Malware/Virus with Search Redirect and Blocking Windows Update

damonb10 · 12-19-2010, 05:51 PM

I've managed to contract some kind of virus or malware that has infected my computer. I believe this may have happened about 4 days ago. I mistakenly clicked my way into some sketchy websites. After visiting them I was getting the BS fake warnings from fake antivirus that my system is infected and I need to click all these things. I ignored them as best I could and shtudown. Seems to no avail, because I now have a system that gets sluggish at times, redirects clicks from search results to advertising pages most of the time, and also blocks access to windows update. Lastly, I now get the Win32 services error periodically.

I attempted scans with SpyBot, Malware, Microsoft Online Scanner, and Avira Antivir. Through these scans, some items were fixed and improved, but I'm left with the issues I list above that I can't get rid off. Thanks for the help!

Here are the scans asked for:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Damon at 18:20:54.48 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
============== Running Processes ===============
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Damon\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\damon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax4227.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\damon\applic~1\mozilla\firefox\profiles\gz3qtvwl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\damon\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
============= SERVICES / DRIVERS ===============
R? NPF;NetGroup Packet Filter Driver
R? sbusb;Sound Blaster USB Audio Driver
R? Si670m;WayTech Bluetooth USB Filter Driver
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? McrdSvc;Media Center Extender Service
S? WinDefend;Windows Defender
=============== Created Last 30 ================
2010-12-19 21:49:09 1409 ----a-w- c:\windows\QTFont.for
2010-12-16 01:57:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-16 01:57:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-15 04:28:48 0 ----a-w- c:\windows\Bcune.bin
2010-12-15 04:28:47 -------- d-----w- c:\docume~1\damon\locals~1\applic~1\{AD60039E-3076-4283-B993-74D725DFD13D}
2010-12-15 04:26:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\gDkNl06501
2010-12-11 02:40:21 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{8d257792-10f1-4e6b-960e-a4fef09cc924}\mpengine.dll
==================== Find3M ====================
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4F6555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4fc7b0]; MOV EAX, [0x8a4fc82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A51EAB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000008e[0x8A568030]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A565940]
\Driver\atapi[0x8A512270] -> IRP_MJ_CREATE -> 0x8A4F6555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1234GSX_______________________AH001A__#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4F639B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 18:23:42.35 ===============

**amateur** · 12-22-2010, 02:07 AM

Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please refrain from any self-fixing or running of scanners unless requested by me or another helper at this forum.

Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

======================

Download ComboFix from one of these locations, but do not run it yet.

Link 1
Link 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here:
How to disable your security applications

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.

In the Mode menu click "Advanced mode" if not already selected.

Choose "Yes" at the Warning prompt.

Expand the "Tools" menu.

Click "Resident".

Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.

In the File menu click "Exit" to exit Spybot Search & Destroy.

-----------------

To disable Avira Antivirus:

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
right click it-> untick the option AntiVir Guard enable.

You should now see a closed, white umbrella on a red background (looks to this: )

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

If there are internet issues afterward:

Reboot the machine, and check again.

If still issues...

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

damonb10 · 12-22-2010, 06:23 PM

Here is the combofix log. Also, when I opened IE to respond to this thread, I got another ad popup. Thank you for your continued help.

