Antispyware Soft - unable to remove

View previous topic View next topic Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Mon May 31, 2010 8:01 pm

ComboFix 10-05-30.09 - Jarr 05/31/2010 12:32:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1054 [GMT -7:00]
Running from: c:\restore\Jarr\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 100531-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jarr\Application Data\inst.exe
c:\temp\tpBe12
c:\windows\system32\bszip.dll
c:\windows\system32\ineWc01
c:\windows\system32\test.ttt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SENEKA


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-29 23:59 . 2010-05-29 23:59 -------- d-----w- c:\program files\TrendMicro
2010-05-29 23:56 . 2010-05-29 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-26 01:12 . 2010-05-26 01:12 -------- d-----w- c:\program files\ESET
2010-05-26 01:02 . 2010-05-26 01:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-26 01:02 . 2010-05-29 22:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-26 01:01 . 2010-05-26 22:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 01:00 . 2010-05-26 01:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 01:00 . 2010-05-26 00:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 01:52 . 2010-05-25 01:52 -------- dc----w- C:\_OTL
2010-05-23 17:23 . 2010-05-23 17:23 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-23 16:29 . 2010-05-26 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:51 . 2010-05-22 21:51 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-22 21:32 . 2010-05-22 21:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-05-22 02:35 . 2010-05-22 02:35 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-22 02:34 . 2010-05-22 02:34 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 18:52 . 2009-06-01 07:07 -------- d-----w- c:\documents and settings\Jarr\Application Data\Vso
2010-05-29 23:59 . 2010-05-29 23:59 388096 ----a-r- c:\documents and settings\Jarr\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-27 04:09 . 2009-02-14 03:03 -------- d-----w- c:\documents and settings\Jarr\Application Data\Azureus
2010-05-26 01:04 . 2007-11-24 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 01:02 . 2010-05-26 01:02 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 01:00 . 2010-05-26 01:00 503808 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcp71.dll
2010-05-26 01:00 . 2010-05-26 01:00 499712 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\jmc.dll
2010-05-26 01:00 . 2010-05-26 01:00 348160 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcr71.dll
2010-05-26 01:00 . 2010-05-26 01:00 61440 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-sse.dll
2010-05-26 01:00 . 2010-05-26 01:00 12800 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-d3d.dll
2010-05-25 23:56 . 2005-09-28 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-25 23:56 . 2005-09-28 16:32 -------- d-----w- c:\program files\Java
2010-05-23 17:43 . 2009-01-08 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-23 17:24 . 2009-01-10 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 02:32 . 2010-03-31 10:17 660712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-16 16:50 . 2009-02-14 03:03 -------- d-----w- c:\program files\Vuze
2010-05-01 00:55 . 2008-06-08 06:51 -------- d-----w- c:\documents and settings\Jarr\Application Data\Yahoo!
2010-05-01 00:55 . 2008-06-07 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-01 00:54 . 2005-09-28 16:38 -------- d-----w- c:\program files\CyberLink
2010-05-01 00:49 . 2008-06-12 03:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:48 . 2008-06-12 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-01 00:46 . 2008-06-07 16:50 -------- d-----w- c:\program files\Yahoo!
2010-04-29 22:39 . 2009-01-10 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-01-10 03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 18:00 . 2009-04-23 22:48 4141117 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-17 18:00 . 2010-04-17 18:00 7282688 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-16 10:07 . 2008-06-12 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 00:38 . 2010-04-14 00:38 249856 ------w- c:\windows\Setup1.exe
2010-04-14 00:38 . 2010-04-14 00:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-11 04:16 . 2010-04-11 04:16 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-11 04:16 . 2010-04-11 04:16 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-11 04:16 . 2010-04-11 04:16 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-11 04:16 . 2010-04-11 04:16 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-11 04:16 . 2010-04-11 04:16 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Common Files\Real
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Real
2010-04-11 04:16 . 2010-04-11 04:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 03:53 . 2009-02-24 20:24 10686001 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\azump\mplayer.exe
2010-04-04 08:58 . 2007-10-30 01:32 70392 ----a-w- c:\documents and settings\Jarr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-03 19:01 . 2010-04-03 19:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-03 18:58 . 2005-09-28 16:39 -------- d-----w- c:\program files\Microsoft Works
2010-04-03 02:58 . 2010-04-03 02:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-02 14:23 . 2010-04-02 14:23 20846064 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-02 14:23 . 2010-04-02 14:23 8405312 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-02 14:23 . 2010-04-02 14:23 149000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-02 14:23 . 2010-04-02 14:22 10309448 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-02 14:22 . 2010-04-02 14:22 79368 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-02 14:22 . 2010-04-02 14:22 64000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-02 14:22 . 2010-04-02 14:22 52288 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 50688 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 49152 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-02 14:22 . 2010-04-02 14:22 118784 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-02 06:22 . 2010-04-02 06:22 439816 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\setup.exe
2010-03-25 23:27 . 2010-03-25 23:27 152576 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 23:27 . 2010-03-25 23:27 79488 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-02-17 05:33 . 2008-02-17 05:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Jarr\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-27 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/6/2009 3:31 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 3:31 AM 20560]
S0 gugre;gugre;c:\windows\system32\drivers\oauhjfq.sys --> c:\windows\system32\drivers\oauhjfq.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 8:12 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
BHO-{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
HKU-Default-Run-msiexec.exe - msiconf.exe
HKLM-Explorer_Run-XCQIlG2vLd - c:\documents and settings\All Users\Application Data\alqnobmr\yrmlcryt.exe
Notify-vtUklkJY - (no file)
AddRemove-B3EE3001-DC24-4cd1-8743-5692C716659F - c:\program files\EnglishOtto\uninstallotto.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-31 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E6CD01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-31 13:00:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 19:59

Pre-Run: 12,207,042,560 bytes free
Post-Run: 13,909,209,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A2EADDA1E8D48BF40B948736D2212BA8

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Mon May 31, 2010 11:41 pm

Hello.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue Jun 01, 2010 1:04 am

I did as you said...but when I went to "Run", copy and pasted the address provided...it says "Windows cannot find (C:\Documents and Settings\Jarr\Desktop\TDSSKiller.exe". Make sure you typed the name correct, and then try again. To search for a file, click the Start button, and then click Search."

The .exe and the notepad file are extracted on my desktop.

Not sure if this helps at all, but I went to the TDSSKiller Properties and it says the location is..."C:\restore\Jarr\Desktop".

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue Jun 01, 2010 8:38 pm

Hello.

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 02, 2010 2:54 am

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-01 19:54:02
Windows 5.1.2600 Service Pack 3
Running: 6zmh8sji.exe; Driver: C:\DOCUME~1\Jarr\LOCALS~1\Temp\afdoapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB74FE6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB74FE574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB74FEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB74FE14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB74FE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB74FE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB74FE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB74FE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB74FE72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB74FE8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49D4 4 Bytes JMP D747B74F
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4CAC 4 Bytes CALL A4660400
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77FA760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[560] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0198000A
.text C:\WINDOWS\system32\svchost.exe[1356] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00ED000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0139000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0138000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat B2701D20
Device \FileSystem\Fastfat \Fat B26FE7B4

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x46 0x20 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x46 0x20 0xAF ...

---- EOF - GMER 1.0.15 ----

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Wed Jun 02, 2010 8:06 pm

Hello.

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\driver\mohfilt.sys
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 02, 2010 10:24 pm

Filename: mohfilt.sys
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Thu 3 Jun 2010 00:23:14 (CET) Permalink

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Thu Jun 03, 2010 9:47 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Thu Jun 03, 2010 11:01 pm

ComboFix 10-06-03.01 - Jarr 06/03/2010 15:40:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1051 [GMT -7:00]
Running from: c:\restore\Jarr\Desktop\Combo-Fix.exe
Command switches used :: c:\restore\Jarr\Desktop\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-02 22:41 . 2010-06-02 22:41 -------- d-----w- c:\program files\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:40 -------- d-----w- c:\documents and settings\Jarr\Application Data\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:41 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-06-02 03:17 . 2010-06-02 03:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-01 00:55 . 2010-06-01 00:55 -------- dc----w- C:\Jarr
2010-06-01 00:52 . 2010-06-01 00:52 52432 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-05-31 19:00 . 2010-05-31 20:00 -------- dc----w- C:\Combo-Fix
2010-05-29 23:59 . 2010-05-29 23:59 388096 ----a-r- c:\documents and settings\Jarr\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-29 23:59 . 2010-05-29 23:59 -------- d-----w- c:\program files\TrendMicro
2010-05-29 23:56 . 2010-05-29 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-26 01:12 . 2010-05-26 01:12 -------- d-----w- c:\program files\ESET
2010-05-26 01:02 . 2010-05-26 01:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-26 01:02 . 2010-05-29 22:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 01:01 . 2010-05-26 22:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 01:00 . 2010-05-26 01:00 503808 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcp71.dll
2010-05-26 01:00 . 2010-05-26 01:00 499712 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\jmc.dll
2010-05-26 01:00 . 2010-05-26 01:00 348160 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcr71.dll
2010-05-26 01:00 . 2010-05-26 01:00 61440 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-sse.dll
2010-05-26 01:00 . 2010-05-26 01:00 12800 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-d3d.dll
2010-05-26 01:00 . 2010-05-26 01:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 01:00 . 2010-05-26 00:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 01:52 . 2010-05-25 01:52 -------- dc----w- C:\_OTL
2010-05-23 17:23 . 2010-05-23 17:23 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-23 16:29 . 2010-05-26 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:51 . 2010-05-22 21:51 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-22 21:32 . 2010-05-22 21:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-05-22 02:35 . 2010-05-22 02:35 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-22 02:34 . 2010-05-22 02:34 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 22:21 . 2009-02-14 03:03 -------- d-----w- c:\documents and settings\Jarr\Application Data\Azureus
2010-06-02 22:41 . 2009-08-31 22:35 -------- d-----w- c:\program files\iTunes
2010-06-02 22:39 . 2009-02-14 03:03 -------- d-----w- c:\program files\Vuze
2010-06-02 22:26 . 2009-01-06 10:31 -------- d-----w- c:\program files\Alwil Software
2010-06-01 03:33 . 2009-06-01 07:07 -------- d-----w- c:\documents and settings\Jarr\Application Data\Vso
2010-05-26 01:04 . 2007-11-24 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-25 23:56 . 2005-09-28 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-25 23:56 . 2005-09-28 16:32 -------- d-----w- c:\program files\Java
2010-05-23 17:43 . 2009-01-08 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-23 17:24 . 2009-01-10 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 02:32 . 2010-03-31 10:17 660712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-06 20:59 . 2009-01-06 10:31 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-01-06 10:31 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-01-06 10:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-01-06 10:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-01-06 10:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-01-06 10:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-01-06 10:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-01-06 10:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-01-06 10:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-01 00:55 . 2008-06-08 06:51 -------- d-----w- c:\documents and settings\Jarr\Application Data\Yahoo!
2010-05-01 00:55 . 2008-06-07 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-01 00:54 . 2005-09-28 16:38 -------- d-----w- c:\program files\CyberLink
2010-05-01 00:49 . 2008-06-12 03:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:48 . 2008-06-12 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-01 00:46 . 2008-06-07 16:50 -------- d-----w- c:\program files\Yahoo!
2010-04-29 22:39 . 2009-01-10 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-01-10 03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 18:00 . 2009-04-23 22:48 4141117 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-17 18:00 . 2010-04-17 18:00 7282688 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-16 10:07 . 2008-06-12 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 00:38 . 2010-04-14 00:38 249856 ------w- c:\windows\Setup1.exe
2010-04-14 00:38 . 2010-04-14 00:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-11 04:16 . 2010-04-11 04:16 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-11 04:16 . 2010-04-11 04:16 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-11 04:16 . 2010-04-11 04:16 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-11 04:16 . 2010-04-11 04:16 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-11 04:16 . 2010-04-11 04:16 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Common Files\Real
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Real
2010-04-11 04:16 . 2010-04-11 04:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 03:53 . 2009-02-24 20:24 10686001 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\azump\mplayer.exe
2010-04-04 08:58 . 2007-10-30 01:32 70392 ----a-w- c:\documents and settings\Jarr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 14:23 . 2010-04-02 14:23 20846064 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-02 14:23 . 2010-04-02 14:23 8405312 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-02 14:23 . 2010-04-02 14:23 149000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-02 14:23 . 2010-04-02 14:22 10309448 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-02 14:22 . 2010-04-02 14:22 79368 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-02 14:22 . 2010-04-02 14:22 64000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-02 14:22 . 2010-04-02 14:22 52288 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 50688 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 49152 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-02 14:22 . 2010-04-02 14:22 118784 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-02 06:22 . 2010-04-02 06:22 439816 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\setup.exe
2010-03-25 23:27 . 2010-03-25 23:27 152576 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 23:27 . 2010-03-25 23:27 79488 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-02-17 05:33 . 2008-02-17 05:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Jarr\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-27 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUklkJY]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2009 3:31 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 3:31 AM 19024]
S0 gugre;gugre;c:\windows\system32\drivers\oauhjfq.sys --> c:\windows\system32\drivers\oauhjfq.sys [?]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [5/31/2010 5:52 PM 52432]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 8:12 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
BHO-{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
SafeBoot-klmd23.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-03 15:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x899E0D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-03 15:55:43
ComboFix-quarantined-files.txt 2010-06-03 22:55
ComboFix2.txt 2010-05-31 20:00

