[tpeac]

I had set up avast home and was trying to do so in safe mode but after several tries couldn't get in so used the MSCONGIG.BOOt.INI TAB.

Later I was using the internet and the IE7 screen went blank then :

Internal Server Error Server encountered an internal error or misconfiguration and was unable complete your request, see server log. Now as I didn't know how or where I tried the event log and found several entries about checking logins. Logon Process Names:KSecDD; Winlogon; Winlogon\MSGina; DComSCM; CHAP; LAN Manager Workstation Service. So I sought advice from the forum unfortunately I stated that 'I had come across ANTI VIRUS 2009-WLOC instructions' - I was advised to visit the Security Forum.

I went to do a Panda Scan and as I clicked Scan the screen changed:
Server Error in '/active scan' Application.

So I tried to explain again and was advised to get EXpert Help with malaware removal.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Coral at 2008-11-13 15:40:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (79%) free of 76 GB
Total RAM: 191 MB (16% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Coral\Start Menu\Programs\Startup
WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-13 15:40:52 ----D---- C:\rsit
2008-11-13 09:08:59 ----A---- C:\WINDOWS\Gmer.txt
2008-11-13 07:51:56 ----A---- C:\WINDOWS\gmer.ini
2008-11-13 07:51:53 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-13 07:51:53 ----A---- C:\WINDOWS\gmer.exe
2008-11-13 07:51:53 ----A---- C:\WINDOWS\gmer.dll
2008-11-12 17:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 17:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 17:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 09:17:27 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-03 08:35:29 ----D---- C:\Program Files\Alwil Software
2008-11-03 07:58:57 ----A---- C:\WINDOWS\win.ini
2008-11-03 07:58:57 ----A---- C:\WINDOWS\system.ini
2008-11-03 07:57:41 ----D---- C:\WINDOWS\pss
2008-11-02 16:10:23 ----D---- C:\Downloads
2008-11-02 16:07:04 ----D---- C:\newfolder
2008-11-01 15:26:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-31 09:27:58 ----A---- C:\WINDOWS\zllsputility.exe
2008-10-31 09:27:24 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-10-31 09:27:23 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-10-31 09:27:21 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-10-31 09:27:21 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-10-31 09:27:14 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-10-31 09:27:13 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-10-31 09:27:13 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-10-31 09:27:11 ----D---- C:\Program Files\Zone Labs
2008-10-31 09:27:11 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-10-31 09:27:11 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-10-31 09:18:29 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-10-31 09:18:29 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-10-31 09:18:29 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-10-31 08:42:19 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-31 08:42:18 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-31 08:42:17 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-31 08:42:16 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-31 08:35:29 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-31 08:34:25 ----HD---- C:\WINDOWS\ie7
2008-10-31 07:59:11 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-31 07:59:10 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-31 07:59:08 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-31 07:59:04 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-31 07:59:03 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-31 07:59:01 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-31 07:59:00 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-24 08:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 13:42:05 ----D---- C:\Program Files\Trend Micro
2008-10-15 17:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 16:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 16:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-13 15:41:11 ----D---- C:\WINDOWS\Prefetch
2008-11-13 15:39:23 ----D---- C:\WINDOWS\Temp
2008-11-13 15:27:12 ----D---- C:\WINDOWS\Internet Logs
2008-11-13 09:41:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-13 09:08:59 ----D---- C:\WINDOWS
2008-11-13 07:51:53 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 06:35:22 ----D---- C:\WINDOWS\system32
2008-11-12 17:19:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 17:17:06 ----HD---- C:\WINDOWS\inf
2008-11-12 17:16:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 17:16:45 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 17:16:38 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 17:14:55 ----SHD---- C:\WINDOWS\Installer
2008-11-12 17:14:55 ----HD---- C:\Config.Msi
2008-11-12 17:14:53 ----D---- C:\WINDOWS\WinSxS
2008-11-07 08:04:52 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-04 08:56:42 ----D---- C:\Program Files\Internet Explorer
2008-11-04 08:22:16 ----D---- C:\WINDOWS\system32\mui
2008-11-04 08:21:08 ----RSD---- C:\WINDOWS\assembly
2008-11-04 08:20:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 12:57:37 ----D---- C:\WINDOWS\network diagnostic
2008-11-03 10:59:17 ----SH---- C:\boot.ini
2008-11-03 08:35:29 ----RD---- C:\Program Files
2008-11-02 16:15:53 ----D---- C:\WINDOWS\Help
2008-10-31 09:29:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-31 09:28:05 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-31 09:04:40 ----D---- C:\WINDOWS\system32\config
2008-10-31 09:00:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-31 09:00:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-31 08:58:29 ----SD---- C:\WINDOWS\Tasks
2008-10-31 08:45:30 ----D---- C:\WINDOWS\AppPatch
2008-10-31 08:44:27 ----D---- C:\WINDOWS\system32\wbem
2008-10-31 08:44:23 ----D---- C:\WINDOWS\Registration
2008-10-31 08:38:32 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-31 08:38:32 ----D---- C:\WINDOWS\system32\en
2008-10-31 08:38:28 ----D---- C:\WINDOWS\system32\usmt
2008-10-31 08:38:07 ----D---- C:\Program Files\Common Files\System
2008-10-31 08:38:05 ----D---- C:\Program Files\Messenger
2008-10-31 08:38:03 ----D---- C:\Program Files\Movie Maker
2008-10-31 08:38:02 ----D---- C:\Program Files\NetMeeting
2008-10-31 08:38:00 ----D---- C:\Program Files\Outlook Express
2008-10-31 08:37:59 ----D---- C:\Program Files\Windows Media Player
2008-10-31 08:37:58 ----D---- C:\Program Files\Windows NT
2008-10-31 08:37:55 ----D---- C:\WINDOWS\ime
2008-10-31 08:37:49 ----D---- C:\WINDOWS\msagent
2008-10-31 08:37:47 ----D---- C:\WINDOWS\mui
2008-10-31 08:37:45 ----D---- C:\WINDOWS\system
2008-10-31 08:37:45 ----D---- C:\WINDOWS\srchasst
2008-10-31 08:37:45 ----D---- C:\WINDOWS\PeerNet
2008-10-31 08:36:30 ----D---- C:\WINDOWS\system32\Com
2008-10-31 08:36:30 ----D---- C:\WINDOWS\system32\bits
2008-10-31 08:35:57 ----D---- C:\WINDOWS\system32\Setup
2008-10-31 08:35:57 ----D---- C:\WINDOWS\system32\Restore
2008-10-31 08:35:57 ----D---- C:\WINDOWS\system32\oobe
2008-10-31 08:35:57 ----D---- C:\WINDOWS\system32\npp
2008-10-31 08:35:21 ----RSD---- C:\WINDOWS\Fonts
2008-10-31 08:34:50 ----D---- C:\WINDOWS\WBEM
2008-10-31 08:34:44 ----D---- C:\WINDOWS\ie7updates
2008-10-31 08:34:03 ----D---- C:\Program Files\Windows Defender
2008-10-31 08:33:45 ----DC---- C:\WINDOWS\ie7(2)
2008-10-31 08:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-31 08:32:26 ----D---- C:\WINDOWS\ehome
2008-10-31 08:32:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-31 08:28:23 ----D---- C:\WINDOWS\ServicePackFiles(2)
2008-10-31 08:27:29 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2008-10-31 08:27:29 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2008-10-31 08:27:29 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(2)
2008-10-31 08:27:28 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2008-10-31 08:27:27 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(2)
2008-10-31 08:27:27 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2008-10-31 08:27:26 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(2)
2008-10-31 08:27:26 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(2)
2008-10-31 08:27:26 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(2)
2008-10-31 08:27:25 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(2)
2008-10-31 08:27:20 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(2)
2008-10-31 08:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-31 08:26:21 ----SD---- C:\Documents and Settings\Coral\Application Data\Microsoft
2008-10-31 08:26:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-31 07:45:54 ----D---- C:\WINDOWS\ServicePackFiles(3)
2008-10-31 07:44:26 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(3)
2008-10-31 07:44:25 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(3)
2008-10-31 07:44:24 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(3)
2008-10-31 07:44:23 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(3)
2008-10-31 07:44:21 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(3)
2008-10-31 07:44:19 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(3)
2008-10-22 15:51:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-18 16:18:22 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32(4)(2).dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-03-20 10496]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-03-28 390144]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S2 Ca533av;DV Series Video Capture; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-13 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DV Series Digital Camera; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-11-22 10984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