ComboFix 10-12-22.01 - Damon 12/22/2010 19:54:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.984 [GMT -6:00]
Running from: c:\documents and settings\Damon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Damon\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {887C86DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {889C5054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {87E8D794-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {886EA624-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {886EDA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88839474-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88865DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88882DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88886DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888947CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888AA054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B0A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B28D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888C5624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8890D8FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8890E664-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88912DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88914054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88937054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8894229C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889456F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8894FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88955DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8895F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88961DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889643FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88965054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889775F4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88988624-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88989794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88992054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88994A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899551C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88999DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899C51C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A035C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A5A5C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A7054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A86DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A8A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A8C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AB584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AC6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AC7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AE054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B02A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B43CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B5794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B589C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B66FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B7C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B9054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BB054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BE44C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BE794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BEA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889C535C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889C5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889CA36C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D151C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D435C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D4B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D53C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DA534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DA7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DD89C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889E06DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A0451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A05474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A08BB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A0DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A10A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A15DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A167E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A167F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A19AE4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1BC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1E794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1F6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A2045C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A218C4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A26C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A287E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A4663C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A51794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A53054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A55054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A57C2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5BA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88B9E054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88BBE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C0A3EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C24DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C3186C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88CC526C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88D40B54-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E42C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E446E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E44C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E4F51C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E55DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E6151C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88EC8AEC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88ECCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88EF4A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F039B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F07A84-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1035C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1D534-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1DDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F2BC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F5D484-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F7FDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F827D4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F8BDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F9C8BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88FFFC1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890036DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8900935C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8900E464-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890106DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890166DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890195E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890C151C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890CB7F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890CFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890D1A74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890DB51C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890E1C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890F8054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890FC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89102724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89103054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89104C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89105C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89108B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8910EDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8910F8B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8911045C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89113DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8911635C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89121054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89128C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8912ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89132C34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8916ADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918335C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918B7BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89198054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89239DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8933D544-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8944951C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8944BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8945289C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89456DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89492C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89495C1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895BF6C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895D4A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895DADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895F09DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {896FF534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89700C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89739054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8980353C-FFA4-00CC-0D24-347CA8A3377C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Damon\Local Settings\Application Data\{AD60039E-3076-4283-B993-74D725DFD13D}
c:\documents and settings\Damon\Local Settings\Application Data\{AD60039E-3076-4283-B993-74D725DFD13D}\chrome\content\_cfg.js
c:\documents and settings\Damon\Local Settings\Application Data\{AD60039E-3076-4283-B993-74D725DFD13D}\chrome\content\overlay.xul
c:\documents and settings\Damon\Local Settings\Application Data\{AD60039E-3076-4283-B993-74D725DFD13D}\install.rdf
c:\windows\system32\Data
c:\windows\system32\Oeminfo.ini
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.
2010-12-19 21:49 . 2010-12-19 21:49 1409 ----a-w- c:\windows\QTFont.for
2010-12-19 01:00 . 2010-12-19 01:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-19 00:58 . 2010-12-19 00:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-12-19 00:56 . 2010-12-19 00:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-18 00:10 . 2010-12-19 21:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-16 01:57 . 2010-12-16 01:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-15 04:28 . 2010-12-16 01:40 0 ----a-w- c:\windows\Bcune.bin
2010-12-15 04:26 . 2010-12-16 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\gDkNl06501
2010-12-11 02:40 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8D257792-10F1-4E6B-960E-A4FEF09CC924}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 00:27 . 2009-05-20 01:14 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-29 23:42 . 2009-12-24 15:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2009-12-24 15:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 23:05 . 2009-05-20 01:14 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-10 04:33 . 2006-08-15 02:14 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 16:41 . 2009-10-02 23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Damon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Damon\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-3 114688]
Bluetooth Mouse.lnk - c:\program files\Bluetooth Mouse\MulMouse.exe [N/A]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Damon\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Westwood\\RA2\\patchget.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2009 7:14 PM 135336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 3:10 PM 32512]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys --> c:\windows\system32\DRIVERS\sbusb.sys [?]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [12/26/2008 12:47 PM 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389452956-1308675061-1294138080-1005Core.job
- c:\documents and settings\Damon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 01:24]
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389452956-1308675061-1294138080-1005UA.job
- c:\documents and settings\Damon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 01:24]
2010-12-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2010-12-23 c:\windows\Tasks\User_Feed_Synchronization-{922BD77F-93C3-4998-85E6-90826C2D7BCD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Damon\Application Data\Mozilla\Firefox\Profiles\gz3qtvwl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKLM-Run-CmUsbSound - cmcnfgu.cpl
SafeBoot-WudfPf
SafeBoot-WudfRd

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 20:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A52B555]<<
c:\docume~1\Damon\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5317b0]; MOV EAX, [0x8a53182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A54EAB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000008f[0x8A545F18]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A54D940]
\Driver\atapi[0x8A4C2270] -> IRP_MJ_CREATE -> 0x8A52B555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1234GSX_______________________AH001A__#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A52B39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-389452956-1308675061-1294138080-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-22 20:09:44
ComboFix-quarantined-files.txt 2010-12-23 02:09
Pre-Run: 79,730,720,768 bytes free
Post-Run: 80,497,254,400 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - FCB53C8CF2D31E160A18E6573D0F93E7

**amateur** · 12-22-2010, 11:27 PM

Download TDSSKiller.exe to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, ensure Cure is selected (it should be by default, if not choose Skip)
Click Continue then click Reboot now

NOTE: If Cure is not an option, select Skip
Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
Attach that log, please.

damonb10 · 12-23-2010, 04:45 PM

The log file is attached. After the scan and reboot windows updates were able to download. I held off on installing them until you give me the go ahead.

Thanks.

**amateur** · 12-24-2010, 12:28 AM

Hi,

You had an MBR (master boot record) infection which appears to be cured now. It's one of the latest variants of a backdoor trojan. Therefore,
it would be prudent to get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation, if you do any banking or other financial transactions on the PC or if it should contain any other sensitive information.

======================

Quote:

I held off on installing them until you give me the go ahead.

Good idea for the time being. You can do that as soon as we are done, after a few more scans to look for remnants, etc.

======================

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Please run Combofix one more time and post the log, making sure that the security applications are disabled prior to the scan, re: previous instructions.

======================

It's always a good idea to have a look from outside too. The following scan may take a while, but it's worth it.

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

======================

Please copy/paste the logs from Combofix, Malwarebytes' Anti-Malware and the ESET online scanner as well as a fresh DDS.txt.

damonb10 · 12-24-2010, 09:15 AM

Thanks for all your help!
Here are all the logs in the following order (ComboFix, MalwareBytes, ESET, DDS):

ComboFix 10-12-23.05 - Damon 12/24/2010 9:49.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.898 [GMT -6:00]
Running from: c:\documents and settings\Damon\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {887C86DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {889C5054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {87E8D794-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {886EA624-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {886EDA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88839474-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88865DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88882DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88886DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888947CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888AA054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B0A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B28D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888C5624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8890D8FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8890E664-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88912DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88914054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88937054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8894229C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889456F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8894FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88955DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8895F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88961DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889643FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88965054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889775F4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88988624-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88989794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88992054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88994A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899551C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88999DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899C51C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A035C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A5A5C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A7054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A86DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A8A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A8C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AB584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AC6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AC7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AE054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B02A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B43CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B5794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B589C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B66FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B7C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B9054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BB054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BE44C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BE794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BEA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889C535C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889C5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889CA36C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D151C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D435C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D4B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D53C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DA534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DA7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DD89C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889E06DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A0451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A05474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A08BB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A0DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A10A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A15DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A167E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A167F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A19AE4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1BC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1E794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1F6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A2045C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A218C4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A26C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A287E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A4663C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A51794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A53054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A55054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A57C2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5BA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88B9E054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88BBE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C0A3EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C24DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C3186C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88CC526C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88D40B54-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E42C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E446E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E44C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E4F51C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E55DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E6151C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88EC8AEC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88ECCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88EF4A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F039B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F07A84-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1035C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1D534-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1DDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F2BC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F5D484-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F7FDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F827D4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F8BDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F9C8BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88FFFC1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890036DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8900935C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8900E464-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890106DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890166DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890195E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890C151C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890CB7F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890CFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890D1A74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890DB51C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890E1C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890F8054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890FC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89102724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89103054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89104C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89105C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89108B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8910EDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8910F8B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8911045C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89113DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8911635C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89121054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89128C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8912ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89132C34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8916ADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918335C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918B7BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89198054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89239DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8933D544-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8944951C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8944BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8945289C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89456DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89492C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89495C1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895BF6C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895D4A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895DADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895F09DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {896FF534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89700C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89739054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8980353C-FFA4-00CC-0D24-347CA8A3377C}
.

((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 15:43 . 2010-12-24 15:43 -------- d-----w- c:\program files\ESET
2010-12-24 15:23 . 2010-12-24 15:23 709456 ----a-w- c:\windows\isRS-000.tmp
2010-12-24 15:21 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7ED3E007-8DB8-4B7A-AB3B-34E230D15651}\mpengine.dll
2010-12-24 00:40 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-24 00:40 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-19 21:49 . 2010-12-19 21:49 1409 ----a-w- c:\windows\QTFont.for
2010-12-19 01:00 . 2010-12-19 01:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-19 00:58 . 2010-12-19 00:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-12-19 00:56 . 2010-12-19 00:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-18 00:10 . 2010-12-19 21:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-16 01:57 . 2010-12-16 01:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-15 04:28 . 2010-12-16 01:40 0 ----a-w- c:\windows\Bcune.bin
2010-12-15 04:26 . 2010-12-16 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\gDkNl06501

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2009-12-24 15:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-12-24 15:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 00:27 . 2009-05-20 01:14 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-22 23:05 . 2009-05-20 01:14 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2006-02-15 15:36 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2006-08-15 02:14 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-02-15 14:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-02-15 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-02-15 14:02 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-02-15 14:03 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-15 14:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-15 14:04 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 16:41 . 2009-10-02 23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-23_02.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-24 15:25 . 2010-12-24 15:25 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
- 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2006-02-15 14:03 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
+ 2006-02-15 14:03 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2006-10-27 21:09 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2006-10-27 21:09 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-02-15 14:02 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
- 2006-02-15 14:02 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2009-06-14 02:55 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-14 02:55 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-10 01:13 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-10 01:13 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 19:05 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 19:05 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:25 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2006-02-15 15:44 . 2010-11-10 00:28 57344 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
+ 2006-02-15 15:44 . 2010-12-24 15:19 57344 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
+ 2010-12-24 15:20 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
- 2006-02-15 15:44 . 2010-11-10 00:28 4096 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-02-15 15:44 . 2010-12-24 15:19 4096 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-02-15 14:03 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
- 2006-02-15 14:03 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
- 2006-02-15 14:03 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2006-02-15 14:03 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2006-10-27 21:09 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
- 2006-10-27 21:09 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2006-02-15 14:02 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2006-02-15 14:02 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
- 2006-02-15 14:02 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-15 14:02 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-15 14:02 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
- 2006-02-15 07:29 . 2010-10-14 00:08 189792 c:\windows\system32\FNTCACHE.DAT
+ 2006-02-15 07:29 . 2010-12-24 15:25 189792 c:\windows\system32\FNTCACHE.DAT
- 2006-05-10 05:25 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-10-17 19:04 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 19:04 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:25 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-10 01:13 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 01:13 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-14 02:55 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-14 02:55 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:25 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 23:25 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 23:25 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-10-27 08:44 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-10-27 08:44 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-10-27 08:44 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-11-12 17:08 . 2010-11-12 17:08 889344 c:\windows\Installer\68c50.msp
- 2006-02-15 15:44 . 2010-11-10 00:28 135168 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-02-15 15:44 . 2010-12-24 15:19 135168 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-12-24 15:20 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-24 15:20 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-24 15:20 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-24 15:20 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-24 15:20 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2006-02-15 14:04 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
- 2006-02-15 14:04 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2006-02-15 14:03 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2006-10-17 18:57 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2008-10-15 00:59 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
- 2006-05-10 05:25 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:06 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-10 01:13 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2006-10-27 21:09 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2007-05-10 01:13 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-12-24 15:20 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Damon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Damon\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-3 114688]
Bluetooth Mouse.lnk - c:\program files\Bluetooth Mouse\MulMouse.exe [N/A]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Damon\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Westwood\\RA2\\patchget.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2009 7:14 PM 135336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 3:10 PM 32512]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys --> c:\windows\system32\DRIVERS\sbusb.sys [?]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [12/26/2008 12:47 PM 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389452956-1308675061-1294138080-1005Core.job
- c:\documents and settings\Damon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 01:24]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389452956-1308675061-1294138080-1005UA.job
- c:\documents and settings\Damon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 01:24]

2010-12-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-12-24 c:\windows\Tasks\User_Feed_Synchronization-{922BD77F-93C3-4998-85E6-90826C2D7BCD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Damon\Application Data\Mozilla\Firefox\Profiles\gz3qtvwl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 09:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-389452956-1308675061-1294138080-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5084)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-12-24 09:57:24
ComboFix-quarantined-files.txt 2010-12-24 15:57
ComboFix2.txt 2010-12-23 02:09

Pre-Run: 80,007,753,728 bytes free
Post-Run: 80,099,831,808 bytes free

- - End Of File - - 35B48D9C334B2036A7958D94BABA8294

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/24/2010 9:38:36 AM
mbam-log-2010-12-24 (09-38-36).txt

Scan type: Quick scan
Objects scanned: 157156
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=abb084413df0ba4e8e77a4176a500440
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-24 04:55:11
# local_time=2010-12-24 10:55:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775129 100 100 0 67152989 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88538
# found=0
# cleaned=0
# scan_time=2886

DDS (Ver_10-12-12.02) - NTFSx86
Run by Damon at 11:07:07.21 on Fri 12/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.881 [GMT -6:00]

AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8890D8FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F07A84-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88914054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {886EDA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888C5624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A167F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AE054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890CFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8912ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890E1C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A86DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89113DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88961DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89492C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88EC8AEC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890166DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DD89C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A7054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A57C2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88989794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AC7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8910F8B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D4B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A5A5C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88882DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8900935C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F039B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89121054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F9C8BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A8C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AC6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89198054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A4663C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A167E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B66FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8910EDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1035C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890036DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BE44C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8944BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88ECCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8890E664-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88865DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DA534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899551C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8894229C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F7FDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88D40B54-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A287E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8944951C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D435C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A8A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88839474-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889CA36C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E4F51C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890DB51C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E446E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88886DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888AA054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889775F4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8916ADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8933D544-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A55054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D151C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B5794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89103054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1DDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88CC526C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A15DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89456DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B589C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889C5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88988624-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8945289C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88B9E054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89128C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BE794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {887C86DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888947CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BEA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890D1A74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8911635C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889DA7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A51794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B0A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5BA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889E06DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890C151C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1BC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88992054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8894FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A0451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E44C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889BB054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89105C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889456F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C24DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A19AE4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F8BDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918335C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {886EA624-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A0DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89495C1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889C535C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E55DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {889C5054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {896FF534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88965054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899C51C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89739054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890F8054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F2BC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89102724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89239DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C0A3EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F1D534-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88999DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895DADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890FC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89104C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8980353C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895D4A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {888B28D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890195E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F5D484-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B43CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A5BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890CB7F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A218C4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8900E464-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B02A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E6151C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89108B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B7C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889643FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89700C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895BF6C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A10A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8899DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889AB584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889B9054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A26C1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88912DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {87E8D794-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88BBE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88955DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A08BB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88EF4A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88FFFC1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A2045C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88F827D4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A53054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8911045C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {89132C34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {890106DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A035C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88E42C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88C3186C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8918B7BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1E794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889D53C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88994A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {895F09DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88937054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A05474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8895F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {889A9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {88A1F6E4-FFA4-00DE-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Damon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\damon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\damon\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\bluetooth mouse\MulMouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax4227.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\damon\applic~1\mozilla\firefox\profiles\gz3qtvwl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-19 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-19 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-19 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-19 61960]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys --> c:\windows\system32\drivers\sbusb.sys [?]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [2008-12-26 13312]

=============== Created Last 30 ================

2010-12-24 15:43:26 -------- d-----w- c:\program files\ESET
2010-12-24 15:23:15 709456 ----a-w- c:\windows\isRS-000.tmp
2010-12-24 15:21:49 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{7ed3e007-8db8-4b7a-ab3b-34e230d15651}\mpengine.dll
2010-12-24 00:40:31 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-24 00:40:01 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-23 01:34:46 -------- d-sha-r- C:\cmdcons
2010-12-23 01:30:28 98816 ----a-w- c:\windows\sed.exe
2010-12-23 01:30:28 89088 ----a-w- c:\windows\MBR.exe
2010-12-23 01:30:28 256512 ----a-w- c:\windows\PEV.exe
2010-12-23 01:30:28 161792 ----a-w- c:\windows\SWREG.exe
2010-12-19 21:49:09 1409 ----a-w- c:\windows\QTFont.for
2010-12-16 01:57:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-16 01:57:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-15 04:28:48 0 ----a-w- c:\windows\Bcune.bin
2010-12-15 04:26:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\gDkNl06501

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 11:08:08.57 ===============

**amateur** · 12-24-2010, 02:33 PM

Hi,

Looking good. We are almost done.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"c:\windows\isRS-000.tmp
c:\windows\Bcune.bin"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
"c:\documents and settings\All Users\Application Data\gDkNl06501"
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

===========================

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove Programs):

J2SE Runtime Environment 5.0 Update 4

It's outdated, and security risk by having it installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 21 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Latest version is update 22.

===========================

If you have no further malware issues, you're all set to go. The logs are clean.

Please disable your antivirus application as you've done before .

Click Start then Run
Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /

.

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your antivirus application now.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please visit our General Computer Security Forum and review PC Safety and Security - What Do I Need? for some helpful information.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!

damonb10 · 12-24-2010, 08:39 PM

I ran the .bat file you instructed and the results were this:

Deleted Successfully!!
Press any key to continue...

Also, I uninstalled ComboFix and started to enable my antivirus, SpyBot, and Windows Defender programs. When I enabled protection on Windows Defender, it listed the following:

Summary:
System Configuration change occurred.

This agent monitors security related configuration changes made to Windows.

Detected changes:
New: PEVSystemStart
Original: Not available

safeboot (New):
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart

Advice:
Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Checkpoint:
Safe Boot

Category:
Configuration Change

ummary:
System Configuration change occurred.

This agent monitors security related configuration changes made to Windows.

Detected changes:
New: PEVSystemStart
Original: Not available

safeboot (New):
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart

Advice:
Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Checkpoint:
Safe Boot

Category:
Configuration Change

Summary:
System Configuration change occurred.

This agent monitors security related configuration changes made to Windows.

Detected changes:
New: procexp90.Sys
Original: Not available

safeboot (New):
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

Advice:
Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Checkpoint:
Safe Boot

Category:
Configuration Change

Summary:
System Configuration change occurred.

This agent monitors security related configuration changes made to Windows.

Detected changes:
New: procexp90.Sys
Original: Not available

safeboot (New):
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys

Advice:
Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Checkpoint:
Safe Boot

Category:
Configuration Change

Summary:
System Configuration change occurred.

This agent monitors security related configuration changes made to Windows.

Detected changes:
file (Changed):
@S-1-5-21-389452956-1308675061-1294138080-1005\C:\WINDOWS\system32\drivers\etc\hosts

Advice:
Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Checkpoint:
Hosts File

Category:
Configuration Change

----------------------------------------------

I assume these are okay and had something to do with the safe restore point that you mentioned was created. I went ahead an allowed the actions. If that is the wrong decision, please let me know.

Thanks for the very clear directions and for all your help. It is very much appreciated! Happy Holidays!

**amateur** · 12-24-2010, 11:15 PM

You're welcome. Glad to have been able to help.

Those changes were indeed made by our tools. You did well by allowing them.

Stay safe and Happy Holidays to you too!