Pre-Run: 3,095,965,696 bytes free
Post-Run: 3,142,852,608 bytes free

- - End Of File - - 36D2741D2232B19F52BC4F682B678D18

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Fri Jun 04, 2010 9:20 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Registry::
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUklkJY]

    Driver::
    gugre

    Rootkit::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Sun Jun 06, 2010 6:11 am

ComboFix 10-06-05.01 - Jarr 06/05/2010 22:17:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1154 [GMT -7:00]
Running from: c:\restore\Jarr\Desktop\Combo-Fix.exe
Command switches used :: c:\restore\Jarr\Desktop\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gugre


((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-02 22:41 . 2010-06-02 22:41 -------- d-----w- c:\program files\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:40 -------- d-----w- c:\documents and settings\Jarr\Application Data\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:41 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-06-02 03:17 . 2010-06-02 03:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-01 00:55 . 2010-06-01 00:55 -------- dc----w- C:\Jarr
2010-06-01 00:52 . 2010-06-01 00:52 52432 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-05-31 19:00 . 2010-05-31 20:00 -------- dc----w- C:\Combo-Fix
2010-05-29 23:59 . 2010-05-29 23:59 -------- d-----w- c:\program files\TrendMicro
2010-05-29 23:56 . 2010-05-29 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-26 01:12 . 2010-05-26 01:12 -------- d-----w- c:\program files\ESET
2010-05-26 01:02 . 2010-05-26 01:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-26 01:02 . 2010-05-29 22:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-26 01:01 . 2010-05-26 22:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 01:00 . 2010-05-26 01:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 01:00 . 2010-05-26 00:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 01:52 . 2010-05-25 01:52 -------- dc----w- C:\_OTL
2010-05-23 17:23 . 2010-05-23 17:23 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-23 16:29 . 2010-05-26 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:51 . 2010-05-22 21:51 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-22 21:32 . 2010-05-22 21:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-05-22 02:35 . 2010-05-22 02:35 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-22 02:34 . 2010-05-22 02:34 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 04:24 . 2009-06-01 07:07 -------- d-----w- c:\documents and settings\Jarr\Application Data\Vso
2010-06-03 22:21 . 2009-02-14 03:03 -------- d-----w- c:\documents and settings\Jarr\Application Data\Azureus
2010-06-02 22:41 . 2009-08-31 22:35 -------- d-----w- c:\program files\iTunes
2010-06-02 22:39 . 2009-02-14 03:03 -------- d-----w- c:\program files\Vuze
2010-06-02 22:26 . 2009-01-06 10:31 -------- d-----w- c:\program files\Alwil Software
2010-05-29 23:59 . 2010-05-29 23:59 388096 ----a-r- c:\documents and settings\Jarr\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-26 01:04 . 2007-11-24 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 01:02 . 2010-05-26 01:02 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 01:00 . 2010-05-26 01:00 503808 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcp71.dll
2010-05-26 01:00 . 2010-05-26 01:00 499712 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\jmc.dll
2010-05-26 01:00 . 2010-05-26 01:00 348160 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcr71.dll
2010-05-26 01:00 . 2010-05-26 01:00 61440 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-sse.dll
2010-05-26 01:00 . 2010-05-26 01:00 12800 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-d3d.dll
2010-05-25 23:56 . 2005-09-28 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-25 23:56 . 2005-09-28 16:32 -------- d-----w- c:\program files\Java
2010-05-23 17:43 . 2009-01-08 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-23 17:24 . 2009-01-10 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 02:32 . 2010-03-31 10:17 660712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-06 20:59 . 2009-01-06 10:31 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-01-06 10:31 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-01-06 10:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-01-06 10:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-01-06 10:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-01-06 10:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-01-06 10:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-01-06 10:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-01-06 10:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-01 00:55 . 2008-06-08 06:51 -------- d-----w- c:\documents and settings\Jarr\Application Data\Yahoo!
2010-05-01 00:55 . 2008-06-07 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-01 00:54 . 2005-09-28 16:38 -------- d-----w- c:\program files\CyberLink
2010-05-01 00:49 . 2008-06-12 03:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:48 . 2008-06-12 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-01 00:46 . 2008-06-07 16:50 -------- d-----w- c:\program files\Yahoo!
2010-04-29 22:39 . 2009-01-10 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-01-10 03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 18:00 . 2009-04-23 22:48 4141117 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-17 18:00 . 2010-04-17 18:00 7282688 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-16 10:07 . 2008-06-12 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 00:38 . 2010-04-14 00:38 249856 ------w- c:\windows\Setup1.exe
2010-04-14 00:38 . 2010-04-14 00:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-11 04:16 . 2010-04-11 04:16 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-11 04:16 . 2010-04-11 04:16 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-11 04:16 . 2010-04-11 04:16 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-11 04:16 . 2010-04-11 04:16 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-11 04:16 . 2010-04-11 04:16 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Common Files\Real
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Real
2010-04-11 04:16 . 2010-04-11 04:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 03:53 . 2009-02-24 20:24 10686001 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\azump\mplayer.exe
2010-04-04 08:58 . 2007-10-30 01:32 70392 ----a-w- c:\documents and settings\Jarr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 14:23 . 2010-04-02 14:23 20846064 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-02 14:23 . 2010-04-02 14:23 8405312 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-02 14:23 . 2010-04-02 14:23 149000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-02 14:23 . 2010-04-02 14:22 10309448 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-02 14:22 . 2010-04-02 14:22 79368 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-02 14:22 . 2010-04-02 14:22 64000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-02 14:22 . 2010-04-02 14:22 52288 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 50688 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 49152 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-02 14:22 . 2010-04-02 14:22 118784 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-02 06:22 . 2010-04-02 06:22 439816 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\setup.exe
2010-03-25 23:27 . 2010-03-25 23:27 152576 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 23:27 . 2010-03-25 23:27 79488 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-02-17 05:33 . 2008-02-17 05:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Jarr\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-27 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUklkJY]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmd23.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2009 3:31 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 3:31 AM 19024]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [5/31/2010 5:52 PM 52432]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 8:12 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
BHO-{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-05 22:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89CFED01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-05 22:41:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 05:41
ComboFix2.txt 2010-06-03 22:55
ComboFix3.txt 2010-05-31 20:00

Pre-Run: 5,322,747,904 bytes free
Post-Run: 5,310,410,752 bytes free

- - End Of File - - 26EE843E38EC7F8E710B6E16C05C8B58

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Sun Jun 06, 2010 11:56 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue Jun 08, 2010 1:49 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/7/2010 6:26:00 PM
mbam-log-2010-06-07 (18-26-00).txt

Scan type: Quick scan
Objects scanned: 147228
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue Jun 08, 2010 5:02 pm

Hello.
We need to run TDSSKiller.

See this post for instructions:
[You must be registered and logged in to see this link.]

When it comes to running the Run command, try this.

"c:restoreJarrDesktopTDSSKiller.exe" -l C:TDSSKiller.txt -v


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue Jun 08, 2010 10:26 pm

I did as you said...but when I went to "Run", copy and pasted the address provided...it says "Windows cannot find c:restoreJarrDesktopTDSSKiller.exe. Make sure you typed the name correct, and then try again. To search for a file, click the Start button, and then click Search."

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue Jun 08, 2010 10:53 pm

Grrrr. Forumotion bug causing an error in my scripting.

Nevermind doing the script bit for now, just double click TDSSKiller and run it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 09, 2010 4:30 am

20:34:05:695 2712 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
20:34:05:695 2712 ================================================================================
20:34:05:695 2712 SystemInfo:

