WiredWX Hobby Weather ToolsLog in

 


xp total security 2011

2 posters

descriptionxp total security 2011 Emptyxp total security 2011

more_horiz
I looked in the other section and did not see this particular one posted so I am posting here for help.
We have an xp pc...older computer....service pack 3, Avast free, malwarewarebyte anti malware, cookienator, spyware blaster and secuina. this morning the fake message came up to scan computer for virus...we knew it was not a real one and did not ok it to scan. We closed the screen but it keeps popping up. It would NOT let me open Malware to scan, I did manage to open IE and currently using an ESET scanner with the AVAST turned off. So far eset has not found anything. Can you please help us remove this nasty thing? I hope I provided the information you need.

It comes up as "XP Total Security 2011"

We normally use Firefox....

(Note added)...eset scanner running 1 and 1/2 hour at 99% done....it NEVER runs that fast on this old thing....my feeling it is skipping files....

(note added) will not open firefox......only takes me to fake virus website....says "trojan-bnk.win32.keylogger.gen"


thanks

Brick


Last edited by brick on 17th April 2011, 6:29 pm; edited 2 times in total (Reason for editing : added more information)

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
this is the one on the screen:

OTL logfile created on: 04/17/2011 6:13:14 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David and Marla\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

479.00 Mb Total Physical Memory | 207.00 Mb Available Physical Memory | 43.00% Memory free
774.00 Mb Paging File | 453.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 10.02 Gb Free Space | 26.90% Space Free | Partition Type: NTFS

Computer Name: FRITSCH | User Name: David and Marla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/17 18:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
PRC - [2011/04/17 11:51:30 | 000,237,860 | -HS- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/05/28 07:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/12/07 10:37:36 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdmcoms.exe
PRC - [2006/03/09 04:03:56 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/06/18 10:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE
PRC - [2002/09/13 15:57:43 | 000,046,592 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/17 18:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/12/01 12:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/07 10:37:36 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/12/07 10:37:27 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/18 10:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\22378872.sys -- (22378872)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2237887.sys -- (setup_9.0.0.722_27.08.2010_10-15drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\22378871.sys -- (22378871)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/12/31 16:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/01/26 22:09:40 | 000,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/03/09 21:26:14 | 000,245,248 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/03/09 04:25:30 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/07/04 08:52:50 | 000,018,432 | ---- | M] (First 4 Internet) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\$sys$cor.sys -- ($sys$cor)
DRV - [2005/07/04 06:51:37 | 000,011,904 | ---- | M] (First 4 Internet) [Kernel | System | Running] -- C:\WINDOWS\system32\$sys$filesystem\crater.sys -- ($sys$crater)
DRV - [2004/08/04 01:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/18 10:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 10:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 10:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 10:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 10:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 10:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2002/09/13 15:55:13 | 000,659,356 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/07/10 18:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/17 16:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 B7 5C C1 18 FD CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.80
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}:1.8.71
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/03/08 11:08:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 14:34:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:22:15 | 000,000,000 | ---D | M]

[2008/10/15 10:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Extensions
[2011/04/16 15:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions
[2010/05/28 17:12:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/18 13:23:56 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2011/03/07 15:43:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/07 15:43:23 | 000,000,000 | ---D | M] ("Nautipolis for Firefox") -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
[2009/09/22 14:48:44 | 000,000,000 | ---D | M] (iFox) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2006/11/24 21:30:26 | 000,000,000 | ---D | M] (rubyFox) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2009/01/18 20:35:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/03/26 16:35:32 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2006/11/24 21:26:16 | 000,000,000 | ---D | M] ("Outlook 2003 Blue") -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{e8cba685-830c-1283-6314-a6ae605cc7be}
[2011/03/12 19:30:20 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\personas@christopher.beard
[2009/09/01 18:03:02 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\searchplugins\bing.xml
[2009/07/19 10:00:10 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\searchplugins\bleach-wiki-en.xml
[2011/04/16 15:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/29 11:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/12/12 16:04:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\DAVID AND MARLA\APPLICATION DATA\MOVE NETWORKS
[2011/03/08 11:08:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/11/29 11:00:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/29 11:00:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/16 13:01:15 | 000,221,184 | ---- | M] (Virtools SA) -- C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2010/08/18 15:39:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Cookienator] C:\Program Files\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin230.lnk = C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
O4 - Startup: C:\Documents and Settings\David and Marla\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134862168015 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David and Marla\My Documents\My Received Files\My Pictures\Fastswitch stealth fighter.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David and Marla\My Documents\My Received Files\My Pictures\Fastswitch stealth fighter.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 00:24:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 18:12:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
[2011/04/17 14:34:35 | 072,025,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David and Marla\Desktop\msert.exe
[2011/04/17 12:04:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/17 12:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/11 09:07:31 | 000,000,000 | ---D | C] -- C:\50d15fd2e8bd2b4b59
[2011/04/11 09:05:09 | 012,502,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David and Marla\Desktop\windows-kb890830-v3.17.exe
[2011/03/25 10:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/23 17:25:06 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\David and Marla\Desktop\Firefox Setup 4.0.exe
[2011/03/22 11:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/22 19:06:22 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2009/04/22 19:06:21 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2009/04/22 19:06:21 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2009/04/22 19:06:21 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2009/04/22 19:06:21 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2009/04/22 19:06:21 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2009/04/22 19:06:21 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2009/04/22 19:06:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2009/04/22 19:06:20 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2009/04/22 19:06:20 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmih.exe
[2009/04/22 19:06:19 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2009/04/22 19:06:19 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe
[2009/04/22 19:06:19 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcfg.exe
[2009/04/22 19:06:19 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[7 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[26 C:\Documents and Settings\David and Marla\My Documents\*.tmp files -> C:\Documents and Settings\David and Marla\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/17 18:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
[2011/04/17 17:56:08 | 000,018,100 | -HS- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 17:56:08 | 000,018,100 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 14:34:35 | 072,025,488 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David and Marla\Desktop\msert.exe
[2011/04/17 11:51:30 | 000,237,860 | -HS- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe
[2011/04/17 11:09:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 11:06:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/17 11:06:40 | 502,849,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/14 14:23:49 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 11:35:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 11:22:12 | 000,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 11:22:12 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/11 10:41:46 | 012,502,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David and Marla\Desktop\windows-kb890830-v3.17.exe
[2011/04/10 16:09:28 | 014,950,378 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\PKMN STARTER.zip
[2011/04/07 21:57:55 | 000,173,056 | -H-- | M] () -- C:\Documents and Settings\David and Marla\My Documents\photothumb.db
[2011/04/06 13:09:18 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\Cookienator.lnk
[2011/04/04 19:42:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/03 15:56:28 | 000,030,155 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\DTB2_Hei_by_neng_neng.jpg
[2011/04/02 19:55:58 | 000,082,745 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\Darker_Than_Black___Hei_by_Gorniasty.png
[2011/03/29 11:34:55 | 001,982,847 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\Math6_update1.exe
[2011/03/23 17:29:30 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\David and Marla\Desktop\Firefox Setup 4.0.exe
[2011/03/22 11:57:35 | 000,178,152 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\activescan2_en.exe
[7 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[26 C:\Documents and Settings\David and Marla\My Documents\*.tmp files -> C:\Documents and Settings\David and Marla\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/17 11:54:59 | 000,018,100 | -HS- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 11:54:59 | 000,018,100 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 11:51:30 | 000,237,860 | -HS- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe
[2011/04/10 16:07:33 | 014,950,378 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\PKMN STARTER.zip
[2011/04/03 15:45:38 | 000,030,155 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\DTB2_Hei_by_neng_neng.jpg
[2011/04/02 19:54:32 | 000,082,745 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\Darker_Than_Black___Hei_by_Gorniasty.png
[2011/03/29 11:35:06 | 001,982,847 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\Math6_update1.exe
[2011/03/22 11:57:49 | 000,178,152 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\activescan2_en.exe
[2011/03/14 14:31:54 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2010/11/01 10:57:37 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/10/25 16:43:20 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\26C53DC7C5.sys
[2010/10/25 16:43:14 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/08/18 11:25:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/18 11:25:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/18 11:25:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/18 11:25:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/18 11:25:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/07 08:50:08 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/12/14 21:41:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\prvlcl.dat
[2009/12/01 11:44:56 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/21 10:54:06 | 000,012,891 | ---- | C] () -- C:\WINDOWS\kecihoc.com
[2009/08/21 10:54:05 | 000,018,885 | ---- | C] () -- C:\WINDOWS\System32\acylowi.dll
[2009/08/21 10:54:05 | 000,018,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ymysad._sy
[2009/08/21 10:54:05 | 000,017,451 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\jypu.bin
[2009/04/22 19:11:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2009/04/22 19:11:12 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2009/04/22 19:10:19 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2009/04/22 19:10:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2009/04/22 19:10:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2009/04/22 19:09:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL
[2009/04/22 19:09:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL
[2009/04/22 19:09:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll
[2009/04/22 19:06:39 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini
[2009/04/22 19:06:22 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2009/04/22 19:06:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/25 12:32:57 | 000,095,496 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/12/25 12:32:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2008/12/25 12:32:31 | 000,081,418 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/12/08 12:10:33 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2008/12/08 12:10:33 | 000,034,915 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2008/12/08 12:10:33 | 000,016,819 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2008/12/08 12:08:51 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2008/12/08 12:08:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2008/12/04 11:06:55 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk5.ini
[2008/09/29 09:00:49 | 000,000,638 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2008/09/29 08:54:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\mathadv.ini
[2008/09/29 08:53:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/03/30 14:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2006/08/16 19:00:28 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/03/01 13:56:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/03/01 13:56:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/03/01 13:56:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/03/01 13:56:11 | 000,000,315 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2006/02/08 16:55:40 | 000,001,016 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/01/26 13:04:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/26 19:19:54 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\fusioncache.dat
[2005/12/26 18:35:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/22 22:25:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/12/19 00:38:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/19 00:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/19 00:02:38 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/19 00:02:24 | 000,003,680 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/18 22:53:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/18 11:17:28 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/12/17 20:29:23 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/13 12:44:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2005/12/13 12:38:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/12/13 12:38:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/12/13 12:38:01 | 000,004,514 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/13 12:37:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/12/13 12:37:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/13 12:37:27 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/12/13 12:37:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/12/13 12:36:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/12/13 12:35:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/08/04 03:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/02/04 09:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/28 20:27:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/18 00:37:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/18 00:28:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/18 00:19:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/18 00:05:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2002/09/18 00:05:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2002/09/18 00:04:22 | 000,001,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/18 00:03:12 | 000,444,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/18 00:03:12 | 000,072,252 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/17 17:12:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/17 17:10:48 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
We could not find the extra.txt file you indicated would be on the desk top. We did a search and nothing came up. The only one present was the one that appeared on the screen after the scan was finished.



brick


Last edited by brick on 18th April 2011, 12:29 am; edited 1 time in total (Reason for editing : removed information concerning second computer)

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2011/04/17 11:51:30 | 000,237,860 | -HS- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe" -a "%1" %* ()
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe" -a "%1" %* ()
    [2011/04/17 17:56:08 | 000,018,100 | -HS- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
    [2011/04/17 17:56:08 | 000,018,100 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
here are the logs

========== OTL ==========
Process xsc.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
C:\Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\David and Marla\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7 moved successfully.
C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7 moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 04182011_174655

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    xp total security 2011 CF_download_FF

    xp total security 2011 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    xp total security 2011 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    xp total security 2011 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
here are the logs

ComboFix 11-04-17.03 - David and Marla 04/18/2011 18:50:56.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.152 [GMT -4:00]
Running from: c:\documents and settings\David and Marla\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\David and Marla\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 21:46 . 2011-04-18 21:46 -------- d-----w- C:\_OTL
2011-04-17 16:04 . 2011-04-17 16:04 -------- d-----w- c:\windows\LastGood
2011-04-17 16:04 . 2011-04-17 16:04 -------- d-----w- c:\program files\ESET
2011-04-11 13:07 . 2011-04-11 13:07 -------- d-----w- C:\50d15fd2e8bd2b4b59
2011-04-10 21:36 . 2011-04-10 21:36 88820 ----a-w- c:\documents and settings\All Users\SPL56.tmp
2011-03-25 14:09 . 2011-03-25 14:16 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-22 15:57 . 2011-03-22 21:28 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 00:51 . 2010-08-21 22:17 90112 ----a-w- c:\windows\DUMP66e7.tmp
2011-03-07 05:33 . 2005-12-13 16:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-12-13 16:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-12-13 16:38 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-07-13 15:57 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-05-23 17:36 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-08 15:08 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-05-23 17:38 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-05-23 17:38 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-05-23 17:38 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-05-23 17:38 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-05-23 17:38 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-05-23 17:38 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-05-23 17:38 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:06 . 2005-12-13 16:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-12-13 16:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2005-10-21 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-12-13 16:37 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-12-13 16:38 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-08-21 16:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-12-13 16:35 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 17:24 . 2010-08-21 22:17 90112 ----a-w- c:\windows\DUMP64c4.tmp
2011-02-09 13:53 . 2005-12-13 16:38 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2005-12-13 16:36 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2005-12-13 16:37 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-12-13 16:37 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2005-12-13 16:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-12-13 16:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-12-13 16:38 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cookienator"="c:\program files\Cookienator\cookienator.exe" [2009-10-19 1333472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-09-13 46592]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2006-03-09 262144]
"SiSPower"="SiSPower.dll" [2006-03-09 49152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
.
c:\documents and settings\David and Marla\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2011-3-14 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/06/2004 10:11 AM 18432]
R0 22378872;22378872 Boot Guard Driver;c:\windows\system32\drivers\22378872.sys [08/27/2010 5:48 PM 37392]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/07/2004 3:57 AM 11904]
R1 22378871;22378871;c:\windows\system32\drivers\22378871.sys [08/27/2010 5:48 PM 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/08/2011 11:08 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/23/2010 1:38 PM 301528]
R1 setup_9.0.0.722_27.08.2010_10-15drv;setup_9.0.0.722_27.08.2010_10-15drv;c:\windows\system32\drivers\2237887.sys [08/27/2010 5:48 PM 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/23/2010 1:38 PM 19544]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [05/28/2010 7:04 AM 14896]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [03/14/2011 2:31 PM 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [03/14/2011 2:31 PM 461056]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Nautipolis for Firefox: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} - %profile%\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\David and Marla\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 19:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3889389676-2448089655-718245918-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-18 19:16:09
ComboFix-quarantined-files.txt 2011-04-18 23:16
ComboFix2.txt 2010-08-18 20:05
ComboFix3.txt 2010-08-18 15:58
.
Pre-Run: 10,522,021,888 bytes free
Post-Run: 11,491,966,976 bytes free
.
- - End Of File - - AFF1DB6A1437593387A50B3EB138C2EF

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    File::
    c:\windows\DUMP66e7.tmp
    c:\windows\system32\drivers\$sys$cor.sys
    c:\windows\system32\drivers\22378872.sys
    c:\windows\system32\drivers\22378871.sys
    c:\windows\system32\drivers\2237887.sys

    Folder::
    c:\windows\system32\$sys$filesystem

    Driver::
    $sys$cor
    22378872
    $sys$crater
    22378871
    setup_9.0.0.722_27.08.2010_10-15drv

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    xp total security 2011 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
A note: we cannot seem to get our automatic updates back online, despite the fact we are able to turn back on the firewalls and such.

here

ComboFix 11-04-18.01 - David and Marla 04/18/2011 20:07:48.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.141 [GMT -4]
Running from: c:\documents and settings\David and Marla\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\David and Marla\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\DUMP66e7.tmp"
"c:\windows\system32\drivers\$sys$cor.sys"
"c:\windows\system32\drivers\2237887.sys"
"c:\windows\system32\drivers\22378871.sys"
"c:\windows\system32\drivers\22378872.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\$sys$filesystem
c:\windows\system32\$sys$filesystem\$sys$parking
c:\windows\system32\$sys$filesystem\crater.sys
c:\windows\system32\$sys$filesystem\DbgHelp.dll
c:\windows\system32\$sys$filesystem\lim.sys
c:\windows\system32\$sys$filesystem\Unicows.dll
c:\windows\system32\drivers\$sys$cor.sys
c:\windows\system32\drivers\2237887.sys
c:\windows\system32\drivers\22378871.sys
c:\windows\system32\drivers\22378872.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_22378871
-------\Legacy_22378872
-------\Legacy_SETUP_9.0.0.722_27.08.2010_10-15DRV
-------\Service_$sys$cor
-------\Service_$sys$crater
-------\Service_22378871
-------\Service_22378872
-------\Service_setup_9.0.0.722_27.08.2010_10-15drv
.
.
((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-18 21:46 . 2011-04-18 21:46 -------- d-----w- C:\_OTL
2011-04-17 16:04 . 2011-04-17 16:04 -------- d-----w- c:\program files\ESET
2011-04-11 13:07 . 2011-04-11 13:07 -------- d-----w- C:\50d15fd2e8bd2b4b59
2011-04-10 21:36 . 2011-04-10 21:36 88820 ----a-w- c:\documents and settings\All Users\SPL56.tmp
2011-03-25 14:09 . 2011-03-25 14:16 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-22 15:57 . 2011-03-22 21:28 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 00:51 . 2010-08-21 22:17 90112 ----a-w- c:\windows\DUMP66e7.tmp
2011-03-07 05:33 . 2005-12-13 16:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-12-13 16:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-12-13 16:38 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-07-13 15:57 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-05-23 17:36 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-08 15:08 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-05-23 17:38 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-05-23 17:38 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-05-23 17:38 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-05-23 17:38 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-05-23 17:38 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-05-23 17:38 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-05-23 17:38 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:06 . 2005-12-13 16:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-12-13 16:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2005-10-21 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-12-13 16:37 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-12-13 16:38 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-08-21 16:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-12-13 16:35 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 17:24 . 2010-08-21 22:17 90112 ----a-w- c:\windows\DUMP64c4.tmp
2011-02-09 13:53 . 2005-12-13 16:38 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2005-12-13 16:36 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2005-12-13 16:37 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-12-13 16:37 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2005-12-13 16:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-12-13 16:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-12-13 16:38 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cookienator"="c:\program files\Cookienator\cookienator.exe" [2009-10-19 1333472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-09-13 46592]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2006-03-09 262144]
"SiSPower"="SiSPower.dll" [2006-03-09 49152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
.
c:\documents and settings\David and Marla\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2011-3-14 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/08/2011 11:08 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/23/2010 1:38 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/23/2010 1:38 PM 19544]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [05/28/2010 7:04 AM 14896]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [03/14/2011 2:31 PM 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [03/14/2011 2:31 PM 461056]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Nautipolis for Firefox: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} - %profile%\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\David and Marla\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3889389676-2448089655-718245918-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\lxdmcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\HPZipm12.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-18 20:33:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-19 00:33
ComboFix2.txt 2011-04-18 23:16
ComboFix3.txt 2010-08-18 20:05
ComboFix4.txt 2010-08-18 15:58
.
Pre-Run: 11,498,057,728 bytes free
Post-Run: 11,518,705,664 bytes free
.
- - End Of File - - C52BACF3A360DCA9E12CA4A5B5889201

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
here are the logs

NOTE: (11:30 am) WE HAD TERRIBLE STORMS AND COMPUTER HAD TO BE SHUT DOWN LAST NIGHT AFTER THE SCAN WAS RAN AND RESULTS POSTED. BOOTED UP THE COMPUTER THIS MORNING, BUT IT IS NOT OPENING ANY PROGRAMS. SEEMS TO BE FROZEN AT DESKTOP SCREEN. THE SCAN WAS RAN AND POSTED BEFORE 7 LAST NIGHT.....COMPUTER SHUT DOWN AROUND 10 PM

NOTE:( 2:23 pm...desk top will not respond to any commands...but can move mouse...wont open internet, or avast or anything...will shut itself off...for no reason. was able at one point to get it to go into safe mode. ran a malware scan on it in safemode, but it came up clear....booted it back up in normal mode...still will not allow us to access anything...currently have avast shut off. computer shut itself off and back up again. IMHO...computer worse than in beginning. Will likely have to use the safe laptop to download any programs you want us to run and copy to disc to use on computer infected, except it doesn't read any discs in disc drive either....hope you can figure this out.)

Note: The Automatic Updates tab still won't turn on.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3bde07254eca2547895188c06d3e20a1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-17 06:12:28
# local_time=2011-04-17 02:12:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 27495261 27495261 0 0
# compatibility_mode=1024 16777215 100 0 42403144 42403144 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88456
# found=0
# cleaned=0
# scan_time=7347
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3bde07254eca2547895188c06d3e20a1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-19 09:45:54
# local_time=2011-04-19 05:45:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 27681694 27681694 0 0
# compatibility_mode=1024 16777215 100 0 42589577 42589577 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80546
# found=2
# cleaned=2
# scan_time=6518
C:\Documents and Settings\David and Marla\Application Data\Sun\Java\Deployment\cache\6.0\5\79ec8e45-1ba7b300 a variant of Win32/Injector.FVQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\04182011_174655\C_Documents and Settings\David and Marla\Local Settings\Application Data\xsc.exe a variant of Win32/Injector.FVQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Last edited by brick on 20th April 2011, 6:26 pm; edited 2 times in total (Reason for editing : more information)

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Hello.
Can you run Combofix one more time?

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
Can we run Combofix in Safe Mode? It seems to be the only way we can get something to work.

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
I asked if we could run it in safe mode at 6....since I did not receive a response and multiple attempts to run it in regular mode left it frozen I ran it in safe mode. It ran through 50 stages...deleted one file...C:\window\jestertb.dll......it left a log on c drive. I then restarted computer in regular mode...it is frozen, I can not access any internet or the log or anything else.

also....time clock is often up to five minutes slower than our other desktop...clearly if it is not frozen it is on super slow speed that completely blocks any attempts to do anything.

brick


Last edited by brick on 20th April 2011, 11:06 pm; edited 2 times in total (Reason for editing : added more information)

descriptionxp total security 2011 EmptyRe: xp total security 2011

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum