Time for house cleaning instructions and help.

Here is the information from the tool that you asked for, you were'nt online so i just ran it normally with all tools running, and all tools off. here are both logs


(virus tools on)

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 12:08:07
-----------------------------
12:08:07.343 OS Version: Windows 5.1.2600 Service Pack 3
12:08:07.343 Number of processors: 1 586 0x209
12:08:07.343 ComputerName: TIM UserName: Me
12:08:08.062 Initialize success
12:08:17.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:08:17.953 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
12:08:19.984 Disk 0 MBR read successfully
12:08:19.984 Disk 0 MBR scan
12:08:19.984 Disk 0 Windows XP default MBR code
12:08:21.984 Disk 0 scanning sectors +156232125
12:08:22.000 Disk 0 scanning C:\WINDOWS2\system32\drivers
12:08:29.843 Service scanning
12:08:30.921 Disk 0 trace - called modules:
12:08:30.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:08:30.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f85ab8]
12:08:30.953 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe4d98]
12:08:30.953 Scan finished successfully
12:08:51.703 Disk 0 MBR has been saved successfully to "C:\WINDOWS2\system32\MBR.dat"
12:08:51.750 The log file has been saved successfully to "C:\WINDOWS2\system32\aswMBR.txt"



(virus tools off)

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 12:12:34
-----------------------------
12:12:34.453 OS Version: Windows 5.1.2600 Service Pack 3
12:12:34.453 Number of processors: 1 586 0x209
12:12:34.453 ComputerName: TIM UserName: Me
12:12:36.000 Initialize success
12:12:37.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:12:37.609 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
12:12:39.640 Disk 0 MBR read successfully
12:12:39.640 Disk 0 MBR scan
12:12:39.640 Disk 0 Windows XP default MBR code
12:12:41.640 Disk 0 scanning sectors +156232125
12:12:41.656 Disk 0 scanning C:\WINDOWS2\system32\drivers
12:12:52.515 Service scanning
12:12:53.609 Disk 0 trace - called modules:
12:12:53.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:12:53.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f85ab8]
12:12:53.625 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe4d98]
12:12:53.625 Scan finished successfully
12:13:16.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Me.TIM\Desktop\MBR.dat"
12:13:16.390 The log file has been saved successfully to "C:\Documents and Settings\Me.TIM\Desktop\aswMBR2.txt"
 
hello again,

I was out for a bit my son should have kept up with your request as made.im sorry about this below is the dds log

Blade81 said:
Hi,

aswMBR results look ok. Please post fresh dds logs.
Click to expand...

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Me at 13:44:58.64 on Sat 05/21/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.135 [GMT 3:00]
.
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me.TIM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:egyptainhollandiatissueculture@msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\me.tim\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows2\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows2\system32\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\me.tim\applic~1\mozilla\firefox\profiles\6tv5e5pb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [2011-5-2 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R3 abp470n5;abp470n5;\??\c:\windows2\system32\drivers\gelnlo.sys --> c:\windows2\system32\drivers\gelnlo.sys [?]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows2\system32\drivers\bcm42xx5.sys [2011-5-10 54271]
S4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1853520]
.
=============== Created Last 30 ================
.
2011-05-20 18:21:44 -------- d-----w- c:\windows2\LastGood.Tmp
2011-05-20 18:02:05 79872 -c----w- c:\windows2\system32\dllcache\msxml6r.dll
2011-05-20 18:02:05 79872 ------w- c:\windows2\system32\msxml6r.dll
2011-05-20 18:02:05 1372672 -c----w- c:\windows2\system32\dllcache\msxml6.dll
2011-05-20 18:02:04 1372672 ------w- c:\windows2\system32\msxml6.dll
2011-05-20 18:02:00 1001472 -c----w- c:\windows2\system32\dllcache\wmvdmoe2.dll
2011-05-20 18:01:57 897024 -c----w- c:\windows2\system32\dllcache\wmspdmoe.dll
2011-05-20 18:01:57 221184 -c----w- c:\windows2\system32\dllcache\wmpns.dll
2011-05-20 18:01:57 1119744 -c----w- c:\windows2\system32\dllcache\wmsdmoe2.dll
2011-05-20 18:01:56 98304 -c----w- c:\windows2\system32\dllcache\wmpband.dll
2011-05-20 18:01:54 114688 -c----w- c:\windows2\system32\dllcache\wmpasf.dll
2011-05-20 18:01:53 168448 -c----w- c:\windows2\system32\dllcache\wmerror.dll
2011-05-20 18:01:53 151552 -c----w- c:\windows2\system32\dllcache\wmidx.dll
2011-05-20 18:01:48 52224 -c----w- c:\windows2\system32\dllcache\mspmsnsv.dll
2011-05-20 18:01:47 384512 -c----w- c:\windows2\system32\dllcache\mp4sdmod.dll
2011-05-20 18:01:47 368640 -c----w- c:\windows2\system32\dllcache\mpvis.dll
2011-05-20 18:01:47 310272 -c----w- c:\windows2\system32\dllcache\mp43dmod.dll
2011-05-20 18:00:19 9728 ------w- c:\windows2\system32\rwnh.dll
2011-05-20 18:00:18 10752 ------w- c:\windows2\system32\smtpapi.dll
2011-05-20 17:58:52 -------- d-----w- c:\windows2\l2schemas
2011-05-20 17:58:50 -------- d-----w- c:\windows2\system32\en
2011-05-20 17:58:49 -------- d-----w- c:\windows2\system32\bits
2011-05-20 17:47:12 33792 -c----w- c:\windows2\system32\dllcache\custsat.dll
2011-05-20 17:45:57 152064 -c----w- c:\windows2\system32\dllcache\shmedia.dll
2011-05-20 17:40:31 -------- d-----w- c:\windows2\network diagnostic
2011-05-20 17:40:27 144384 ------w- c:\windows2\system32\drivers\hdaudbus.sys
2011-05-20 17:40:23 10240 ------w- c:\windows2\system32\drivers\sffp_mmc.sys
2011-05-20 17:32:55 19569 ----a-w- c:\windows2\005491_.tmp
2011-05-20 16:56:32 -------- d-----w- C:\52d9b97d3a4e2130724323
2011-05-20 16:40:56 331805736 ----a-w- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2011-05-19 15:19:54 -------- d-sha-r- C:\cmdcons
2011-05-19 15:13:38 98816 ----a-w- c:\windows2\sed.exe
2011-05-19 15:13:38 89088 ----a-w- c:\windows2\MBR.exe
2011-05-19 15:13:38 256512 ----a-w- c:\windows2\PEV.exe
2011-05-19 15:13:38 161792 ----a-w- c:\windows2\SWREG.exe
2011-05-19 02:21:08 274288 ----a-w- c:\windows2\system32\mucltui.dll
2011-05-19 02:21:08 215920 ----a-w- c:\windows2\system32\muweb.dll
2011-05-19 02:21:08 16736 ----a-w- c:\windows2\system32\mucltui.dll.mui
2011-05-18 19:59:52 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\AskToolbar
2011-05-18 14:59:18 -------- d-----w- c:\windows2\system32\LogFiles
2011-05-16 18:13:24 -------- d-----w- c:\docume~1\me.tim\applic~1\Foxit Software
2011-05-16 18:12:47 -------- d-----w- c:\program files\Ask.com
2011-05-16 18:12:10 -------- d-----w- c:\program files\Foxit Software
2011-05-14 22:00:50 -------- d--h--w- C:\VritualRoot
2011-05-14 19:49:10 -------- d-----w- c:\docume~1\me.tim\applic~1\WinPatrol
2011-05-13 22:10:51 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Identities
2011-05-13 00:03:00 -------- d-----w- c:\windows2\system32\KB905474
2011-05-11 20:20:34 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Google
2011-05-11 11:44:17 -------- d-----r- C:\MS Office 2007 ENG
2011-05-11 09:43:49 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2011-05-11 09:42:46 81920 -c----w- c:\windows2\system32\dllcache\fontsub.dll
2011-05-11 09:42:46 119808 -c----w- c:\windows2\system32\dllcache\t2embed.dll
2011-05-11 09:42:28 153088 -c----w- c:\windows2\system32\dllcache\triedit.dll
2011-05-11 09:40:54 744448 -c----w- c:\windows2\system32\dllcache\helpsvc.exe
2011-05-11 09:33:16 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2011-05-11 09:32:40 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2011-05-11 09:29:25 353792 -c----w- c:\windows2\system32\dllcache\srv.sys
2011-05-11 09:28:32 90112 ----a-w- c:\windows2\unvise32.exe
2011-05-11 09:26:56 455680 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2011-05-11 09:26:39 471552 -c----w- c:\windows2\system32\dllcache\aclayers.dll
2011-05-11 09:15:50 284160 -c----w- c:\windows2\system32\dllcache\pdh.dll
2011-05-11 09:15:49 473600 -c----w- c:\windows2\system32\dllcache\fastprox.dll
2011-05-11 09:15:49 401408 -c----w- c:\windows2\system32\dllcache\rpcss.dll
2011-05-11 09:15:49 227840 -c----w- c:\windows2\system32\dllcache\wmiprvse.exe
2011-05-11 09:15:49 110592 -c----w- c:\windows2\system32\dllcache\services.exe
2011-05-11 09:15:48 730112 -c----w- c:\windows2\system32\dllcache\lsasrv.dll
2011-05-11 09:15:48 714752 -c----w- c:\windows2\system32\dllcache\ntdll.dll
2011-05-11 09:15:48 617472 -c----w- c:\windows2\system32\dllcache\advapi32.dll
2011-05-11 09:15:48 453120 -c----w- c:\windows2\system32\dllcache\wmiprvsd.dll
2011-05-11 09:15:47 2146304 -c----w- c:\windows2\system32\dllcache\ntkrnlmp.exe
2011-05-11 09:15:46 2189952 -c----w- c:\windows2\system32\dllcache\ntoskrnl.exe
2011-05-11 09:15:46 2024448 -c----w- c:\windows2\system32\dllcache\ntkrpamp.exe
2011-05-11 09:09:21 203136 -c----w- c:\windows2\system32\dllcache\rmcast.sys
2011-05-11 09:09:11 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2011-05-11 09:00:31 337408 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2011-05-11 09:00:01 -------- d-----w- c:\windows2\system32\PreInstall
2011-05-11 08:59:40 -------- d--h--w- c:\windows2\$hf_mig$
2011-05-11 08:57:43 2560 ------w- c:\windows2\system32\xpsp4res.dll
2011-05-11 08:57:39 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2011-05-11 08:56:11 86016 -c----w- c:\windows2\system32\dllcache\cabview.dll
2011-05-11 08:56:04 177664 -c----w- c:\windows2\system32\dllcache\wintrust.dll
2011-05-11 06:58:04 -------- d-----w- c:\windows2\system32\SoftwareDistribution
2011-05-11 06:53:27 -------- d-----w- c:\windows2\pss
2011-05-11 06:49:43 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2011-05-11 06:49:40 -------- d-----w- c:\program files\Security Task Manager
2011-05-10 20:07:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-05-10 18:59:19 -------- d-----w- c:\windows2\system32\wbem\AutoRecover
2011-05-10 18:45:59 95424 ------w- c:\windows2\system32\drivers\slnthal.sys
2011-05-10 18:39:43 -------- d-----w- c:\windows2\ServicePackFiles
2011-05-10 18:32:47 19528 ----a-w- c:\windows2\002233_.tmp
2011-05-10 18:32:44 -------- d-----w- c:\windows2\system32\ReinstallBackups
2011-05-10 18:32:24 100216 ----a-w- c:\windows2\system32\spupdsvc.exe
2011-05-10 18:28:44 -------- d-----w- c:\windows2\EHome
2011-05-10 18:22:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Comodo
2011-05-10 18:13:27 -------- d-----w- c:\docume~1\me.tim\applic~1\Malwarebytes
2011-05-10 18:13:21 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2011-05-10 18:13:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-05-10 18:13:14 19288 ----a-w- c:\windows2\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-05-02 17:36:04 284744 ----a-w- c:\windows2\system32\guard32.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows2\system32\GPhotos.scr
2011-04-05 04:58:17 39950910 ----a-w- C:\C__Users_Administrator_Desktop_PWOSetup173.exe
.
============= FINISH: 13:47:09.78 ===============
 
Hi,

Try to run ComboFix in safe mode disabling protection software first. If it requests for a reboot make sure system is booted back into safe mode.
 
Well, i tried entering safe mode but to no avail, my computer is stuck in a crashed state and i cannot use the last known good configuration seeing as it just stays crashed. anyway, this is the error code I'm Receiving *** stop: 0x000000713(0xF894F528, 0xC0000034, 0x00000000, 0x00000000)
So what should i do now, I'm stuck... :confused:
 
So, what happened after latest DDS run? If I understand it right you hadn't run ComboFix in safe mode before bsod issue appeared.
 
Hi,

If the system bsods while trying to boot into normal mode too then there's one thing to try.

Reboot into recovery console and run fixmbr command there (allow it to do its job). See if that helps.

I read earlier posts and you mentioned something about Virut. Has some protection software found Virut in its scan (before any ComboFix runs)?
 
What i meant before about the bootcfg command is that i added a new boot line from there and got back into normal mode, sorry for not being clear enough, as for the virut that was mentioned earlier, no virus programs from what we have ran have shown any trace of it before, but combofix mentioned a possible virut infection when it kept crashing after the reboot.
 
Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 
Hi, i tried to download the file but to no avail, internet explorer and firefox Both cannot reach the site, they both are telling me that the server cannot be found, now what should i do?
 
Well, i went to majorgeeks and downloaded the may 13th version of Tdsskiller, it ran in 53 seconds, processed 173 files, found nothing and gave me an empty log, what now?
 
My mistake it showed me an empty screen when the tool was done so i thought the file was empty:oops:, here is the files contents:

2011/05/21 21:35:36.0046 2932 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 21:35:38.0109 2932 ================================================================================
2011/05/21 21:35:38.0109 2932 SystemInfo:
2011/05/21 21:35:38.0109 2932
2011/05/21 21:35:38.0109 2932 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/21 21:35:38.0109 2932 Product type: Workstation
2011/05/21 21:35:38.0109 2932 ComputerName: TIM
2011/05/21 21:35:38.0109 2932 UserName: Me
2011/05/21 21:35:38.0109 2932 Windows directory: C:\WINDOWS2
2011/05/21 21:35:38.0109 2932 System windows directory: C:\WINDOWS2
2011/05/21 21:35:38.0109 2932 Processor architecture: Intel x86
2011/05/21 21:35:38.0109 2932 Number of processors: 1
2011/05/21 21:35:38.0109 2932 Page size: 0x1000
2011/05/21 21:35:38.0109 2932 Boot type: Normal boot
2011/05/21 21:35:38.0109 2932 ================================================================================
2011/05/21 21:35:38.0687 2932 Initialize success
2011/05/21 21:35:45.0968 3004 ================================================================================
2011/05/21 21:35:45.0968 3004 Scan started
2011/05/21 21:35:45.0968 3004 Mode: Manual;
2011/05/21 21:35:45.0968 3004 ================================================================================
2011/05/21 21:35:49.0093 3004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS2\system32\DRIVERS\ACPI.sys
2011/05/21 21:35:49.0390 3004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS2\system32\drivers\ACPIEC.sys
2011/05/21 21:35:49.0921 3004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS2\system32\drivers\aec.sys
2011/05/21 21:35:50.0218 3004 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS2\System32\drivers\afd.sys
2011/05/21 21:35:52.0140 3004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
2011/05/21 21:35:52.0500 3004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS2\system32\DRIVERS\atapi.sys
2011/05/21 21:35:53.0062 3004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
2011/05/21 21:35:53.0453 3004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS2\system32\DRIVERS\audstub.sys
2011/05/21 21:35:53.0750 3004 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS2\system32\DRIVERS\b57xp32.sys
2011/05/21 21:35:54.0046 3004 BCM42XX (5ff4a1e41df9f1e328c955caa12cd3b0) C:\WINDOWS2\system32\DRIVERS\bcm42xx5.sys
2011/05/21 21:35:54.0328 3004 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS2\system32\DRIVERS\bcm4sbxp.sys
2011/05/21 21:35:54.0671 3004 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS2\system32\DRIVERS\BCMSM.sys
2011/05/21 21:35:54.0968 3004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS2\system32\drivers\Beep.sys
2011/05/21 21:35:55.0468 3004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS2\system32\drivers\cbidf2k.sys
2011/05/21 21:35:56.0000 3004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS2\system32\drivers\Cdaudio.sys
2011/05/21 21:35:56.0312 3004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS2\system32\drivers\Cdfs.sys
2011/05/21 21:35:56.0593 3004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS2\system32\DRIVERS\cdrom.sys
2011/05/21 21:35:57.0187 3004 cmdGuard (cc56fa45ba18904cb04382ae9f52b1a5) C:\WINDOWS2\system32\DRIVERS\cmdguard.sys
2011/05/21 21:35:57.0500 3004 cmdHlp (3a70948ab6e966bdaef2baec1f8ef9d1) C:\WINDOWS2\system32\DRIVERS\cmdhlp.sys
2011/05/21 21:35:58.0890 3004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS2\system32\DRIVERS\disk.sys
2011/05/21 21:35:59.0328 3004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS2\system32\drivers\dmboot.sys
2011/05/21 21:35:59.0640 3004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS2\system32\drivers\dmio.sys
2011/05/21 21:35:59.0937 3004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS2\system32\drivers\dmload.sys
2011/05/21 21:36:00.0234 3004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS2\system32\drivers\DMusic.sys
2011/05/21 21:36:00.0781 3004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS2\system32\drivers\drmkaud.sys
2011/05/21 21:36:01.0093 3004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS2\system32\drivers\Fastfat.sys
2011/05/21 21:36:01.0406 3004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS2\system32\DRIVERS\fdc.sys
2011/05/21 21:36:01.0687 3004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS2\system32\drivers\Fips.sys
2011/05/21 21:36:01.0984 3004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS2\system32\DRIVERS\flpydisk.sys
2011/05/21 21:36:02.0312 3004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS2\system32\drivers\fltmgr.sys
2011/05/21 21:36:02.0609 3004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS2\system32\drivers\Fs_Rec.sys
2011/05/21 21:36:02.0906 3004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
2011/05/21 21:36:03.0203 3004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS2\system32\DRIVERS\msgpc.sys
2011/05/21 21:36:03.0593 3004 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS2\system32\DRIVERS\hidusb.sys
2011/05/21 21:36:04.0156 3004 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS2\system32\Drivers\HTTP.sys
2011/05/21 21:36:04.0984 3004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS2\system32\drivers\i8042prt.sys
2011/05/21 21:36:05.0328 3004 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS2\system32\DRIVERS\ialmnt5.sys
2011/05/21 21:36:05.0640 3004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS2\system32\DRIVERS\imapi.sys
2011/05/21 21:36:06.0203 3004 Inspect (28c95218d0c19db3a86bb4e53d6586e9) C:\WINDOWS2\system32\DRIVERS\inspect.sys
2011/05/21 21:36:06.0671 3004 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS2\system32\DRIVERS\intelide.sys
2011/05/21 21:36:06.0937 3004 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS2\system32\DRIVERS\intelppm.sys
2011/05/21 21:36:07.0250 3004 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS2\system32\drivers\ip6fw.sys
2011/05/21 21:36:07.0515 3004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS2\system32\DRIVERS\ipfltdrv.sys
2011/05/21 21:36:08.0031 3004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS2\system32\DRIVERS\ipinip.sys
2011/05/21 21:36:08.0562 3004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS2\system32\DRIVERS\ipnat.sys
2011/05/21 21:36:08.0843 3004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS2\system32\DRIVERS\ipsec.sys
2011/05/21 21:36:09.0156 3004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS2\system32\DRIVERS\irenum.sys
2011/05/21 21:36:09.0484 3004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS2\system32\DRIVERS\isapnp.sys
2011/05/21 21:36:09.0765 3004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
2011/05/21 21:36:10.0046 3004 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS2\system32\DRIVERS\kbdhid.sys
2011/05/21 21:36:10.0406 3004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS2\system32\drivers\kmixer.sys
2011/05/21 21:36:10.0671 3004 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS2\system32\drivers\KSecDD.sys
2011/05/21 21:36:11.0312 3004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS2\system32\drivers\mnmdd.sys
2011/05/21 21:36:11.0640 3004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS2\system32\drivers\Modem.sys
2011/05/21 21:36:11.0906 3004 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS2\system32\drivers\MODEMCSA.sys
2011/05/21 21:36:12.0171 3004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS2\system32\DRIVERS\mouclass.sys
2011/05/21 21:36:12.0484 3004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS2\system32\DRIVERS\mouhid.sys
2011/05/21 21:36:12.0765 3004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS2\system32\drivers\MountMgr.sys
2011/05/21 21:36:13.0328 3004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
2011/05/21 21:36:13.0656 3004 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
2011/05/21 21:36:13.0968 3004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS2\system32\drivers\Msfs.sys
2011/05/21 21:36:14.0281 3004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS2\system32\drivers\MSKSSRV.sys
2011/05/21 21:36:14.0562 3004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
2011/05/21 21:36:14.0843 3004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS2\system32\drivers\MSPQM.sys
2011/05/21 21:36:15.0125 3004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
2011/05/21 21:36:15.0468 3004 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS2\system32\drivers\Mup.sys
2011/05/21 21:36:15.0781 3004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS2\system32\drivers\NDIS.sys
2011/05/21 21:36:16.0031 3004 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
2011/05/21 21:36:16.0390 3004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
2011/05/21 21:36:16.0687 3004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
2011/05/21 21:36:16.0953 3004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS2\system32\drivers\NDProxy.sys
2011/05/21 21:36:17.0281 3004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS2\system32\DRIVERS\netbios.sys
2011/05/21 21:36:17.0578 3004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS2\system32\DRIVERS\netbt.sys
2011/05/21 21:36:17.0906 3004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS2\system32\drivers\Npfs.sys
2011/05/21 21:36:18.0218 3004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS2\system32\drivers\Ntfs.sys
2011/05/21 21:36:18.0625 3004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS2\system32\drivers\Null.sys
2011/05/21 21:36:18.0906 3004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
2011/05/21 21:36:19.0171 3004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
2011/05/21 21:36:19.0484 3004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS2\system32\DRIVERS\parport.sys
2011/05/21 21:36:19.0781 3004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS2\system32\drivers\PartMgr.sys
2011/05/21 21:36:20.0078 3004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS2\system32\drivers\ParVdm.sys
2011/05/21 21:36:20.0406 3004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS2\system32\DRIVERS\pci.sys
2011/05/21 21:36:20.0937 3004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS2\system32\drivers\PCIIde.sys
2011/05/21 21:36:21.0281 3004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS2\system32\drivers\Pcmcia.sys
2011/05/21 21:36:23.0046 3004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS2\system32\DRIVERS\raspptp.sys
2011/05/21 21:36:23.0390 3004 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS2\system32\DRIVERS\processr.sys
2011/05/21 21:36:23.0734 3004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS2\system32\DRIVERS\psched.sys
2011/05/21 21:36:24.0031 3004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS2\system32\DRIVERS\ptilink.sys
2011/05/21 21:36:25.0453 3004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS2\system32\DRIVERS\rasacd.sys
2011/05/21 21:36:25.0750 3004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
2011/05/21 21:36:26.0046 3004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
2011/05/21 21:36:26.0375 3004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS2\system32\DRIVERS\raspti.sys
2011/05/21 21:36:26.0671 3004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS2\system32\DRIVERS\rdbss.sys
2011/05/21 21:36:26.0968 3004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
2011/05/21 21:36:27.0296 3004 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
2011/05/21 21:36:27.0640 3004 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS2\system32\drivers\RDPWD.sys
2011/05/21 21:36:27.0953 3004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS2\system32\DRIVERS\redbook.sys
2011/05/21 21:36:28.0390 3004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS2\system32\DRIVERS\secdrv.sys
2011/05/21 21:36:28.0781 3004 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS2\system32\drivers\senfilt.sys
2011/05/21 21:36:29.0093 3004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS2\system32\DRIVERS\serenum.sys
2011/05/21 21:36:29.0406 3004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS2\system32\DRIVERS\serial.sys
2011/05/21 21:36:29.0718 3004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS2\system32\drivers\Sfloppy.sys
2011/05/21 21:36:30.0312 3004 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS2\system32\drivers\smwdm.sys
2011/05/21 21:36:30.0843 3004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS2\system32\drivers\splitter.sys
2011/05/21 21:36:31.0156 3004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS2\system32\DRIVERS\sr.sys
2011/05/21 21:36:31.0515 3004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS2\system32\DRIVERS\srv.sys
2011/05/21 21:36:31.0781 3004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS2\system32\DRIVERS\swenum.sys
2011/05/21 21:36:32.0093 3004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS2\system32\drivers\swmidi.sys
2011/05/21 21:36:33.0406 3004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS2\system32\drivers\sysaudio.sys
2011/05/21 21:36:33.0750 3004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS2\system32\DRIVERS\tcpip.sys
2011/05/21 21:36:34.0046 3004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS2\system32\drivers\TDPIPE.sys
2011/05/21 21:36:34.0296 3004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS2\system32\drivers\TDTCP.sys
2011/05/21 21:36:34.0562 3004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS2\system32\DRIVERS\termdd.sys
2011/05/21 21:36:35.0140 3004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS2\system32\drivers\Udfs.sys
2011/05/21 21:36:35.0703 3004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS2\system32\DRIVERS\update.sys
2011/05/21 21:36:36.0015 3004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS2\system32\DRIVERS\usbehci.sys
2011/05/21 21:36:36.0453 3004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS2\system32\DRIVERS\usbhub.sys
2011/05/21 21:36:36.0734 3004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
2011/05/21 21:36:37.0015 3004 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
2011/05/21 21:36:37.0312 3004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS2\System32\drivers\vga.sys
2011/05/21 21:36:37.0843 3004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS2\system32\drivers\VolSnap.sys
2011/05/21 21:36:38.0265 3004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS2\system32\DRIVERS\wanarp.sys
2011/05/21 21:36:38.0875 3004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS2\system32\drivers\wdmaud.sys
2011/05/21 21:36:39.0250 3004 ================================================================================
2011/05/21 21:36:39.0250 3004 Scan finished
2011/05/21 21:36:39.0250 3004 ================================================================================
 
Hi,

Download a fresh copy of ComboFix. Rename ComboFix.exe file -> whatever.exe and try to run it (turn off Comodo first).
 
I shut down comodo and a few other things and ran combofix under the name kickyourass.exe here is the log it produced:

ComboFix 11-05-21.03 - Me 05/21/2011 23:35:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.318 [GMT 3:00]
Running from: c:\documents and settings\Me.TIM\Desktop\Kickyourass.exe
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users.WINDOWS2\Application Data\SecTaskMan\_entreelist.dll
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\hannah\WINDOWS
c:\documents and settings\Mahjong\UNWISE.EXE
c:\documents and settings\me\Application Data\PriceGong
c:\documents and settings\me\Application Data\PriceGong\Data\1.xml
c:\documents and settings\me\Application Data\PriceGong\Data\a.xml
c:\documents and settings\me\Application Data\PriceGong\Data\b.xml
c:\documents and settings\me\Application Data\PriceGong\Data\c.xml
c:\documents and settings\me\Application Data\PriceGong\Data\d.xml
c:\documents and settings\me\Application Data\PriceGong\Data\e.xml
c:\documents and settings\me\Application Data\PriceGong\Data\f.xml
c:\documents and settings\me\Application Data\PriceGong\Data\g.xml
c:\documents and settings\me\Application Data\PriceGong\Data\h.xml
c:\documents and settings\me\Application Data\PriceGong\Data\i.xml
c:\documents and settings\me\Application Data\PriceGong\Data\J.xml
c:\documents and settings\me\Application Data\PriceGong\Data\k.xml
c:\documents and settings\me\Application Data\PriceGong\Data\l.xml
c:\documents and settings\me\Application Data\PriceGong\Data\m.xml
c:\documents and settings\me\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\me\Application Data\PriceGong\Data\n.xml
c:\documents and settings\me\Application Data\PriceGong\Data\o.xml
c:\documents and settings\me\Application Data\PriceGong\Data\p.xml
c:\documents and settings\me\Application Data\PriceGong\Data\q.xml
c:\documents and settings\me\Application Data\PriceGong\Data\r.xml
c:\documents and settings\me\Application Data\PriceGong\Data\s.xml
c:\documents and settings\me\Application Data\PriceGong\Data\t.xml
c:\documents and settings\me\Application Data\PriceGong\Data\u.xml
c:\documents and settings\me\Application Data\PriceGong\Data\v.xml
c:\documents and settings\me\Application Data\PriceGong\Data\w.xml
c:\documents and settings\me\Application Data\PriceGong\Data\x.xml
c:\documents and settings\me\Application Data\PriceGong\Data\y.xml
c:\documents and settings\me\Application Data\PriceGong\Data\z.xml
c:\documents and settings\me\WINDOWS
c:\documents and settings\youssef\WINDOWS
c:\program files\dialers
c:\program files\WinPCap
c:\program files\WinPCap\install.log
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-20 16:56 . 2011-05-20 17:00 -------- d-----w- C:\52d9b97d3a4e2130724323
2011-05-20 16:40 . 2011-05-18 20:10 331805736 ----a-w- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2011-05-18 15:47 . 2011-05-18 15:47 -------- d-----w- c:\documents and settings\Family
2011-05-16 18:12 . 2011-05-16 18:13 -------- d-----w- c:\program files\Ask.com
2011-05-16 18:12 . 2011-05-16 18:12 -------- d-----w- c:\program files\Foxit Software
2011-05-14 22:00 . 2011-05-14 22:00 -------- d-----w- C:\VritualRoot
2011-05-14 21:54 . 2011-05-14 21:54 -------- d-----w- c:\program files\ERUNT
2011-05-11 11:44 . 2011-05-11 11:45 -------- d-----r- C:\MS Office 2007 ENG
2011-05-11 06:49 . 2011-05-11 06:51 -------- d-----w- c:\program files\Security Task Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows2\system32\GPhotos.scr
2011-03-04 06:45 . 2003-07-16 16:43 434176 ----a-w- c:\windows2\system32\vbscript.dll
2011-03-03 13:21 . 2003-07-16 16:45 1857920 ----a-w- c:\windows2\system32\win32k.sys
2011-04-14 16:26 . 2011-05-10 17:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-08-12 06:12 . 2006-12-24 10:49 135680 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . 865A48ECBD314A8089BB108FF5DF9532 . 220160 . . [5.1.2600.5512] . . c:\windows2\regedit.exe
[-] 2008-04-14 . 865A48ECBD314A8089BB108FF5DF9532 . 220160 . . [5.1.2600.5512] . . c:\windows2\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows2\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe
[7] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows2\$NtServicePackUninstall$\regedit.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 19:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows2\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows2\System32\igfxtray.exe" [2005-06-21 237568]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 513344]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
.
c:\documents and settings\Me.TIM\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BCMSMMSG"=BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS2\\System32\\igfxtray.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\LSDSMCAUVUTYBOG.scr"=
"c:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows2\system32\drivers\bcm42xx5.sys [5/10/2011 6:31 PM 54271]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows2\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 19:44]
.
2011-05-21 c:\windows2\Tasks\WGASetup.job
- c:\windows2\system32\KB905474\wgasetup.exe [2011-05-13 19:18]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:egyptainhollandiatissueculture@msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows2\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Me.TIM\Application Data\Mozilla\Firefox\Profiles\6tv5e5pb.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 23:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\windows2\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(960)
c:\windows2\system32\WININET.dll
c:\windows2\system32\guard32.dll
c:\windows2\system32\ieframe.dll
.
Completion time: 2011-05-22 00:10:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 21:10
.
Pre-Run: 30,751,260,672 bytes free
Post-Run: 30,250,291,200 bytes free
.
Current=4 Default=4 Failed=1 LastKnownGood=6 Sets=1,2,3,4,6
- - End Of File - - C119386E6443DF67E2011AD241A55CBB
 
Good. Please upload c:\windows2\regedit.exe file to http://www.virustotal.com and post back the results or a link to the results.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer

Disable WinPatrol's realtime protection.
  • Right-click the running icon of Winpatrol in the system tray
  • Choose exit. It will automatically restart at next boot.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
FixCSet::


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
 
You must log in or register to reply here.
Back
Top