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
ComboFix 09-11-23.06 - Brian2 11/24/2009 14:27.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.598 [GMT -5:00]
Running from: c:\documents and settings\Brian2\Desktop\ComboFix.exe
AV: Defender Pro Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\desktop
c:\windows\desktop\BARBIE.LNK
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 19:41 . 2009-11-24 19:41 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-11-24 19:41 . 2009-11-24 19:41 -------- d-----w- c:\documents and settings\HelpAssistant\Shared
2009-11-24 19:41 . 2009-11-24 19:41 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2009-11-24 19:27 . 2004-06-29 17:17 477952 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-24 19:26 . 2001-08-17 19:52 13952 ----a-w- c:\windows\system32\drivers\cbidf2k.sys
2009-11-24 19:26 . 2001-08-17 19:52 13952 ----a-w- c:\windows\system32\dllcache\cbidf2k.sys
2009-11-24 18:57 . 2008-11-25 01:44 34062 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Move Networks\ie_bin\Uninst.exe
2009-11-24 18:56 . 2007-07-30 18:54 123138 ----a-w- c:\documents and settings\HelpAssistant\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\MakeDesktopShortcut.EXE
2009-11-24 18:56 . 2007-07-30 18:54 64512 ----a-w- c:\documents and settings\HelpAssistant\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\RunGdp.exe
2009-11-24 18:56 . 2007-07-30 18:54 68608 ----a-w- c:\documents and settings\HelpAssistant\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\fix\DellSupportLauncher.exe
2009-11-24 18:56 . 2009-11-24 18:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\GTek
2009-11-24 18:56 . 2009-11-24 18:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\EPSON
2009-11-24 18:56 . 2009-11-24 18:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\DivX
2009-11-24 18:56 . 2009-11-24 18:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Defender Pro
2009-11-24 18:56 . 2009-11-24 18:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Corel
2009-11-24 18:56 . 2009-11-24 18:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\ArcSoft
2009-11-24 18:55 . 2009-11-24 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Apple Computer
2009-11-24 18:55 . 2009-11-24 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\AdobeUM
2009-11-24 18:55 . 2009-11-24 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\.housecall6.6
2009-11-24 16:41 . 2009-11-24 16:41 152576 ----a-w- c:\documents and settings\Brian2\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 16:40 . 2009-11-24 16:40 79488 ----a-w- c:\documents and settings\Brian2\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 20:01 . 2008-11-23 23:33 2806048 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-24 20:01 . 2008-11-23 23:33 87263264 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-24 19:49 . 2008-11-23 23:33 263948 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-24 19:49 . 2005-02-23 13:40 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2009-11-24 19:49 . 2005-02-23 13:40 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2009-11-24 19:49 . 2008-11-23 23:33 1169588 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-24 19:22 . 2008-11-23 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Defender Pro
2009-11-24 18:59 . 2009-11-24 18:59 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Ventrilo
2009-11-24 18:59 . 2009-11-24 18:59 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\U3
2009-11-24 18:59 . 2009-11-24 18:59 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Teleca
2009-11-24 18:59 . 2009-11-24 18:59 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\teamspeak2
2009-11-24 18:59 . 2009-11-24 18:54 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Sonic
2009-11-24 18:57 . 2009-11-24 18:57 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Move Networks
2009-11-24 18:57 . 2009-11-24 18:57 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Malwarebytes
2009-11-24 18:57 . 2009-11-24 18:57 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Leadertech
2009-11-24 18:57 . 2009-11-24 18:57 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\InstallShield
2009-11-24 16:42 . 2005-02-23 13:37 -------- d-----w- c:\program files\Java
2009-11-24 16:41 . 2009-11-24 18:59 152576 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 16:40 . 2009-11-24 18:59 79488 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-13 01:30 . 2008-04-26 11:44 -------- d-----w- c:\program files\rFactor
2009-10-16 00:31 . 2007-08-01 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-15 07:55 . 2008-11-23 23:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-15 07:55 . 2008-11-23 23:34 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-11 09:17 . 2008-11-23 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 04:29 . 2008-11-19 04:35 -------- d-----w- c:\program files\Trend Micro
2009-09-28 01:36 . 2008-11-23 03:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 01:24 . 2008-12-07 23:39 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-28 01:16 . 2005-03-10 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 01:24 . 2009-11-24 18:59 152576 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-19 01:24 . 2009-09-19 01:24 152576 ----a-w- c:\documents and settings\Brian2\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:33 . 2004-08-04 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-11-23 03:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-23 03:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-20 14:42 . 2009-04-04 04:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-11-20 14:42 . 2009-04-04 04:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-11-20 14:42 . 2009-04-04 04:00 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-11-20 14:42 . 2009-04-04 04:00 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-11-20 14:42 . 2009-04-04 04:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2005-09-24 00:33 . 2005-09-24 00:33 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2004-03-11 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Games\\Infogrames\\Dirt Track Racing 2\\DTR2.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Games\\Infogrames\\Dirt Track Racing 2\\Server.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:Remote Desktop