 

[Billy O'Neal]

Hello, tpeac
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

• In the meantime, please refrain from making any changes to your computer.
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Finally, please reply using the
  button in the lower left hand corner of your screen.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :wink:.

We need to run a Scan with DDS

1. Please download DDS, and save it to your desktop, from one of the following mirrors:
   • This is a mirror
   • This is another mirror
2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
3. Double click
   on your desktop.
4. If prompted by any script blocking tools, please allow any actions taken by DDS.
5. When prompted to preform an Optional Scan, please select
6. Two reports will open. Please reply with the generated reports:
   • DDS.txt <-- Copy and paste into your next post
   • Attach.txt <-- Attach to your next post

We need to scan for Rootkits with GMER

1. Please download GMER from one of the following mirrors:
   • This is the Primary mirror
   • This is a Secondary mirror
   • This is a Secondary mirror
2. Close any and all open programs, as this process may crash your computer.
3. Unzip the downloaded file to your desktop.
4. Double click
   on your desktop.
5. Allow the gmer.sys driver to load if asked.
6. You may see this window. If you do, click No.
   
7. Click on
   and wait for the scan to finish.
8. If you see a rootkit warning window, click OK.
9. Push
   and save the logfile to your desktop.
10. Copy and Paste the contents of that file in your next post.

In your next reply, please include the following:

• DDS.txt
• Attach.txt
• GMER's Log

Billy3

 

[Billy O'Neal]

Hello, tpeac
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

BillyIII