Rootkit problem

January 2, 2010 at 07:50:20
Specs: Windows XP
hey guys my anti virus software keeps on popping up every 10 minutes or so with a rootkit issue linked in the file C://WINDOWS/TEMP/SWKI.TMP/SVCHOST.EXE and it says it has > Win32:Rootkit-gen [Rtk] inside it?
Everytime i click delete or move to chest it doesnt change anything, please help me out!

See More: Rootkit problem

Report •


#1
January 2, 2010 at 08:00:01
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 2, 2010 at 13:02:19
MBAM LOG
Malwarebytes' Anti-Malware 1.43
Database version: 3470
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/01/2010 16:18:29
mbam-log-2010-01-02 (16-18-29).txt

Scan type: Quick Scan
Objects scanned: 115364
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#3
January 2, 2010 at 13:03:05
RSIT.EXE

Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-01-02 16:24:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 119 GB (78%) free of 153 GB
Total RAM: 502 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:14, on 02/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\user\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13920&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar...
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 8132 bytes


Report •

Related Solutions

#4
January 2, 2010 at 13:03:49
======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-12-19 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-12-19 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-19 2043160]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-10-17 1070984]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-10-24 1217808]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]
"RIMDeviceManager"=C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2009-10-13 1590616]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-16 2002160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\user\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-19 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĀµTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ac2e24c-6d3a-11de-a743-806d6172696f}]
shell\AutoRun\command - D:\start.exe


======List of files/folders created in the last 1 months======

2010-01-02 16:24:06 ----D---- C:\rsit
2010-01-02 01:01:33 ----D---- C:\Program Files\Trend Micro
2010-01-01 20:23:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-01 20:23:00 ----D---- C:\Program Files\Alwil Software
2010-01-01 20:04:43 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2010-01-01 20:04:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-01 20:04:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-01 19:16:14 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-01 19:15:49 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-01 19:15:49 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2010-01-01 19:15:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-01 19:09:13 ----D---- C:\Program Files\CCleaner
2010-01-01 18:33:52 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-01-01 18:33:52 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-01-01 18:33:52 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-01-01 18:33:52 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2010-01-01 18:33:52 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-01-01 18:33:50 ----D---- C:\Program Files\Trojan Remover
2010-01-01 18:33:50 ----D---- C:\Documents and Settings\user\Application Data\Simply Super Software
2010-01-01 18:33:50 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-12-20 00:06:30 ----D---- C:\Program Files\VirtualDJ
2009-12-19 20:52:46 ----HD---- C:\$AVG8.VAULT$
2009-12-19 19:30:14 ----D---- C:\Documents and Settings\user\Application Data\AVGTOOLBAR
2009-12-16 16:13:10 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
2009-12-09 23:15:12 ----D---- C:\Documents and Settings\user\Application Data\DivX
2009-12-09 04:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 04:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 04:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 04:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 04:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-02 16:24:03 ----D---- C:\WINDOWS\Prefetch
2010-01-02 16:23:48 ----D---- C:\WINDOWS\Temp
2010-01-02 14:35:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-02 14:31:20 ----D---- C:\Program Files\Mozilla Firefox
2010-01-02 14:31:14 ----D---- C:\Documents and Settings\user\Application Data\LimeWire
2010-01-02 14:30:33 ----D---- C:\Program Files\Steam
2010-01-02 14:29:28 ----D---- C:\WINDOWS\system32\config
2010-01-02 02:21:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 01:58:24 ----D---- C:\Documents and Settings\user\Application Data\vlc
2010-01-02 01:38:10 ----D---- C:\WINDOWS\system32
2010-01-02 01:01:33 ----RD---- C:\Program Files
2010-01-01 20:23:33 ----D---- C:\WINDOWS\system32\drivers
2010-01-01 19:56:25 ----D---- C:\WINDOWS
2010-01-01 19:15:59 ----SHD---- C:\WINDOWS\Installer
2010-01-01 19:15:27 ----D---- C:\Program Files\Common Files
2010-01-01 19:11:15 ----D---- C:\WINDOWS\Minidump
2010-01-01 19:11:15 ----D---- C:\WINDOWS\Debug
2009-12-29 23:25:47 ----D---- C:\Program Files\WinRAR
2009-12-21 20:39:43 ----HD---- C:\WINDOWS\inf
2009-12-20 15:24:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-20 00:07:03 ----RSD---- C:\WINDOWS\Fonts
2009-12-19 23:49:32 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-12-19 19:54:12 ----D---- C:\Documents and Settings
2009-12-19 19:43:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-19 19:30:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-12-18 02:21:24 ----D---- C:\Documents and Settings\user\Application Data\uTorrent
2009-12-16 16:13:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-16 16:12:48 ----D---- C:\WINDOWS\WinSxS
2009-12-09 08:05:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 04:03:25 ----D---- C:\Program Files\Internet Explorer
2009-12-09 04:03:17 ----D---- C:\WINDOWS\ie8updates
2009-12-09 04:03:13 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-19 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-19 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-19 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 AVGIDSDriver;AVGIDSDriver; \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilter;AVGIDSFilter; \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShim;AVGIDSShim; \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CX88VID;Conexant 2388x AvStream Video Capture; C:\WINDOWS\system32\drivers\cxavsvid.sys [2007-07-17 301104]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2006-03-01 618880]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-12-19 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-19 297752]
R2 AVGIDSWatcher;AVGIDSWatcher; C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-02-26 563720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2009-02-26 5576712]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

INFO

info.txt logfile of random's system information tool 1.06 2010-01-02 16:24:20

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVG Identity Protection-->MsiExec.exe /X{7583D2F8-8E7D-40C5-9862-4D218006FB84}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{205A5182-EFC8-4C25-B61D-C164F8FF4048}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{205A5182-EFC8-4C25-B61D-C164F8FF4048}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Championship Manager 2010 (September Data Patch)-->"C:\Program Files\InstallShield Installation Information\{14592A8E-4DA6-4338-A9D5-E16449647EC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Championship Manager 2010-->"C:\Program Files\InstallShield Installation Information\{5CA7899B-FFEC-4254-A05B-448420831F37}\Setup.exe" -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaBar-->C:\Program Files\BearShareTb\uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My Drivers 3.31-->"C:\Program Files\My Drivers\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Roxio Media Manager-->MsiExec.exe /X{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AVG Anti-Virus (disabled)
AV: avast! antivirus 4.8.1368 [VPS 100102-0]

======System event log======

Computer Name: HOME-8CEA102582
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Record Number: 5001
Source Name: Service Control Manager
Time Written: 20091114125944.000000+000
Event Type: error
User:

Computer Name: HOME-8CEA102582
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 4996
Source Name: Tcpip
Time Written: 20091114124239.000000+000
Event Type: warning
User:

Computer Name: HOME-8CEA102582
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Record Number: 4978
Source Name: Service Control Manager
Time Written: 20091114122819.000000+000
Event Type: error
User:

Computer Name: HOME-8CEA102582
Event Code: 1003
Message: Error code 10000050, parameter1 e224f004, parameter2 00000001, parameter3 f804ad2e, parameter4 00000001.

Record Number: 4977
Source Name: System Error
Time Written: 20091114122805.000000+000
Event Type: error
User:

Computer Name: HOME-8CEA102582
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 4941
Source Name: Tcpip
Time Written: 20091114040926.000000+000
Event Type: warning
User:

=====Application event log=====

Computer Name: HOME-8CEA102582
Event Code: 11316
Message: Product: Roxio Media Manager -- Error 1316.A network error occurred while attempting to read from the file C:\Documents and Settings\user\Application Data\Research In Motion\BlackBerry\Updates\094A4154-9613-438a-B0EC-43A1FC4F1979\SR_MM\Roxio Media Manager.msi

Record Number: 2284
Source Name: MsiInstaller
Time Written: 20091216162219.000000+000
Event Type: error
User: HOME-8CEA102582\user

Computer Name: HOME-8CEA102582
Event Code: 1002
Message: Hanging application setup.exe, version 3.53.78.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2283
Source Name: Application Hang
Time Written: 20091216162035.000000+000
Event Type: error
User:

Computer Name: HOME-8CEA102582
Event Code: 1002
Message: Hanging application setup.exe, version 3.53.78.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2282
Source Name: Application Hang
Time Written: 20091216162034.000000+000
Event Type: error
User:

Computer Name: HOME-8CEA102582
Event Code: 1000
Message: Faulting application msnmsgr.exe, version 14.0.8089.726, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 2271
Source Name: Application Error
Time Written: 20091216125011.000000+000
Event Type: error
User:

Computer Name: HOME-8CEA102582
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 2240
Source Name: Userenv
Time Written: 20091211083613.000000+000
Event Type: warning
User: HOME-8CEA102582\user

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Report •

#5
January 2, 2010 at 13:04:19
Thats all of it mate, appreciate the help!

Report •

#6
January 2, 2010 at 14:13:21
You have two antivirus programs running (AVG and Avast) and they will conflict. You need to decide which one you want to keep and uninstall the other.

You need to uninstall the programs at least until we get you clean as they can reinfect the computer:


Ask Toolbar
LimeWire 5.3.6
MediaBar

Please download Combofix with internet explorer instead of FireFox.

Remember..your AVG/Avast antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
January 3, 2010 at 08:25:18
ComboFix 10-01-02.05 - user 03/01/2010 16:10:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.178 [GMT 0:00]
Running from: c:\documents and settings\user\My Documents\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Temp\4753122154.dll

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 15:48 . 2010-01-03 15:48 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2010-01-02 16:24 . 2010-01-02 16:24 -------- d-----w- C:\rsit
2010-01-02 01:01 . 2010-01-02 01:01 -------- d-----w- c:\program files\Trend Micro
2010-01-01 20:23 . 2010-01-01 20:23 -------- d-----w- c:\program files\Alwil Software
2010-01-01 20:04 . 2010-01-01 20:04 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-01-01 20:04 . 2010-01-01 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 19:17 . 2010-01-01 19:17 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-01 19:17 . 2010-01-01 19:17 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-01 19:16 . 2010-01-01 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-01 19:15 . 2010-01-03 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-01 19:15 . 2010-01-01 19:15 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-01-01 19:09 . 2010-01-01 19:09 -------- d-----w- c:\program files\CCleaner
2010-01-01 18:33 . 2010-01-03 15:58 -------- d-----w- c:\program files\Trojan Remover
2009-12-20 00:06 . 2009-12-20 00:07 -------- d-----w- c:\program files\VirtualDJ
2009-12-19 20:52 . 2009-12-28 18:30 -------- d-----w- C:\$AVG8.VAULT$
2009-12-19 19:54 . 2009-12-19 19:54 -------- d-----w- c:\documents and settings\log
2009-12-19 19:30 . 2010-01-03 15:57 -------- d-----w- c:\documents and settings\user\Application Data\AVGTOOLBAR
2009-12-17 14:01 . 2009-12-17 14:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-17 05:55 . 2009-12-17 05:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-16 16:13 . 2009-12-16 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-12-12 01:20 . 2010-01-03 15:42 256 ----a-w- c:\documents and settings\user\pool.bin
2009-12-09 23:15 . 2009-12-09 23:15 -------- d-----w- c:\documents and settings\user\Application Data\DivX
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:\documents and settings\lorraine\Application Data\bearsharetb
2009-12-06 11:31 . 2009-12-06 11:31 -------- d-----w- c:\documents and settings\lorraine\Application Data\Research In Motion
2009-12-06 05:17 . 2009-12-06 05:17 58200 ----a-w- c:\documents and settings\lorraine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 15:42 . 2009-07-25 11:45 -------- d-----w- c:\program files\Steam
2010-01-03 15:20 . 2009-10-06 23:12 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2010-01-02 22:37 . 2009-08-06 10:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-02 01:58 . 2009-09-27 19:44 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2010-01-01 23:25 . 2009-07-12 19:26 58968 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-19 19:43 . 2009-07-11 07:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-19 19:43 . 2009-07-11 07:44 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-19 19:43 . 2009-07-11 07:44 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-19 19:43 . 2009-07-11 07:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-19 19:42 . 2009-07-11 07:44 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-19 19:30 . 2009-07-11 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-18 02:21 . 2009-07-12 23:26 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2009-12-09 02:25 . 2009-12-09 02:25 664 ----a-w- c:\documents and settings\lorraine\Local Settings\Application Data\d3d9caps.tmp
2009-11-29 18:21 . 2009-11-29 18:20 -------- d-----w- c:\program files\DivX
2009-11-29 18:20 . 2009-11-29 18:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-21 16:27 . 2009-11-20 17:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-20 17:51 . 2009-11-20 17:47 -------- d-----w- c:\program files\Microsoft
2009-11-20 17:51 . 2009-11-20 17:51 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-20 17:50 . 2009-07-12 19:32 -------- d-----w- c:\program files\Windows Live
2009-11-20 17:49 . 2009-11-20 17:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-14 04:01 . 2009-11-14 04:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-14 00:49 . 2009-11-29 18:21 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 21:49 . 2009-11-13 21:49 -------- d-----w- c:\program files\My Drivers
2009-11-13 21:44 . 2009-11-13 21:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 -------- d-----w- c:\documents and settings\user\Application Data\SystemRequirementsLab
2009-11-13 21:36 . 2009-07-25 23:30 -------- d-----w- c:\program files\Java
2009-11-13 21:36 . 2009-11-13 21:36 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-13 21:36 . 2009-11-13 21:36 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 18:45 . 2009-11-12 18:45 -------- d-----w- c:\program files\Sports Interactive
2009-11-12 16:19 . 2009-10-13 17:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-12 16:17 . 2009-11-12 16:17 -------- d-----w- c:\program files\Roxio
2009-11-12 16:17 . 2009-10-13 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-12 16:17 . 2009-11-12 16:17 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-12 16:00 . 2009-11-12 16:00 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-11-12 15:33 . 2009-11-12 15:33 -------- d-----w- c:\program files\PowerISO
2009-11-11 19:44 . 2009-11-11 19:44 -------- d-----w- c:\program files\AskSearch
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 11:02 . 2009-10-15 11:02 256 -c--a-w- c:\documents and settings\lorraine\pool.bin
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 04:17 . 2009-07-25 23:30 411368 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2008-04-14 12:00 . 7748FCC09D2680CAA8EDED907AD0F053 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-10-13 1590616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-19 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-19 19:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [26/02/2009 11:46 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/07/2009 07:44 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/07/2009 07:44 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/07/2009 07:44 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/07/2009 08:09 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/07/2009 08:09 297752]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [26/02/2009 11:46 563720]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [26/02/2009 11:46 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [26/02/2009 11:46 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [26/02/2009 11:46 27232]
R3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [11/07/2009 15:47 301104]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [26/02/2009 11:46 5576712]
.
Contents of the 'Scheduled Tasks' folder

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\mw2ct385.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13920&l=dis
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8238EE07]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84b9f28
\Driver\ACPI -> ACPI.sys @ 0xf834ccb8
\Driver\atapi -> atapi.sys @ 0xf8304852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf8210bb0
PacketIndicateHandler -> NDIS.sys @ 0xf821da21
SendHandler -> NDIS.sys @ 0xf81fb87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-2111687655-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:ca,24,08,9c,24,e6,4f,26,ed,e7,bd,f0,cc,eb,d4,52,eb,e8,e0,27,87,
fb,8f,fe,a1,06,6f,a1,27,4b,b6,f8,e2,24,01,dc,84,fd,d3,3c,98,0d,3e,8c,bf,d0,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-03 16:27:37
ComboFix-quarantined-files.txt 2010-01-03 16:27

Pre-Run: 124,887,535,616 bytes free
Post-Run: 125,318,557,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9F484E9E3CFAE408C0DC0A6D53D6CEA8


Report •

#8
January 3, 2010 at 08:43:32
Do you have a windows cd?

Download SystemLook.exe from the following link.


SystemLook.exe


1. Double-click SystemLook.exe to run it.
2. Copy the content of the following code between the X's into the main textfield:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:filefind
*atapi.sys*
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3. Click the Look button to start the scan.
4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Report •

#9
January 3, 2010 at 10:55:46
I dont think i do, is it vital?

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:58 on 03/01/2010 by user (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi.sys*"
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [12:00 14/04/2008] [12:00 14/04/2008] 7748FCC09D2680CAA8EDED907AD0F053

-=End Of File=-


Report •

#10
January 3, 2010 at 11:44:53
Yea, do not delete the infected file or the computer will not boot. We need a copy of the infected file and there does no appear to be one on your computer. A windows cd or a reinstall cd would have a copy.

Do you have a reinstall cd.


Report •

#11
January 3, 2010 at 14:57:56
Errrm i dont have a clue where one is, ill have to turn the house upside down and hope i find it...

Report •

#12
January 3, 2010 at 17:12:38
Lets try this Kaspersky tool.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. So once you extract the folder to the desktop open the folder and drag TDSSKiller.exe to the desktop so that the file is actually on the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#13
January 3, 2010 at 17:42:54
Okay, nothing came up when i typed in "c:\documents and settings\user\Desktop\TDSSKiller.exe"-l C:\TDSSKiller.txt -v

So i took out the .txt bit and i got this, however i got no logfile.

[img]http://img706.imageshack.us/img706/1931/99125579.png[/img]


Report •

#14
January 3, 2010 at 18:08:46
Try to find your reinstall disk.

Report •

#15
January 5, 2010 at 17:33:20
Glad the redirections have subsided. Post a new Combofix log and be sure to follow the previous suggestions please.

Report •

#16
January 8, 2010 at 04:46:04
ComboFix 10-01-04.01 - user 08/01/2010 12:33:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.338 [GMT 0:00]
Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-06 08:22 . 2009-12-19 19:56 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-01-06 08:22 . 2009-12-19 19:56 761624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.exe
2010-01-06 08:22 . 2009-12-19 19:56 339736 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.dll
2010-01-04 01:39 . 2010-01-04 01:39 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2010-01-01 19:15 . 2010-01-01 19:15 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-01-01 19:09 . 2010-01-01 19:09 -------- d-----w- c:\program files\CCleaner
2010-01-01 18:33 . 2010-01-03 15:58 -------- d-----w- c:\program files\Trojan Remover
2009-12-20 00:06 . 2009-12-20 00:07 -------- d-----w- c:\program files\VirtualDJ
2009-12-19 20:52 . 2010-01-06 14:41 -------- d-----w- C:\$AVG8.VAULT$
2009-12-19 19:54 . 2009-12-19 19:54 -------- d-----w- c:\documents and settings\log
2009-12-19 19:30 . 2010-01-03 15:57 -------- d-----w- c:\documents and settings\user\Application Data\AVGTOOLBAR
2009-12-17 14:01 . 2009-12-17 14:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-17 05:55 . 2009-12-17 05:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-16 16:13 . 2009-12-16 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-12-12 01:20 . 2010-01-08 12:44 256 ----a-w- c:\documents and settings\user\pool.bin
2009-12-09 23:15 . 2009-12-09 23:15 -------- d-----w- c:\documents and settings\user\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 12:44 . 2009-07-25 11:45 -------- d-----w- c:\program files\Steam
2010-01-08 03:01 . 2009-08-06 10:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-04 01:42 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-04 01:39 . 2010-01-04 01:39 96512 ----a-w- c:\windows\system32\drivers\atapi.tsk
2010-01-03 15:57 . 2010-01-01 19:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 15:20 . 2009-10-06 23:12 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2010-01-02 01:58 . 2009-09-27 19:44 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2010-01-02 01:01 . 2010-01-02 01:01 -------- d-----w- c:\program files\Trend Micro
2010-01-01 23:25 . 2009-07-12 19:26 58968 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 20:23 . 2010-01-01 20:23 -------- d-----w- c:\program files\Alwil Software
2010-01-01 20:04 . 2010-01-01 20:04 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-01-01 20:04 . 2010-01-01 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 19:17 . 2010-01-01 19:17 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-01 19:17 . 2010-01-01 19:17 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-01 19:16 . 2010-01-01 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-19 19:43 . 2009-07-11 07:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-19 19:43 . 2009-07-11 07:44 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-19 19:43 . 2009-07-11 07:44 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-19 19:43 . 2009-07-11 07:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-19 19:42 . 2009-07-11 07:44 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-19 19:30 . 2009-07-11 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-18 02:21 . 2009-07-12 23:26 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2009-12-09 02:25 . 2009-12-09 02:25 664 ----a-w- c:\documents and settings\lorraine\Local Settings\Application Data\d3d9caps.tmp
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:\documents and settings\lorraine\Application Data\bearsharetb
2009-12-06 11:31 . 2009-12-06 11:31 -------- d-----w- c:\documents and settings\lorraine\Application Data\Research In Motion
2009-12-06 05:17 . 2009-12-06 05:17 58200 ----a-w- c:\documents and settings\lorraine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 18:21 . 2009-11-29 18:20 -------- d-----w- c:\program files\DivX
2009-11-29 18:20 . 2009-11-29 18:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-21 16:27 . 2009-11-20 17:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-20 17:51 . 2009-11-20 17:47 -------- d-----w- c:\program files\Microsoft
2009-11-20 17:51 . 2009-11-20 17:51 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-20 17:50 . 2009-07-12 19:32 -------- d-----w- c:\program files\Windows Live
2009-11-20 17:49 . 2009-11-20 17:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-14 04:01 . 2009-11-14 04:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-14 00:49 . 2009-11-29 18:21 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 21:49 . 2009-11-13 21:49 -------- d-----w- c:\program files\My Drivers
2009-11-13 21:44 . 2009-11-13 21:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 247296 ----a-w- c:\documents and settings\user\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-11-13 21:44 . 2009-11-13 21:44 -------- d-----w- c:\documents and settings\user\Application Data\SystemRequirementsLab
2009-11-13 21:36 . 2009-07-25 23:30 -------- d-----w- c:\program files\Java
2009-11-13 21:36 . 2009-11-13 21:36 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-13 21:36 . 2009-11-13 21:36 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 18:45 . 2009-11-12 18:45 -------- d-----w- c:\program files\Sports Interactive
2009-11-12 16:19 . 2009-10-13 17:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-12 16:17 . 2009-11-12 16:17 -------- d-----w- c:\program files\Roxio
2009-11-12 16:17 . 2009-10-13 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-12 16:17 . 2009-11-12 16:17 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-12 16:00 . 2009-11-12 16:00 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-11-12 15:33 . 2009-11-12 15:33 -------- d-----w- c:\program files\PowerISO
2009-11-11 19:44 . 2009-11-11 19:44 -------- d-----w- c:\program files\AskSearch
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-10-29 07:45 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 11:02 . 2009-10-15 11:02 256 -c--a-w- c:\documents and settings\lorraine\pool.bin
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 04:17 . 2009-07-25 23:30 411368 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2010-01-04 01:42 . 0E0CC244609BF25DBAAE8378A22C9584 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-03_16.22.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-08 12:12 . 2010-01-08 12:12 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2010-01-08 12:44 . 2010-01-08 12:44 16384 c:\windows\Temp\Perflib_Perfdata_2b8.dat
- 2009-07-10 13:36 . 2010-01-03 16:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-10 13:36 . 2010-01-08 12:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-17 14:01 . 2010-01-03 16:07 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-17 14:01 . 2010-01-07 15:39 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-10 13:36 . 2010-01-08 12:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-10 13:36 . 2010-01-03 16:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-10 13:36 . 2010-01-03 16:07 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-10 13:36 . 2010-01-08 12:12 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-10-13 1590616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-19 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-19 19:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [26/02/2009 11:46 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/07/2009 07:44 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/07/2009 07:44 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/07/2009 07:44 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/07/2009 08:09 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/07/2009 08:09 297752]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [26/02/2009 11:46 563720]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [26/02/2009 11:46 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [26/02/2009 11:46 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [26/02/2009 11:46 27232]
R3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [11/07/2009 15:47 301104]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [26/02/2009 11:46 5576712]
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\mw2ct385.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13920&l=dis
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 12:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-2111687655-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:ca,24,08,9c,24,e6,4f,26,ed,e7,bd,f0,cc,eb,d4,52,eb,e8,e0,27,87,
fb,8f,fe,a1,06,6f,a1,27,4b,b6,f8,e2,24,01,dc,84,fd,d3,3c,98,0d,3e,8c,bf,d0,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-08 12:48:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 12:48
ComboFix2.txt 2010-01-03 16:27

Pre-Run: 125,149,429,760 bytes free
Post-Run: 125,232,685,056 bytes free

- - End Of File - - 1CFFDB9B1EBF2FD012B205A9501A5FB9


Report •

#17
January 8, 2010 at 14:12:48
The baddies cleaned by Combofix are a completely different spyware than you previously had but appears to be gone.

A little clean-up to do.

Delete RSIT, SystemLook, and TDSSKiller from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#18
January 8, 2010 at 17:05:48
you say empty my restore folder, you mean the wone in c://WINDOWS/system32?

Report •


Ask Question