S3 danceflt;XboxCtrl_filt_Service;c:\windows\SYSTEM32\DRIVERS\danceflt.sys [5/27/2008 5:06 PM 31183]
S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys [?]
S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [1/23/2007 2:42 PM 7548]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\w300mgmt.sys [3/22/2007 7:45 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\w300obex.sys [3/22/2007 7:45 PM 85696]
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: { - c:\program files\Messenger\msmsgs.exe
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxp://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
FF - ProfilePath - c:\documents and settings\Brian2\Application Data\Mozilla\Firefox\Profiles\cjltoakj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\kodak-companion@mozilla.com\platform\WINNT\components\pickup.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-GGE909 PC Recoil Pad - c:\progra~1\GAMEEL~1\GGE909~1\UNWISE.EXE
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 14:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863CCF30]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76d6fc3
\Driver\ACPI -> ACPI.sys @ 0xf74e9cb8
\Driver\atapi -> atapi.sys @ 0xf74147b4
\Driver\iaStor -> 0x863ccf30
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\program files\Defender Pro\Defender Pro Internet Security 6.0\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-24 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 20:14

Pre-Run: 108,017,106,944 bytes free
Post-Run: 106,807,545,856 bytes free

- - End Of File - - CE6C212BAF8062E7525A2DC85F6BB927
 
Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
Pev -filelook %windir%\iaStor.sys >LogIt.txt
START LogIt.txt
del %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
 
Here ya go


---- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys ----
Company: Intel Corporation
File Description: Intel Application Accelerator driver
File Version: 4.5.0.6515
Product Name: Intel Application Accelerator driver
Copyright: Copyright(C) Intel Corporation 1994-2004
Original file name: iaStor.sys
File Size: 477952
Created Time: 2009-11-24 19:27:19
Modified Time: 2004-06-29 17:17:16
Accessed Time: 2009-11-25 00:23:04
MD5: D7731536E183B4397402CA6F9E1D52F7
SHA1: 1BB9158A3634E29C3ABE1D88707BA0F1B21D9DFF
SHA224: BE305E23E0E895F45D71B5C0FED5B3CF0E000238DDA850C2F169F90B
SHA256: 32C7FBB2F151FAA4F0B4A77FD11BF3098B5691D5DBCF1E3648B932D792174241
SHA384: A0338F01AAEA630B39A732F6F9061722C6A53F808101FE75F4B8FA45DD6DB1582AFE026C589E8B15007D78E4767DF6B0
SHA512: 466C90FCD79913D846928935053E9026D345E6A966E5109C2FC0DFBE31E73395EB8D8DD1F071263927A17D69C9239436ED3E5E0AB50513BB44400C8089F94325
 
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
SRPeek::
C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
 
Ok here it is finally, took me forever to get the antivirus off. Still not sure how I did it but it is off lol

Once again thanks for all the help!!!


ComboFix 09-11-23.06 - Brian2 11/26/2009 9:44.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.573 [GMT -5:00]
Running from: c:\documents and settings\Brian2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian2\Desktop\CFScript.txt
AV: Defender Pro Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 14:42 . 2004-06-29 17:17 477952 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-26 14:42 . 2001-08-17 19:52 13952 ----a-w- c:\windows\system32\drivers\cbidf2k.sys
2009-11-26 14:42 . 2001-08-17 19:52 13952 ----a-w- c:\windows\system32\dllcache\cbidf2k.sys
2009-11-26 14:30 . 2009-11-26 14:30 -------- d-----w- c:\windows\LastGood
2009-11-26 06:14 . 2009-11-26 06:14 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-11-26 06:14 . 2009-11-26 06:14 -------- d-----w- c:\documents and settings\HelpAssistant\Shared
2009-11-26 06:14 . 2009-11-26 06:14 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2009-11-26 05:56 . 2008-11-25 01:44 34062 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Move Networks\ie_bin\Uninst.exe
2009-11-26 05:56 . 2008-11-25 01:44 1011800 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Move Networks\MoveMediaPlayer_071102000005.exe
2009-11-26 05:56 . 2008-10-26 01:38 99704 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-26 05:56 . 2008-10-26 01:38 976248 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Move Networks\ie_bin\qsp2ie071102000005.dll
2009-11-26 05:56 . 2009-11-26 05:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Move Networks
2009-11-26 05:56 . 2009-02-28 16:04 8854 ----a-r- c:\documents and settings\HelpAssistant\Application Data\Microsoft\Installer\{6C907FAE-C472-48AA-B58E-C428360E8FCD}\UNINST_Uninstall_A_6C907FAEC47248AAB58EC428360E8FCD.exe
2009-11-26 05:56 . 2009-02-28 16:04 10134 ----a-r- c:\documents and settings\HelpAssistant\Application Data\Microsoft\Installer\{6C907FAE-C472-48AA-B58E-C428360E8FCD}\ARPPRODUCTICON.exe
2009-11-26 05:56 . 2008-11-08 06:47 8854 ----a-r- c:\documents and settings\HelpAssistant\Application Data\Microsoft\Installer\{81F01618-32F9-44B0-B604-42148DFCFD8A}\UNINST_Uninstall_D_81F0161832F944B0B60442148DFCFD8A.exe
2009-11-26 05:56 . 2008-11-08 06:47 10134 ----a-r- c:\documents and settings\HelpAssistant\Application Data\Microsoft\Installer\{81F01618-32F9-44B0-B604-42148DFCFD8A}\ARPPRODUCTICON.exe
2009-11-26 05:56 . 2009-11-26 05:56 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Malwarebytes
2009-11-26 05:54 . 2009-11-26 05:54 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Corel
2009-11-26 05:54 . 2009-11-26 05:54 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\ArcSoft
2009-11-26 05:54 . 2009-11-26 05:54 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Apple Computer
2009-11-26 05:54 . 2009-11-26 05:54 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\AdobeUM
2009-11-26 05:54 . 2009-11-26 05:54 -------- d-----w- c:\documents and settings\HelpAssistant\.housecall6.6
2009-11-24 16:41 . 2009-11-24 16:41 152576 ----a-w- c:\documents and settings\Brian2\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 16:40 . 2009-11-24 16:40 79488 ----a-w- c:\documents and settings\Brian2\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 14:54 . 2008-11-23 23:33 88180768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-26 14:53 . 2008-11-23 23:33 2893856 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-26 06:16 . 2008-11-23 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Defender Pro
2009-11-26 05:58 . 2009-11-26 05:58 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Ventrilo
2009-11-26 05:58 . 2009-11-26 05:58 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\U3
2009-11-26 05:58 . 2009-11-26 05:58 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Teleca
2009-11-13 01:30 . 2008-04-26 11:44 -------- d-----w- c:\program files\rFactor
2009-10-16 00:31 . 2007-08-01 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-15 07:55 . 2008-11-23 23:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-15 07:55 . 2008-11-23 23:34 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-11 09:17 . 2008-11-23 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 04:29 . 2008-11-19 04:35 -------- d-----w- c:\program files\Trend Micro
2009-09-28 01:36 . 2008-11-23 03:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 01:24 . 2008-12-07 23:39 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-28 01:16 . 2005-03-10 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 01:24 . 2009-11-26 05:58 152576 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-19 01:24 . 2009-09-19 01:24 152576 ----a-w- c:\documents and settings\Brian2\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:33 . 2004-08-04 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-11-23 03:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-23 03:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-20 14:42 . 2009-04-04 04:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-11-20 14:42 . 2009-04-04 04:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-11-20 14:42 . 2009-04-04 04:00 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-11-20 14:42 . 2009-04-04 04:00 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-11-20 14:42 . 2009-04-04 04:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2005-09-24 00:33 . 2005-09-24 00:33 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