20:34:05:695 2712 OS Version: 5.1.2600 ServicePack: 3.0
20:34:05:695 2712 Product type: Workstation
20:34:05:695 2712 ComputerName: DFR1NK81
20:34:05:695 2712 UserName: Jarr
20:34:05:695 2712 Windows directory: C:WINDOWS
20:34:05:695 2712 Processor architecture: Intel x86
20:34:05:695 2712 Number of processors: 2
20:34:05:695 2712 Page size: 0x1000
20:34:05:695 2712 Boot type: Normal boot
20:34:05:695 2712 ================================================================================
20:34:06:226 2712 Initialize success
20:34:06:226 2712
20:34:06:226 2712 Scanning Services ...
20:34:07:054 2712 Raw services enum returned 385 services
20:34:07:070 2712
20:34:07:070 2712 Scanning Drivers ...
20:34:08:883 2712 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:WINDOWSsystem32driversAavmker4.sys
20:34:08:961 2712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:WINDOWSsystem32DRIVERSABP480N5.SYS
20:34:09:054 2712 ACPI (8fd99680a539792a30e97944fdaecf17) C:WINDOWSsystem32DRIVERSACPI.sys
20:34:09:117 2712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys
20:34:09:179 2712 adpu160m (9a11864873da202c996558b2106b0bbc) C:WINDOWSsystem32DRIVERSadpu160m.sys
20:34:09:242 2712 aec (8bed39e3c35d6a489438b8141717a557) C:WINDOWSsystem32driversaec.sys
20:34:09:414 2712 AFD (7e775010ef291da96ad17ca4b17137d7) C:WINDOWSSystem32driversafd.sys
20:34:09:539 2712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:WINDOWSsystem32DRIVERSagp440.sys
20:34:09:633 2712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:WINDOWSsystem32DRIVERSagpCPQ.sys
20:34:09:695 2712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:WINDOWSsystem32DRIVERSaha154x.sys
20:34:09:758 2712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:WINDOWSsystem32DRIVERSaic78u2.sys
20:34:09:820 2712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:WINDOWSsystem32DRIVERSaic78xx.sys
20:34:09:914 2712 AliIde (1140ab9938809700b46bb88e46d72a96) C:WINDOWSsystem32DRIVERSaliide.sys
20:34:10:008 2712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:WINDOWSsystem32DRIVERSalim1541.sys
20:34:10:179 2712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:WINDOWSsystem32DRIVERSamdagp.sys
20:34:10:273 2712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:WINDOWSsystem32DRIVERSamsint.sys
20:34:10:351 2712 asc (62d318e9a0c8fc9b780008e724283707) C:WINDOWSsystem32DRIVERSasc.sys
20:34:10:461 2712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:WINDOWSsystem32DRIVERSasc3350p.sys
20:34:10:523 2712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:WINDOWSsystem32DRIVERSasc3550.sys
20:34:10:617 2712 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:WINDOWSsystem32driversaswFsBlk.sys
20:34:10:695 2712 aswMon2 (81432b1a4b31036c822eb967decf613c) C:WINDOWSsystem32driversaswMon2.sys
20:34:10:914 2712 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:WINDOWSsystem32driversaswRdr.sys
20:34:11:476 2712 aswSP (d78b644816db540e103d0b0766fd9967) C:WINDOWSsystem32driversaswSP.sys
20:34:11:851 2712 aswTdi (606d731008d98b6ef946730c597c1642) C:WINDOWSsystem32driversaswTdi.sys
20:34:12:039 2712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:WINDOWSsystem32DRIVERSasyncmac.sys
20:34:12:195 2712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:WINDOWSsystem32DRIVERSatapi.sys
20:34:12:461 2712 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:WINDOWSsystem32DRIVERSati2mtag.sys
20:34:12:789 2712 Atmarpc (9916c1225104ba14794209cfa8012159) C:WINDOWSsystem32DRIVERSatmarpc.sys
20:34:12:929 2712 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys
20:34:12:961 2712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys
20:34:13:023 2712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32DRIVERScbidf2k.sys
20:34:13:070 2712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys
20:34:13:117 2712 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:WINDOWSsystem32DRIVERSCCDECODE.sys
20:34:13:211 2712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:WINDOWSsystem32DRIVERScd20xrnt.sys
20:34:13:273 2712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys
20:34:13:429 2712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:WINDOWSsystem32driversCdfs.sys
20:34:13:554 2712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:WINDOWSsystem32DRIVERScdrom.sys
20:34:13:789 2712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:WINDOWSsystem32DRIVERScmdide.sys
20:34:13:961 2712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:WINDOWSsystem32DRIVERScpqarray.sys
20:34:14:070 2712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:WINDOWSsystem32DRIVERSdac2w2k.sys
20:34:14:164 2712 dac960nt (683789caa3864eb46125ae86ff677d34) C:WINDOWSsystem32DRIVERSdac960nt.sys
20:34:14:304 2712 Disk (044452051f3e02e7963599fc8f4f3e25) C:WINDOWSsystem32DRIVERSdisk.sys
20:34:14:586 2712 dmboot (d992fe1274bde0f84ad826acae022a41) C:WINDOWSsystem32driversdmboot.sys
20:34:14:883 2712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:WINDOWSsystem32driversdmio.sys
20:34:15:133 2712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys
20:34:15:195 2712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:WINDOWSsystem32driversDMusic.sys
20:34:15:273 2712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:WINDOWSsystem32DRIVERSdpti2o.sys
20:34:15:320 2712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:WINDOWSsystem32driversdrmkaud.sys
20:34:15:398 2712 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:WINDOWSsystem32driversdrvmcdb.sys
20:34:15:492 2712 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:WINDOWSsystem32driversdrvnddm.sys
20:34:15:648 2712 DSproct (413f2d5f9d802688242c23b38f767ecb) C:Program FilesDellSupportGTActiontriggersDSproct.sys
20:34:15:789 2712 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:WINDOWSsystem32DRIVERSdsunidrv.sys
