A mess and don't know where to start

I have been waiting for over a week for a reply from geekstogo and they have left me hanging with no response. Everything is shutting down or disappearing by the minute. Avast which was turning itself off every time I rebooted or opened firefox, has now stopped loading completely. My firewall is off and cant be found. System restore is gone as well. Actually I have partial Windows xp pro it looks like now. I can't get to windows update. My sound device keeps disappearing. Please help lol This started a few weeks ago with the Windows Security 2011 virus.~[Filtered]~

Last edited by Stormyme on 6th May 2011, 7:53 pm; edited 1 time in total (Reason for editing : trying to add OTL file)

~[Filtered]~

~[Filtered]~

Hello.
Can you attach the logs?

I get this error when I try. "Uploaded file is not valid."

I am open to any suggestion on how to get these files to you lol

Can you upload the logs to mediafire.com and post the share URL here?

Very awesome , I hope this works. Thank you so much!

http://www.mediafire.com/?49hc4ey5jpjsucm

http://www.mediafire.com/?qj4nd21aabvafom

Just a note: I keep getting the "Generic Host Process for Win32 Services has encountered a problem and needs to close." When I click the get info link I get this:

C:\DOCUME~1\STORMY~1.000\LOCALS~1\Temp\WER50ec.dir00\svchost.exe.mdmp
C:\DOCUME~1\STORMY~1.000\LOCALS~1\Temp\WER50ec.dir00\appcompat.txt

In my process tab in task manager, I have an svchost.exe that is using 272,560 k in Mem usage. Isn't that rather large?

were you able to see those files?

Hello.
Yep, got them.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

First off let me apologize for the length of time on this reply, my internet was down a week for upgrades.

Second, Thank you so much for your help, here is the update:

I ran combofix, it found and fixed rootkit, but left me without internet. I have tried the reboot and repair, but it says can not find IP.
I am currently on another PC in my home. I have the Log file here.

ComboFix 11-05-19.02 - Stormy 05/20/2011 20:32:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2674 [GMT -7:00]
Running from: c:\documents and settings\Stormy.STORMYS2NDLIFE.000\My Documents\My Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Security Online *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\.#
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\Adobe\plugs
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\Adobe\shed
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\CB1723F9619B50A08C5B3F35855AFA19
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\CB1723F9619B50A08C5B3F35855AFA19\enemies-names.txt
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\CB1723F9619B50A08C5B3F35855AFA19\local.ini
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\adv.gif
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\Base64.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\ClickFreeBackup.exe
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\crafter-pguard5.skf
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\DvdId.cfg
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\FileList.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\FrenchResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\gdiplus.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\GermanResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\ItalianResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\mb_email.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\mb_email2000.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\ShLog.txt
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\SkinCrafterDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\SpanishResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\wiaaut.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\inst.exe
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\TMInc
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\TMInc\game.cfg
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\TMInc\user1.sav
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\WINDOWS
c:\documents and settings\Stormy\Application Data\EHGrid.dll
c:\documents and settings\Stormy\Application Data\MBSEthernetPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSJPEGDecompressionPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSMainPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSRegistrationPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSUsernamePlugin.dll
c:\documents and settings\Stormy\Application Data\MBSWindowPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSWinPlugin.dll
c:\documents and settings\Stormy\Application Data\noname.dll
c:\documents and settings\Stormy\Application Data\rbap450.dll
c:\documents and settings\Stormy\Application Data\RBSSLSocket450.dll
c:\program files\INSTALL.LOG
C:\s
c:\settings\desktop.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\daemon.dll
c:\windows\ST6UNST.000
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004777_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004788_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004795_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004831_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004849_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004858_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004862_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004875_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004879_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004892_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\_004898_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004908_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_005064_.tmp.dll
c:\windows\system32\_005065_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005067_.tmp.dll
c:\windows\system32\_005070_.tmp.dll
c:\windows\system32\_005071_.tmp.dll
c:\windows\system32\_005072_.tmp.dll
c:\windows\system32\_005073_.tmp.dll
c:\windows\system32\_005074_.tmp.dll
c:\windows\system32\_005075_.tmp.dll
c:\windows\system32\_005076_.tmp.dll
c:\windows\system32\_005077_.tmp.dll
c:\windows\system32\_005078_.tmp.dll
c:\windows\system32\_005079_.tmp.dll
c:\windows\system32\_005080_.tmp.dll
c:\windows\system32\_005081_.tmp.dll
c:\windows\system32\_005082_.tmp.dll
c:\windows\system32\_005083_.tmp.dll
c:\windows\system32\_005084_.tmp.dll
c:\windows\system32\_005085_.tmp.dll
c:\windows\system32\_005086_.tmp.dll
c:\windows\system32\_005087_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005089_.tmp.dll
c:\windows\system32\_005090_.tmp.dll
c:\windows\system32\_005091_.tmp.dll
c:\windows\system32\_005092_.tmp.dll
c:\windows\system32\_005093_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005095_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005098_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005101_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005116_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005129_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005153_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005159_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005162_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005176_.tmp.dll
c:\windows\system32\_005177_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005182_.tmp.dll
c:\windows\system32\_005183_.tmp.dll
c:\windows\system32\_005184_.tmp.dll
c:\windows\system32\_005185_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005190_.tmp.dll
c:\windows\system32\_005192_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005196_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005203_.tmp.dll
c:\windows\system32\_005206_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\_005210_.tmp.dll
c:\windows\system32\_005211_.tmp.dll
c:\windows\system32\_005214_.tmp.dll
c:\windows\system32\_005215_.tmp.dll
c:\windows\system32\_005216_.tmp.dll
c:\windows\system32\_005217_.tmp.dll
c:\windows\system32\_005218_.tmp.dll
c:\windows\system32\_005223_.tmp.dll
c:\windows\system32\_005225_.tmp.dll
c:\windows\system32\_005226_.tmp.dll
c:\windows\system32\_005390_.tmp.dll
c:\windows\system32\_005391_.tmp.dll
c:\windows\system32\_005392_.tmp.dll
c:\windows\system32\_005393_.tmp.dll
c:\windows\system32\_005400_.tmp.dll
c:\windows\system32\_005401_.tmp.dll
c:\windows\system32\_005402_.tmp.dll
c:\windows\system32\_005403_.tmp.dll
c:\windows\system32\_005404_.tmp.dll
c:\windows\system32\_005405_.tmp.dll
c:\windows\system32\_005406_.tmp.dll
c:\windows\system32\_005408_.tmp.dll
c:\windows\system32\_005409_.tmp.dll
c:\windows\system32\_005412_.tmp.dll
c:\windows\system32\_005413_.tmp.dll
c:\windows\system32\_005414_.tmp.dll
c:\windows\system32\_005415_.tmp.dll
c:\windows\system32\_005416_.tmp.dll
c:\windows\system32\_005417_.tmp.dll
c:\windows\system32\_005418_.tmp.dll
c:\windows\system32\_005420_.tmp.dll
c:\windows\system32\_005421_.tmp.dll
c:\windows\system32\_005422_.tmp.dll
c:\windows\system32\_005423_.tmp.dll
c:\windows\system32\_005424_.tmp.dll
c:\windows\system32\_005425_.tmp.dll
c:\windows\system32\_005426_.tmp.dll
c:\windows\system32\_005427_.tmp.dll
c:\windows\system32\_005428_.tmp.dll
c:\windows\system32\_005430_.tmp.dll
c:\windows\system32\_005431_.tmp.dll
c:\windows\system32\_005432_.tmp.dll
c:\windows\system32\_005433_.tmp.dll
c:\windows\system32\_005435_.tmp.dll
c:\windows\system32\_005436_.tmp.dll
c:\windows\system32\_005437_.tmp.dll
c:\windows\system32\_005438_.tmp.dll
c:\windows\system32\_005439_.tmp.dll
c:\windows\system32\_005440_.tmp.dll
c:\windows\system32\_005442_.tmp.dll
c:\windows\system32\_005444_.tmp.dll
c:\windows\system32\_005445_.tmp.dll
c:\windows\system32\_005446_.tmp.dll
c:\windows\system32\_005447_.tmp.dll
c:\windows\system32\_005449_.tmp.dll
c:\windows\system32\_005450_.tmp.dll
c:\windows\system32\_005451_.tmp.dll
c:\windows\system32\_005452_.tmp.dll
c:\windows\system32\_005453_.tmp.dll
c:\windows\system32\_005454_.tmp.dll
c:\windows\system32\_005455_.tmp.dll
c:\windows\system32\_005456_.tmp.dll
c:\windows\system32\_005457_.tmp.dll
c:\windows\system32\_005458_.tmp.dll
c:\windows\system32\_005459_.tmp.dll
c:\windows\system32\_005460_.tmp.dll
c:\windows\system32\_005461_.tmp.dll
c:\windows\system32\_005462_.tmp.dll
c:\windows\system32\_005463_.tmp.dll
c:\windows\system32\_005464_.tmp.dll
c:\windows\system32\_005465_.tmp.dll
c:\windows\system32\_005466_.tmp.dll
c:\windows\system32\_005467_.tmp.dll
c:\windows\system32\_005468_.tmp.dll
c:\windows\system32\_005469_.tmp.dll
c:\windows\system32\_005470_.tmp.dll
c:\windows\system32\_005471_.tmp.dll
c:\windows\system32\_005472_.tmp.dll
c:\windows\system32\_005473_.tmp.dll
c:\windows\system32\_005474_.tmp.dll
c:\windows\system32\_005475_.tmp.dll
c:\windows\system32\_005476_.tmp.dll
c:\windows\system32\_005477_.tmp.dll
c:\windows\system32\_005478_.tmp.dll
c:\windows\system32\_005480_.tmp.dll
c:\windows\system32\_005482_.tmp.dll
c:\windows\system32\_005483_.tmp.dll
c:\windows\system32\_005484_.tmp.dll
c:\windows\system32\_005485_.tmp.dll
c:\windows\system32\_005486_.tmp.dll
c:\windows\system32\_005488_.tmp.dll
c:\windows\system32\_005489_.tmp.dll
c:\windows\system32\_005492_.tmp.dll
c:\windows\system32\_005493_.tmp.dll
c:\windows\system32\_005495_.tmp.dll
c:\windows\system32\_005496_.tmp.dll
c:\windows\system32\_005497_.tmp.dll
c:\windows\system32\_005498_.tmp.dll
c:\windows\system32\_005499_.tmp.dll
c:\windows\system32\_005500_.tmp.dll
c:\windows\system32\_005501_.tmp.dll
c:\windows\system32\_005502_.tmp.dll
c:\windows\system32\_005503_.tmp.dll
c:\windows\system32\_005505_.tmp.dll
c:\windows\system32\_005506_.tmp.dll
c:\windows\system32\_005507_.tmp.dll
c:\windows\system32\_005508_.tmp.dll
c:\windows\system32\_005510_.tmp.dll
c:\windows\system32\_005511_.tmp.dll
c:\windows\system32\_005513_.tmp.dll
c:\windows\system32\_005514_.tmp.dll
c:\windows\system32\_005515_.tmp.dll
c:\windows\system32\_005516_.tmp.dll
c:\windows\system32\_005517_.tmp.dll
c:\windows\system32\_005518_.tmp.dll
c:\windows\system32\_005519_.tmp.dll
c:\windows\system32\_005521_.tmp.dll
c:\windows\system32\_005522_.tmp.dll
c:\windows\system32\_005523_.tmp.dll
c:\windows\system32\_005524_.tmp.dll
c:\windows\system32\_005525_.tmp.dll
c:\windows\system32\_005526_.tmp.dll
c:\windows\system32\_005527_.tmp.dll
c:\windows\system32\_005528_.tmp.dll
c:\windows\system32\_005530_.tmp.dll
c:\windows\system32\_005531_.tmp.dll
c:\windows\system32\_005532_.tmp.dll
c:\windows\system32\_005533_.tmp.dll
c:\windows\system32\_005536_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\_005541_.tmp.dll
c:\windows\system32\_005542_.tmp.dll
c:\windows\system32\_005544_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005547_.tmp.dll
c:\windows\system32\_005549_.tmp.dll
c:\windows\system32\_005550_.tmp.dll
c:\windows\system32\_005551_.tmp.dll
c:\windows\system32\_005552_.tmp.dll
c:\windows\system32\_005555_.tmp.dll
c:\windows\system32\_005556_.tmp.dll
c:\windows\system32\_005557_.tmp.dll
c:\windows\system32\_005558_.tmp.dll
c:\windows\system32\_005559_.tmp.dll
c:\windows\system32\_005564_.tmp.dll
c:\windows\system32\_005566_.tmp.dll
c:\windows\system32\_005567_.tmp.dll
c:\windows\system32\11034841.dll
c:\windows\system32\18467.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\mssfc.dll
c:\windows\system32\winlogon.bak
c:\windows\v10neformatic.dll
c:\windows\v10neformatic.ocx
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_TDSSSERV.SYS
-------\Service_AFPAnsi
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 20:20 . 2009-07-14 22:35 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-05-04 11:10 . 2011-01-20 23:14 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-26 07:37 . 2011-03-26 07:30 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-03-26 06:31 . 2011-03-26 06:31 2 --shatr- c:\windows\winstart.bat
2011-02-28 15:09 . 2009-02-07 19:16 53248 ----a-w- c:\windows\system32\CSVer.dll
2008-12-20 09:41 . 2009-10-09 01:19 218112 ----a-w- c:\program files\HijackThis1991.exe
2008-07-08 10:35 . 2008-07-08 10:35 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 94280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
.
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-4-12 1172992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cr1lk2ulc2t.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xay21jfwuu2.sys]
@="\??\c:\windows\system32\drivers\xay21jfwuu2.sys"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"C:0\\StormysStuff\\Space_Siege__Rip_550_mb_\\Fonekat.Net.Space.Siege.Rip\\Fonekat.Net.Space.Siege.Rip\\SpaceSiege.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\ijji\\ENGLISH\\AVA\\binaries\\AVA.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ijjigame\\PurpleBean.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"C:0\\Program Files\\mIRC\\mirc.exe"=
"C:0\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Stormy.STORMYS2NDLIFE.000\\Local Settings\\Application Data\\BetOnSoft\\Grand Eagle\\Code\\win32\\vc80\\release\\GameHost\\GameClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56989:TCP"= 56989:TCP:*:Disabled:Pando Media Booster
"56989:UDP"= 56989:UDP:*:Disabled:Pando Media Booster
"58779:TCP"= 58779:TCP:Pando Media Booster
"58779:UDP"= 58779:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R0 d244bus;d244bus;c:\windows\system32\drivers\d244bus.sys [10/12/2008 6:15 AM 137216]
R0 d244prt;d244prt;c:\windows\system32\drivers\d244prt.sys [10/12/2008 6:15 AM 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/8/2011 5:35 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/8/2011 5:35 PM 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/8/2011 5:35 PM 19544]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/20/2011 4:14 PM 10448]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/7/2011 3:50 AM 632792]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 3:35 PM 19720]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 2:59 PM 38248]
S0 dqdjj;dqdjj;c:\windows\system32\drivers\wxcbasj.sys --> c:\windows\system32\drivers\wxcbasj.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/15/2009 6:01 AM 685816]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 6:07 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\STORMY~1.000\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\STORMY~1.000\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\windows\system32\Drivers\biomini.sys --> c:\windows\system32\Drivers\biomini.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\STORMY~1.000\LOCALS~1\Temp\KXH1721.tmp --> c:\docume~1\STORMY~1.000\LOCALS~1\Temp\KXH1721.tmp [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 6:07 PM 136176]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [1/16/2010 11:54 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [1/16/2010 11:54 AM 13312]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [5/6/2011 1:20 PM 14856]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/19/2009 3:12 AM 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/19/2009 3:12 AM 218608]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2D.tmp --> c:\windows\system32\2D.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/28/2006 5:00 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/26/2011 12:30 AM 24416]
S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [10/14/2009 6:05 PM 88864]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [10/14/2009 6:05 PM 39200]
S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [10/14/2009 6:05 PM 80672]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [10/14/2009 6:05 PM 41984]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [10/14/2009 6:05 PM 24704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 SuperMounter;SuperMounter; [x]
S4 xay21jfwuu2.sys;xay21jfwuu2.sys;\??\c:\windows\system32\drivers\xay21jfwuu2.sys --> c:\windows\system32\drivers\xay21jfwuu2.sys [?]
S4 XDva136;XDva136;\??\c:\windows\system32\XDva136.sys --> c:\windows\system32\XDva136.sys [?]
S4 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc096a8c6d5ca4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 01:07]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 01:07]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2025429265-839522115-1004Core.job
- c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 09:49]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2025429265-839522115-1004UA.job
- c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 09:49]
.
2009-09-12 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Administrator.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
2009-09-12 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Stormy.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
2011-05-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-04-26 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-05-07 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-04-05 07:40]
.
2011-05-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-07 00:05]
.
2011-05-21 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-05-07 19:26]
.
2011-05-06 c:\windows\Tasks\User_Feed_Synchronization-{380FE606-3C88-4C8A-8D4F-D852D1A9C601}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: $talisma_url$
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com
DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} - hxxp://72.233.55.59/activex/vogweb29.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TaskTray - (no file)
HKU-Default-Run-SvrWsc - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 21:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\STORMY~1.000\LOCALS~1\Temp\KXH1721.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2D.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-2025429265-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
.
**************************************************************************
.
Completion time: 2011-05-20 21:34:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 04:33
.
Pre-Run: 275,106,123,776 bytes free
Post-Run: 276,710,096,896 bytes free
.
Current=15 Default=15 Failed=1 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - E717FBEF008ED23CC2C54FFBA869D802

Update

I have tried releasing and renewing my ip and get this

The RPC server is unavailable

So at this point I am leaving my PC alone until I hear from you
I don't want to make it worse lol

bump

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

File::
c:\windows\winstart.bat

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cr1lk2ulc2t.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xay21jfwuu2.sys]

Driver::
dqdjj
oreans32
cpuz134
xay21jfwuu2

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.