[7] D7731536E183B4397402CA6F9E1D52F7 477952 c:\windows\SYSTEM32\DRIVERS\iaStor.sys
[7] D7731536E183B4397402CA6F9E1D52F7 477952 \RP7\A0018965.sys
[7] D7731536E183B4397402CA6F9E1D52F7 477952 \RP9\A0031234.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-24_19.54.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 14:25 . 2009-11-26 14:25 16384 c:\windows\temp\Perflib_Perfdata_5d0.dat
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\SYSTEM32\tzchange.exe
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2009-11-26 14:29 . 2009-11-26 14:29 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-26 14:29 . 2009-11-26 14:29 429568 c:\windows\Installer\387b6.msi
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\SYSTEM32\msxml4.dll
+ 2006-09-13 05:01 . 2009-07-31 04:57 1172480 c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2004-03-11 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Games\\Infogrames\\Dirt Track Racing 2\\DTR2.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Games\\Infogrames\\Dirt Track Racing 2\\Server.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:Remote Desktop

S3 danceflt;XboxCtrl_filt_Service;c:\windows\SYSTEM32\DRIVERS\danceflt.sys [5/27/2008 5:06 PM 31183]
S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys [?]
S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [1/23/2007 2:42 PM 7548]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\w300mgmt.sys [3/22/2007 7:45 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\w300obex.sys [3/22/2007 7:45 PM 85696]
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
IE: { - c:\program files\Messenger\msmsgs.exe
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxp://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
FF - ProfilePath - c:\documents and settings\Brian2\Application Data\Mozilla\Firefox\Profiles\cjltoakj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\kodak-companion@mozilla.com\platform\WINNT\components\pickup.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 09:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86573F30]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76d6fc3
\Driver\ACPI -> ACPI.sys @ 0xf74e9cb8
\Driver\atapi -> atapi.sys @ 0xf74147b4
\Driver\iaStor -> 0x86573f30
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\program files\Defender Pro\Defender Pro Internet Security 6.0\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-26 09:56
ComboFix-quarantined-files.txt 2009-11-26 14:56
ComboFix2.txt 2009-11-24 20:14

Pre-Run: 105,350,000,640 bytes free
Post-Run: 105,888,833,536 bytes free

- - End Of File - - AC9BE36419160C09873650C747CAF89D
 
Hi,

Do you have Windows Recovery Console installed? I see that ComboFix didn't install one but it didn't report it was missing either.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text (everything on one line), and press Enter:

copy /y C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys c:\iaStor.bad

6. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

Upload c:\iaStor.bad file to http://www.virustotal.com and post back the results.
 
OK I am sorry but I cant seem to get the computer to do that.
I reboot and then go to the windows recovery console and hit enter
it then tells me "Starting Windows Recovery Console" at the bottom of the screen and then a line goes across the bars. Then it says please wait.
Then the next thing is the old dreaded BSOD. So I am not sure what to try next I did this about 6 or 7 times and the same thing everytime. It tells me to check for viruses remove any new hardware and ect.
 
Hi,

Ok. We'll start recovery console using it.

1. Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console (1).
4. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
5. At the C:\Windows prompt, type the following bolded text (everything on one line), and press Enter:

copy /y C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys c:\iaStor.bad

6. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

Upload c:\iaStor.bad file to http://www.virustotal.com and post back the results.
 
You must log in or register to reply here.
Back
Top