20:34:15:976 2712 E100B (95974e66d3de4951d29e28e8bc0b644c) C:WINDOWSsystem32DRIVERSe100b325.sys
20:34:16:086 2712 Fastfat (38d332a6d56af32635675f132548343e) C:WINDOWSsystem32driversFastfat.sys
20:34:16:273 2712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:WINDOWSsystem32DRIVERSfdc.sys
20:34:16:461 2712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:WINDOWSsystem32driversFips.sys
20:34:16:570 2712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:WINDOWSsystem32DRIVERSflpydisk.sys
20:34:16:773 2712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:WINDOWSsystem32driversfltmgr.sys
20:34:17:117 2712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys
20:34:17:523 2712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys
20:34:17:664 2712 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys
20:34:17:961 2712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:WINDOWSsystem32DRIVERSmsgpc.sys
20:34:18:304 2712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:WINDOWSsystem32DRIVERSHDAudBus.sys
20:34:18:664 2712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:WINDOWSsystem32DRIVERShidusb.sys
20:34:19:008 2712 hpn (b028377dea0546a5fcfba928a8aefae0) C:WINDOWSsystem32DRIVERShpn.sys
20:34:19:289 2712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:WINDOWSsystem32DriversHTTP.sys
20:34:19:523 2712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:WINDOWSsystem32driversi2omgmt.sys
20:34:19:773 2712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:WINDOWSsystem32DRIVERSi2omp.sys
20:34:20:101 2712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:WINDOWSsystem32DRIVERSi8042prt.sys
20:34:20:258 2712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:WINDOWSsystem32DRIVERSimapi.sys
20:34:20:351 2712 ini910u (4a40e045faee58631fd8d91afc620719) C:WINDOWSsystem32DRIVERSini910u.sys
20:34:20:570 2712 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:WINDOWSsystem32DRIVERSIntelC51.sys
20:34:20:789 2712 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:WINDOWSsystem32DRIVERSIntelC52.sys
20:34:20:976 2712 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:WINDOWSsystem32DRIVERSIntelC53.sys
20:34:21:164 2712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:WINDOWSsystem32DRIVERSintelide.sys
20:34:21:273 2712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:WINDOWSsystem32DRIVERSintelppm.sys
20:34:21:351 2712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:WINDOWSsystem32driversip6fw.sys
20:34:21:476 2712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys
20:34:21:586 2712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:WINDOWSsystem32DRIVERSipinip.sys
20:34:21:633 2712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:WINDOWSsystem32DRIVERSipnat.sys
20:34:21:726 2712 IPSec (23c74d75e36e7158768dd63d92789a91) C:WINDOWSsystem32DRIVERSipsec.sys
20:34:21:789 2712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:WINDOWSsystem32DRIVERSirenum.sys
20:34:21:914 2712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:WINDOWSsystem32DRIVERSisapnp.sys
20:34:22:008 2712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:WINDOWSsystem32DRIVERSkbdclass.sys
20:34:22:164 2712 kbdhid (24f674c7b3bc36c0b36d60957559554a) C:WINDOWSsystem32DRIVERSkbdhid.sys
20:34:22:164 2712 Suspicious file (Forged): C:WINDOWSsystem32DRIVERSkbdhid.sys. Real md5: 24f674c7b3bc36c0b36d60957559554a, Fake md5: 9ef487a186dea361aa06913a75b3fa99
20:34:22:164 2712 File "C:WINDOWSsystem32DRIVERSkbdhid.sys" infected by TDSS rootkit ... 20:34:23:711 2712 Backup copy found, using it..
20:34:23:836 2712 will be cured on next reboot
20:34:24:008 2712 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:WINDOWSsystem32driversklmd.sys
20:34:24:086 2712 kmixer (692bcf44383d056aed41b045a323d378) C:WINDOWSsystem32driverskmixer.sys
20:34:24:195 2712 KSecDD (b467646c54cc746128904e1654c750c1) C:WINDOWSsystem32driversKSecDD.sys
20:34:24:601 2712 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:WINDOWSsystem32DRIVERSmhndrv.sys
20:34:24:648 2712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys
20:34:24:711 2712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:WINDOWSsystem32driversModem.sys
20:34:24:758 2712 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:WINDOWSsystem32driversMODEMCSA.sys
20:34:24:789 2712 mohfilt (59b8b11ff70728eec60e72131c58b716) C:WINDOWSsystem32DRIVERSmohfilt.sys
20:34:24:820 2712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:WINDOWSsystem32DRIVERSmouclass.sys
20:34:24:867 2712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:WINDOWSsystem32DRIVERSmouhid.sys
20:34:24:898 2712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:WINDOWSsystem32driversMountMgr.sys
20:34:24:945 2712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:WINDOWSsystem32DRIVERSmraid35x.sys
20:34:24:992 2712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:WINDOWSsystem32DRIVERSmrxdav.sys
20:34:25:070 2712 MRxSmb (f3aefb11abc521122b67095044169e98) C:WINDOWSsystem32DRIVERSmrxsmb.sys
20:34:25:117 2712 Msfs (c941ea2454ba8350021d774daf0f1027) C:WINDOWSsystem32driversMsfs.sys
20:34:25:148 2712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:WINDOWSsystem32driversMSKSSRV.sys
20:34:25:164 2712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:WINDOWSsystem32driversMSPCLOCK.sys
20:34:25:242 2712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:WINDOWSsystem32driversMSPQM.sys
20:34:25:304 2712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:WINDOWSsystem32DRIVERSmssmbios.sys
20:34:25:367 2712 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:WINDOWSsystem32driversMSTEE.sys
20:34:25:429 2712 Mup (2f625d11385b1a94360bfc70aaefdee1) C:WINDOWSsystem32driversMup.sys
20:34:25:461 2712 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:WINDOWSsystem32DRIVERSNABTSFEC.sys
20:34:25:492 2712 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:WINDOWSsystem32Driversiqvw32.sys
20:34:25:554 2712 NDIS (1df7f42665c94b825322fae71721130d) C:WINDOWSsystem32driversNDIS.sys
20:34:25:601 2712 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:WINDOWSsystem32DRIVERSNdisIP.sys
20:34:25:633 2712 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:WINDOWSsystem32DRIVERSndistapi.sys
20:34:25:648 2712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:WINDOWSsystem32DRIVERSndisuio.sys
20:34:25:711 2712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:WINDOWSsystem32DRIVERSndiswan.sys
20:34:25:773 2712 NDProxy (6215023940cfd3702b46abc304e1d45a) C:WINDOWSsystem32driversNDProxy.sys
20:34:25:914 2712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:WINDOWSsystem32DRIVERSnetbios.sys
20:34:25:992 2712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:WINDOWSsystem32DRIVERSnetbt.sys
20:34:26:086 2712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:WINDOWSsystem32driversNpfs.sys
20:34:26:148 2712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:WINDOWSsystem32driversNtfs.sys
20:34:26:242 2712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys
20:34:26:336 2712 nv (2b298519edbfcf451d43e0f1e8f1006d) C:WINDOWSsystem32DRIVERSnv4_mini.sys
20:34:26:523 2712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys
20:34:26:648 2712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys
20:34:26:726 2712 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:WINDOWSsystem32DRIVERSnwlnkipx.sys
20:34:26:804 2712 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:WINDOWSsystem32DRIVERSnwlnknb.sys
20:34:26:867 2712 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:WINDOWSsystem32DRIVERSnwlnkspx.sys
20:34:26:914 2712 omci (53d5f1278d9edb21689bbbcecc09108d) C:WINDOWSsystem32DRIVERSomci.sys
20:34:27:039 2712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:WINDOWSsystem32DRIVERSparport.sys
20:34:27:101 2712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:WINDOWSsystem32driversPartMgr.sys
20:34:27:148 2712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys
20:34:27:289 2712 PCI (a219903ccf74233761d92bef471a07b1) C:WINDOWSsystem32DRIVERSpci.sys
20:34:27:351 2712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys
20:34:27:476 2712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:WINDOWSsystem32driversPcmcia.sys
20:34:27:554 2712 pcouffin (5b6c11de7e839c05248ced8825470fef) C:WINDOWSsystem32Driverspcouffin.sys
20:34:27:711 2712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:WINDOWSsystem32DRIVERSperc2.sys
20:34:27:773 2712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:WINDOWSsystem32DRIVERSperc2hib.sys
20:34:27:836 2712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:WINDOWSsystem32DRIVERSraspptp.sys
20:34:27:883 2712 PSched (09298ec810b07e5d582cb3a3f9255424) C:WINDOWSsystem32DRIVERSpsched.sys
20:34:27:945 2712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys
20:34:28:008 2712 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:WINDOWSsystem32DriversPxHelp20.sys
20:34:28:054 2712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:WINDOWSsystem32DRIVERSql1080.sys
20:34:28:133 2712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:WINDOWSsystem32DRIVERSql10wnt.sys
20:34:28:211 2712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:WINDOWSsystem32DRIVERSql12160.sys
20:34:28:336 2712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:WINDOWSsystem32DRIVERSql1240.sys
20:34:28:461 2712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:WINDOWSsystem32DRIVERSql1280.sys
20:34:28:539 2712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys
20:34:28:601 2712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:WINDOWSsystem32DRIVERSrasl2tp.sys
20:34:28:664 2712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:WINDOWSsystem32DRIVERSraspppoe.sys
20:34:28:726 2712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys
20:34:28:804 2712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:WINDOWSsystem32DRIVERSrdbss.sys
20:34:28:836 2712 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys
20:34:29:070 2712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:WINDOWSsystem32DRIVERSrdpdr.sys
20:34:29:914 2712 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:WINDOWSsystem32driversRDPWD.sys
20:34:30:101 2712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:WINDOWSsystem32DRIVERSredbook.sys
20:34:30:195 2712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:WINDOWSsystem32DRIVERSsecdrv.sys
20:34:30:367 2712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:WINDOWSsystem32DRIVERSserenum.sys
20:34:30:445 2712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:WINDOWSsystem32DRIVERSserial.sys
20:34:30:508 2712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:WINDOWSsystem32driversSfloppy.sys
20:34:30:601 2712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:WINDOWSsystem32DRIVERSsisagp.sys
20:34:30:664 2712 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:WINDOWSsystem32DRIVERSSLIP.sys
20:34:30:742 2712 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:WINDOWSsystem32DRIVERSSONYPVU1.SYS
20:34:30:820 2712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:WINDOWSsystem32DRIVERSsparrow.sys
20:34:30:898 2712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:WINDOWSsystem32driverssplitter.sys
20:34:30:961 2712 sptd (71e276f6d189413266ea22171806597b) C:WINDOWSsystem32Driverssptd.sys
20:34:31:117 2712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:WINDOWSsystem32DRIVERSsr.sys
20:34:31:164 2712 Srv (89220b427890aa1dffd1a02648ae51c3) C:WINDOWSsystem32DRIVERSsrv.sys
20:34:31:336 2712 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:WINDOWSsystem32driverssscdbhk5.sys
20:34:31:461 2712 ssrtln (d79412e3942c8a257253487536d5a994) C:WINDOWSsystem32driversssrtln.sys
20:34:31:570 2712 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:WINDOWSsystem32driverssthda.sys
20:34:31:679 2712 streamip (77813007ba6265c4b6098187e6ed79d2) C:WINDOWSsystem32DRIVERSStreamIP.sys
20:34:31:742 2712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:WINDOWSsystem32DRIVERSswenum.sys
20:34:31:758 2712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:WINDOWSsystem32driversswmidi.sys
20:34:31:804 2712 symc810 (1ff3217614018630d0a6758630fc698c) C:WINDOWSsystem32DRIVERSsymc810.sys
20:34:31:883 2712 symc8xx (070e001d95cf725186ef8b20335f933c) C:WINDOWSsystem32DRIVERSsymc8xx.sys
20:34:31:961 2712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:WINDOWSsystem32DRIVERSsym_hi.sys
20:34:32:054 2712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:WINDOWSsystem32DRIVERSsym_u3.sys
20:34:32:117 2712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:WINDOWSsystem32driverssysaudio.sys
20:34:32:211 2712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:WINDOWSsystem32DRIVERStcpip.sys
20:34:32:398 2712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:WINDOWSsystem32driversTDPIPE.sys
20:34:32:492 2712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:WINDOWSsystem32driversTDTCP.sys
20:34:32:570 2712 TermDD (88155247177638048422893737429d9e) C:WINDOWSsystem32DRIVERStermdd.sys
20:34:32:679 2712 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:WINDOWSsystem32dlatfsnboio.sys
20:34:32:711 2712 tfsncofs (599804bc938b8305a5422319774da871) C:WINDOWSsystem32dlatfsncofs.sys
20:34:32:742 2712 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:WINDOWSsystem32dlatfsndrct.sys
20:34:32:758 2712 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:WINDOWSsystem32dlatfsndres.sys
20:34:32:789 2712 tfsnifs (c4f2dea75300971cdaee311007de138d) C:WINDOWSsystem32dlatfsnifs.sys
20:34:32:867 2712 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:WINDOWSsystem32dlatfsnopio.sys
20:34:32:961 2712 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:WINDOWSsystem32dlatfsnpool.sys
20:34:33:008 2712 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:WINDOWSsystem32dlatfsnudf.sys
20:34:33:070 2712 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:WINDOWSsystem32dlatfsnudfa.sys
20:34:33:133 2712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:WINDOWSsystem32DRIVERStoside.sys
20:34:33:226 2712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:WINDOWSsystem32driversUdfs.sys
20:34:33:336 2712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:WINDOWSsystem32DRIVERSultra.sys
20:34:33:476 2712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:WINDOWSsystem32DRIVERSupdate.sys
20:34:33:554 2712 usbaudio (e919708db44ed8543a7c017953148330) C:WINDOWSsystem32driversusbaudio.sys
20:34:33:586 2712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:WINDOWSsystem32DRIVERSusbccgp.sys
20:34:33:601 2712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:WINDOWSsystem32DRIVERSusbehci.sys
20:34:33:648 2712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:WINDOWSsystem32DRIVERSusbhub.sys
20:34:33:679 2712 usbprint (a717c8721046828520c9edf31288fc00) C:WINDOWSsystem32DRIVERSusbprint.sys
20:34:33:726 2712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:WINDOWSsystem32DRIVERSusbscan.sys
20:34:33:773 2712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS
20:34:33:804 2712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:WINDOWSsystem32DRIVERSusbuhci.sys
20:34:33:851 2712 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:WINDOWSsystem32Driversusbvideo.sys
20:34:33:898 2712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:WINDOWSSystem32driversvga.sys
20:34:33:961 2712 viaagp (754292ce5848b3738281b4f3607eaef4) C:WINDOWSsystem32DRIVERSviaagp.sys
20:34:34:086 2712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:WINDOWSsystem32DRIVERSviaide.sys
20:34:34:164 2712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:WINDOWSsystem32driversVolSnap.sys
20:34:34:195 2712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:WINDOWSsystem32DRIVERSwanarp.sys
20:34:34:336 2712 wdmaud (6768acf64b18196494413695f0c3a00f) C:WINDOWSsystem32driverswdmaud.sys
20:34:34:476 2712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:WINDOWSSystem32driversws2ifsl.sys
20:34:34:570 2712 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:WINDOWSsystem32DRIVERSWSTCODEC.SYS
20:34:34:570 2712 Reboot required for cure complete..
20:34:35:133 2712 Cure on reboot scheduled successfully
20:34:35:133 2712
20:34:35:133 2712 Completed
20:34:35:133 2712
20:34:35:133 2712 Results:
20:34:35:133 2712 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:34:35:133 2712 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:34:35:133 2712
20:34:35:133 2712 KLMD(ARK) unloaded successfully

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 09, 2010 4:31 am

Whoah.....And my keyboard is working now!! I just tried to start typing and was taken aback!

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Thu Jun 10, 2010 12:55 am

Woot.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Thu Jun 10, 2010 3:26 am

The computer seems to be running well...updated everything, ran scans to make sure nothing else was infected.

First of all, I wanted to say thank you so much for your assistance...what a relief to be able to use this computer again. I'd be happy to donate what I can when I get paid next...I really appreciate it.

Are there any precautions I should/could take to prevent something like this happening in the future? I'm current running Spybot/MBAM and Avast. Should I remove the programs you had me download to remove the infected files?

Thanks again,

-Jarrett

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Thu Jun 10, 2010 9:02 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum