Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some web sites load; Some don't. [Solved]

Started by Resistor , Apr 10 2010 10:44 PM

  • This topic is locked This topic is locked

#1
Resistor
Posted 10 April 2010 - 10:44 PM

Resistor

    Member

  • Member
  • PipPip
  • 14 posts
Some web sites load; Some don't. Each site is consistent, from day to day.
Inaccessable sites usually present some version of "server not found".

I cannot access many of my book-marked sites. The url's are good.
I can access a few sites, including Google, The Drudge Report and Geeks to Go.
From a search, it is hit or miss, whether any individual link will take me to the respective site.

A WIFI connection provided normal access.
The problem affects DSL connections, as well as a 2-way satellite connection, with a phone line for upload, and the satellite for download.

This problem started when I downloaded Firefox 3.5, Summer 2009.
About the same time, I updated Windows Vista, and acquired Internet Explorer v. 8, in the process?

There was no improvement, with updates to Firefox 3.5.1 and 3.5.2.
There was no improvement when reverting back to version 3, or the latest update to version 2.
The current version is Firefox 3.6.3, and I just updated Windows.

I just uninstalled Comodo Internet Security, since I had issues with current and previous versions. May be operator error ...
And, I've just downloaded Avast, to install later. SuperAntiSpyware shows no problems.

There are others with the same or similar problem, and no solution.
I do not think this is a problem with Firefox or malware, since I had no problems, at the time of the download and installation.

I believe I have followed the steps noted in the guidelines, with the exception of GMER. I'm posting the result from the original scan.
After a half dozen attempts, last night, I gave up. The last 2 or 3 attempts resulted in the BSOD - Blue Screen & reboot.

Any ideas?


Ran TFC, ERUNT & SuperAntiSpyware.

Malwarebytes' Anti-Malware 1.44
Database version: 3704
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702

4/9/2010 1:21:23 AM
mbam-log-2010-04-09 (01-21-23).txt

Scan type: Quick Scan
Objects scanned: 99944
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The problem continues, after re-booting.
Process lsass.exe Local Security Authority Process (Microsoft) started consuming 99% of CPU power.
I'm not sure if the high cpu consumption started before, or at the time that I seemed to accidently hit the save button, to save the presentation from the initial load of GMER.

The first time I ran GMER, there was no problem.
I've hardly used the computer, since the Summer of 2009. And very little, since the original scan.

I finally killed the lsass.exe process, then, Windows Logon Application started consuming 50% of the CPU. Host Process for Windows Services started consuming 40% to 49% of the cpu, when I loaded the Services

I could not find this lsass.exe process in the computer's Services Control screen.
Peer functions are all disabled.

GMER Scan Log - January 31, 2010
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 18:03:20
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\me\AppData\Local\Temp\pxldypoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp socketlock.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\tdx \Device\RawIp6 socketlock.sys
Device \Driver\tdx \Device\Tcp6 socketlock.sys
Device \Driver\tdx \Device\Tdx socketlock.sys
Device \Driver\tdx \Device\Udp socketlock.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\tdx \Device\RawIp socketlock.sys
Device \Driver\tdx \Device\Udp6 socketlock.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

From the efforts of Friday night...
2nd Blue Screen - BSOD
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 10000050
BCP1: A805800B
BCP2: 00000000
BCP3: 9CE47F60
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini041010-02.dmp
C:\Users\me\AppData\Local\Temp\WER-43820-0.sysdata.xml
C:\Users\me\AppData\Local\Temp\WERCD1D.tmp.version.txt

I gave up on this session of GMER

I had other issues with Comodo Internet Security, and uninstalled it.
On re-boot, I was able to access a forum that I had been unable to get into.
After loading a handful of threads, I got the "server not found" error page, and could no longer load threads.

OTL
OTL logfile created on: 4/10/2010 2:50:27 AM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\me\Desktop\Tech\Applications
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.23 Gb Total Space | 30.93 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.88% Space Free | Partition Type: NTFS
Drive E: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 15.41 Mb Total Space | 15.41 Mb Free Space | 100.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 78.24 Mb Total Space | 71.09 Mb Free Space | 90.86% Space Free | Partition Type: FAT

Computer Name: ME-PC
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/31 16:40:11 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\Tech\Applications\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/12/12 01:02:14 | 000,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/12/12 01:02:12 | 003,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/12/12 01:01:26 | 002,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/09/07 13:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 13:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/04/27 19:35:28 | 000,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/14 11:35:36 | 000,124,488 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 16:40:11 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\Tech\Applications\OTL.exe
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (gupdate1c98d2b2e13c40e) Google Update Service (gupdate1c98d2b2e13c40e)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/12 01:02:14 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/09/07 13:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 16:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/14 03:40:52 | 000,593,920 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/07/11 09:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/13 01:23:18 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 01:23:18 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/05 12:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/09/14 15:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.6
FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/31 22:54:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/31 22:54:47 | 000,000,000 | ---D | M]

[2010/01/31 01:17:26 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Extensions
[2010/04/09 01:23:04 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/03/02 21:13:01 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/03/02 23:09:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/02 21:12:59 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{69574B2C-CFBB-469f-9E09-90DCEEBAAC9D}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/02 21:13:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{91F18F4A-F54E-11DA-87E0-B9A0C6649067}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{A4BD3865-2EAB-456F-8CC5-94616F8F65D3}
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2010/03/02 21:13:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/03/02 21:13:01 | 000,000,000 | ---D | M] (QuickNote) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/23 04:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/03 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\content
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\defaults
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\locale
[2009/11/22 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles(392)\bhl7uhbf.default\extensions
[2009/08/12 23:28:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles(392)\bhl7uhbf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/31 01:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/31 22:50:34 | 000,619,896 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 207 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cp...ddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} http://91.199.104.31...ActiveQscan.cab (Confirmation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 205.167.142.102
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents\2 Photos\1 Edited Images\North Pole SunSet.jpg
O24 - Desktop BackupWallPaper: C:\Documents\2 Photos\1 Edited Images\North Pole SunSet.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Users\me\Desktop\Tech\procexp.exe (Sysinternals)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/28 15:38:42 | 000,001,046 | ---- | M] () - V:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2008/01/10 05:55:48 | 000,001,046 | ---- | M] () - V:\autoexec.bat -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/20 04:21:18 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/09 20:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/09 03:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/09 03:49:31 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/09 03:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/09 03:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/06/06 14:01:16 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll

========== Files - Modified Within 14 Days ==========

[2010/04/10 02:50:33 | 003,145,728 | ---- | M] () -- C:\Users\me\ntuser.dat
[2010/04/10 02:38:36 | 000,734,432 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/10 02:38:36 | 000,625,820 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/10 02:38:36 | 000,113,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/10 02:34:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 02:34:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 02:33:27 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/10 02:33:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/10 02:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/10 02:33:08 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/10 01:31:39 | 000,320,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/10 01:29:46 | 000,524,288 | -HS- | M] () -- C:\Users\me\ntuser.dat{aa33bf11-150d-11df-8243-001d09b41017}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 01:29:46 | 000,065,536 | -HS- | M] () -- C:\Users\me\ntuser.dat{aa33bf11-150d-11df-8243-001d09b41017}.TM.blf
[2010/04/10 01:29:44 | 002,486,453 | -H-- | M] () -- C:\Users\me\AppData\Local\IconCache.db
[2010/04/10 01:21:22 | 000,000,817 | ---- | M] () -- C:\prefs.js
[2010/04/10 01:09:28 | 000,083,224 | ---- | M] () -- C:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/10 00:13:37 | 001,117,857 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/04/09 20:23:16 | 000,000,130 | ---- | M] () -- C:\Windows\cfplogvw.INI

========== Files Created - No Company Name ==========

[2010/04/10 01:21:22 | 000,000,817 | ---- | C] () -- C:\prefs.js
[2010/04/09 03:46:09 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/08 03:51:07 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009/07/18 22:19:08 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2008/08/10 18:06:19 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008/06/29 16:23:58 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/05/25 18:32:04 | 000,000,428 | ---- | C] () -- C:\Users\me\AppData\Roaming\testtool.ini
[2008/05/11 18:38:17 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.INI
[2008/05/04 11:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/04/24 15:59:10 | 000,024,227 | ---- | C] () -- C:\Users\me\AppData\Roaming\UserTile.png
[2008/04/07 15:10:31 | 000,007,291 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/29 04:22:25 | 000,003,712 | ---- | C] () -- C:\Windows\System32\socketlock.sys
[2008/03/27 00:09:12 | 000,000,164 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/25 12:34:41 | 000,007,944 | ---- | C] () -- C:\Users\me\AppData\Local\d3d9caps.dat
[2008/03/24 20:24:16 | 000,040,448 | ---- | C] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/10 09:13:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/10 09:13:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/10 09:13:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/10 01:49:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/10/10 03:45:20 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Image Zone Express
[2008/09/06 22:14:45 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\ImgBurn
[2009/09/05 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\IObit
[2008/03/25 13:08:18 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Opera
[2008/04/24 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\PeerNetworking
[2008/04/10 14:53:17 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Printer Info Cache
[2009/03/30 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\QuickScan
[2008/11/29 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\SecondLife
[2008/03/24 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Smith Micro
[2008/04/16 13:37:24 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\tmp
[2008/05/25 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\uTorrent
[2008/04/01 23:37:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\WinPatrol
[2010/04/10 01:29:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/01/10 08:59:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/10 09:00:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/01/10 09:00:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/01/10 08:59:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/01/10 08:59:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/03/30 10:51:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/30 10:51:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/30 10:51:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/30 10:51:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/12 01:01:24 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/19 02:33:59 | 001,208,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\comsvcs.dll
[2008/01/19 02:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 02:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


  • 0

Advertisements

#2
Resistor
Posted 30 April 2010 - 07:53 PM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
After 3 weeks and 69 views, no replies ...
Does this mean that there is no one with any ideas or suggestions?

I started this thread in the Windows Vista forum, but at some point was moved to this forum.

I'm aware of the rules for bumping my own thread, and considered asking help in another forum. None seemed appropriate, though.

While this site has a good reputation, if there is no solution here, I'll thank you kindly, and move on.
  • 0

#3
SweetTech
Posted 01 May 2010 - 02:40 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


If you still require assistance with getting your computer cleaned up please include a new OTL log, a new GMER log, and an update on the status of how your computer is currently operating.


Thanks,
SweetTech.
  • 0

#4
Resistor
Posted 03 May 2010 - 12:16 AM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, SweetTech.
Mighty pleased to meet you, too.
I can only imagine the demands on you and your compatriots, in dealing with so many issues.

The OTL & GMER files are pasted below, from the Dell (laptop).

The computer seems to work fine, except that, when I booted up, there was an unusual light blue screen, with Ease of Access options. I fixed that through the utility settings, then went into the BIOS, and changed a setting, for a faster boot up.

I use a wizmo widget to reboot, and to shut down. After closing most all windows except windows explorer, I hit the wizmo shutdown widget. After a minute, I noticed the system seemed frozen, the cpu usage was up, and I could not access the start menu, nor re-load system internals task manager. I couldn't turn it off, unless I held the power button for 10 seconds.

Otherwise, I cannot no longer get on the internet, at all. I have apparent connectivity to the router, but not from the router to the web. I suspect this is a setting.

I do not know if the present issue has been resolved, by the detection and removal of the rootkit.
I'm hopeful, but not optimistic.

If one web site would open, I would expect all to open. Some web sites load, some don't.

There is general consistency of this behavior, other than when I removed Comodo Internet Security. Upon removal of Comodo, I checked a forum that usually gave the "server not found" message, and the site opened. I loaded a half-dozen threads, before the site would no longer load.
Then, I got the "server not found" message, again.

I installed and updated Avast. Avast detected (today-Sunday) a root kit, that it did not detect, when I installed it. I deleted it, per the Avast recommendation.
Then, I cleaned the registry and rebooted.

Using the same router connection, this Acer laptop goes anywhere on the web, that I choose.

Here are the logs, as requested: :)



OTL logfile created on: 5/2/2010 11:48:15 PM
OTL logfile created on: 5/2/2010 11:48:15 PM - Run 3
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\me\Desktop\Tech\Applications
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.23 Gb Total Space | 28.30 Gb Free Space | 35.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.68 Gb Free Space | 56.76% Space Free | Partition Type: NTFS
Drive E: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.89 Gb Total Space | 1.89 Gb Free Space | 100.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 78.24 Mb Total Space | 71.09 Mb Free Space | 90.86% Space Free | Partition Type: FAT

Computer Name: DELL
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/14 11:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/31 16:40:11 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\Tech\Applications\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 10:52:54 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/01/19 02:33:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/12/12 01:02:14 | 000,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/12/12 01:02:12 | 003,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/12/12 01:01:26 | 002,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/09/07 13:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 13:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/04/27 19:35:28 | 000,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe
PRC - [2007/02/14 11:35:36 | 000,124,488 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2005/04/05 09:26:20 | 000,456,208 | ---- | M] (Sysinternals) -- C:\Users\me\Desktop\Tech\procexp.exe
PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 16:40:11 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\Tech\Applications\OTL.exe
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/10/26 11:06:56 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (gupdate1c98d2b2e13c40e) Google Update Service (gupdate1c98d2b2e13c40e)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/12 01:02:14 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/09/07 13:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 16:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/14 03:40:52 | 000,593,920 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/07/11 09:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/13 01:23:18 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 01:23:18 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/05 12:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/09/14 15:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.6
FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 21:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/10 21:23:04 | 000,000,000 | ---D | M]

[2010/01/31 01:17:26 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Extensions
[2010/05/02 22:21:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/03/02 21:13:01 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/03/02 23:09:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/02 21:12:59 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{69574B2C-CFBB-469f-9E09-90DCEEBAAC9D}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/02 21:13:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{91F18F4A-F54E-11DA-87E0-B9A0C6649067}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{A4BD3865-2EAB-456F-8CC5-94616F8F65D3}
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2010/03/02 21:13:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/03/02 21:13:01 | 000,000,000 | ---D | M] (QuickNote) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/23 04:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/03 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\content
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\defaults
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\locale
[2009/11/22 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles(392)\bhl7uhbf.default\extensions
[2009/08/12 23:28:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles(392)\bhl7uhbf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/31 01:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/31 22:50:34 | 000,619,896 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 207 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cp...ddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} http://91.199.104.31...ActiveQscan.cab (Confirmation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents\2 Photos\1 Edited Images\North Pole SunSet.jpg
O24 - Desktop BackupWallPaper: C:\Documents\2 Photos\1 Edited Images\North Pole SunSet.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Users\me\Desktop\Tech\procexp.exe (Sysinternals)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/28 15:38:42 | 000,001,046 | ---- | M] () - V:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2008/01/10 05:55:48 | 000,001,046 | ---- | M] () - V:\autoexec.bat -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/20 04:21:18 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2008/06/06 14:01:16 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll

========== Files - Modified Within 14 Days ==========

[2010/05/02 23:50:30 | 003,145,728 | ---- | M] () -- C:\Users\me\ntuser.dat
[2010/05/02 23:24:37 | 000,734,432 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/02 23:24:37 | 000,625,820 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/02 23:24:37 | 000,113,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/02 23:20:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 23:20:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 23:20:15 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/05/02 23:20:11 | 000,328,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/02 23:20:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 23:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 23:19:49 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 23:03:31 | 000,524,288 | -HS- | M] () -- C:\Users\me\ntuser.dat{aa33bf11-150d-11df-8243-001d09b41017}.TMContainer00000000000000000001.regtrans-ms
[2010/05/02 23:03:31 | 000,065,536 | -HS- | M] () -- C:\Users\me\ntuser.dat{aa33bf11-150d-11df-8243-001d09b41017}.TM.blf
[2010/05/02 23:03:29 | 004,834,089 | -H-- | M] () -- C:\Users\me\AppData\Local\IconCache.db
[2010/05/02 20:49:22 | 000,005,891 | ---- | M] () -- C:\Windows\System32\DModem_Trace.trc

========== Files Created - No Company Name ==========

[2010/02/08 03:51:07 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009/07/18 22:19:08 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2008/08/10 18:06:19 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008/06/29 16:23:58 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/05/25 18:32:04 | 000,000,428 | ---- | C] () -- C:\Users\me\AppData\Roaming\testtool.ini
[2008/05/11 18:38:17 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.INI
[2008/05/04 11:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/04/24 15:59:10 | 000,024,227 | ---- | C] () -- C:\Users\me\AppData\Roaming\UserTile.png
[2008/04/07 15:10:31 | 000,007,291 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/29 04:22:25 | 000,003,712 | ---- | C] () -- C:\Windows\System32\socketlock.sys
[2008/03/27 00:09:12 | 000,000,164 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/25 12:34:41 | 000,007,944 | ---- | C] () -- C:\Users\me\AppData\Local\d3d9caps.dat
[2008/03/24 20:24:16 | 000,040,448 | ---- | C] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/10 09:13:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/10 09:13:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/10 09:13:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/10 01:49:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/10/10 03:45:20 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Image Zone Express
[2008/09/06 22:14:45 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\ImgBurn
[2009/09/05 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\IObit
[2008/03/25 13:08:18 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Opera
[2008/04/24 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\PeerNetworking
[2008/04/10 14:53:17 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Printer Info Cache
[2009/03/30 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\QuickScan
[2008/11/29 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\SecondLife
[2008/03/24 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Smith Micro
[2008/04/16 13:37:24 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\tmp
[2008/05/25 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\uTorrent
[2008/04/01 23:37:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\WinPatrol
[2010/05/02 23:03:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/01/10 08:59:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/10 09:00:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/01/10 09:00:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/01/10 08:59:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/01/10 08:59:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/03/30 10:51:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/30 10:51:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/30 10:51:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/30 10:51:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/12 01:01:24 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/19 02:33:59 | 001,208,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\comsvcs.dll
[2008/01/19 02:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 02:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


GMER 1.0.15.15281 - Rootkit scan 2010-05-03 00:23
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 00:23:52
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\me\AppData\Local\Temp\fxldapod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x937A650A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x937A632E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x937A6468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 81D73AD2 7 Bytes JMP 937A646C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81DE39F8 5 Bytes JMP 937A24AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 81E4C357 5 Bytes JMP 937A397E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 81E4D157 7 Bytes JMP 937A6332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81E981FA 7 Bytes JMP 937A650E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 A004903F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 A0049130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F A0049137 2214 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 A00499DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2436 A0049A0E 44 Bytes [05, 00, 00, 39, 54, 8D, D0, ...]
PAGE ...
? C:\Windows\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp socketlock.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\tdx \Device\RawIp6 socketlock.sys
Device \Driver\tdx \Device\Tcp6 socketlock.sys
Device \Driver\tdx \Device\Tdx socketlock.sys
Device \Driver\tdx \Device\Udp socketlock.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\tdx \Device\RawIp socketlock.sys
Device \Driver\tdx \Device\Udp6 socketlock.sys
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by SweetTech, 03 May 2010 - 12:20 PM.
remove [quote] tags. -- ST.

  • 0

#5
SweetTech
Posted 03 May 2010 - 12:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

"I installed and updated Avast. Avast detected (today-Sunday) a root kit, that it did not detect, when I installed it. I deleted it, per the Avast recommendation.
Then, I cleaned the registry and rebooted."
Could you please check your Avast logs to find out what file was infected as well as the name of the infection detected?

While your doing that I'm looking over your logs right now, and should have instructions for you to complete shortly.

Thanks,
ST.

Edited by SweetTech, 03 May 2010 - 12:23 PM.

  • 0

#6
Resistor
Posted 03 May 2010 - 10:42 PM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, SweetTech.

I liked your avatar, so I loaded its cousin, for my own. :)

Just so you know, I reworded the text in post #4, earlier today, to make it more coherent. It was very close to the time of your post #5.

I've been unable to locate the Avast log file, that clearly shows which file was infected, as well as the name of the infection.

There is a log.db file, but I'm unable to make sense of it.
It is a 26k Data Base File, with Monday's date: 5-3-10.

Then, there was the file with the extension: .suspic
This is the complete result:
{62178D60-F661-4D90-8B41-64865909FE21}.suspic

I looked for the information, based on Sunday's date, as well as any file that looked like a log or .txt file. I also checked sub-folders, in addition to what I could find from within Avast, itself.

I'm open to instructions on where to look, if I missed it.

Edited by Resistor, 03 May 2010 - 10:53 PM.

  • 0

#7
SweetTech
Posted 04 May 2010 - 03:09 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I did see the changes you had made to your post #4. Lets not worry about the avast file for now.

Please proceed with the instructions below.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#8
Resistor
Posted 04 May 2010 - 08:50 PM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
There is more going on, than I suspected.

[edit]
On Reboot, a normal desktop appeared, and navigation seemed normal.

SpywareGuard Browser Protection Alerts: An attempt to change Internet Explorer settings: IE search page changed
from: go.microsoft.com/fwink/?LinkID=54896
to: microsoft.com/isapi/redir.dll?prd=iear=iesearch.
I elected to keep the original value.

I don't know to fear this, or not.

Also: Scotty from WinPatrol reports a new Auto Start up program has been detected. Approve or No?
There is no information at all, to identify this new start up program.
No description, no company name, no icon, nothing. It just wants a yes or no.

I denied the start up. WinPatrol reports:
This setting is in a key location for your operating system. We do not recommend removal, unless you are absolutely sure its causing problems.
So, I allowed the start up program, what ever it was.

The Local Area Connection reported: Enabled, and after I plugged in the DSL cable, it is reporting: Identifying - as in a public network. Status is: Local.

So, I still connect to the router, but can not access the internet.
There is no option to repair it.
I have never known the Windows Operating System to have any competence in Diagnosing anything ...

I still tried it, though. Windows reports:
Windows cannot resolve the problem. Please contact your network administrator or ISP.
[/edit]

The Dell booted to an empty light blue screen, as before.
I think I used Control-Alt-Delete, to get a menu, from which I exited out of the Ease of Use utilities screen.

I've never used the Ease of Use utilities.
Previously, I deleted the check mark, to "Always scan this section".
There was no check mark, on that page, this time.

I have usually had access to the Drudge Report, and is one of the sites I visit, to ensure that nothing has changed.
I am now unable to load the Drudge Report web site.

I have two network connections.
One is "Local Area Connection".
The other is "Wireless Network Connection".

I have connection to the router - Linksys Cable/DSL - EtherFast BEFSR41.
The "Local Area Connection" status reports as: Identifying, and I have no internet access.
When I plug in the DSL cable, the status reports: Local.
On this computer, the status reports: Internet.

The wizmo shutdown widget works normal, again.
I could not exit Avast, so I disabled the functions.

Firefox reported that it was not the default browser.
It should be. I never use Internet Explorer, if I can help it.

Since this problem started, I have used IObit's Advanced SystemCare 3.
I have uninstalled it, due to certain reports ...



Here is the Combofix Report:

ComboFix 10-05-04.03 - me 05/04/2010 20:32:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.1298 [GMT -5:00]
Running from: c:\users\me\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2405252055-3148991795-3519484069-500
C:\prefs.js

.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 01:38 . 2010-05-05 01:38 -------- d-----w- c:\users\me\AppData\Local\temp
2010-05-05 01:38 . 2010-05-05 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-11 05:14 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-11 05:14 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-11 05:13 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-11 05:13 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-11 05:13 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-11 05:12 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-11 05:12 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-11 05:12 . 2010-04-11 05:12 -------- d-----w- c:\programdata\Alwil Software
2010-04-11 01:48 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-11 01:25 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-11 01:25 . 2009-11-09 13:20 8192 ----a-w- c:\windows\system32\iisrstap.dll
2010-04-11 01:25 . 2009-11-09 13:20 153600 ----a-w- c:\windows\system32\iisRtl.dll
2010-04-11 01:25 . 2009-11-09 13:18 51712 ----a-w- c:\windows\system32\admwprox.dll
2010-04-11 01:25 . 2009-11-09 11:21 14848 ----a-w- c:\windows\system32\iisreset.exe
2010-04-11 01:25 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-11 01:25 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-11 01:25 . 2009-11-09 13:23 10752 ----a-w- c:\windows\system32\wamregps.dll
2010-04-11 01:25 . 2009-11-09 13:18 27136 ----a-w- c:\windows\system32\ahadmin.dll
2010-04-11 01:18 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-11 01:18 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-11 01:18 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-04-11 01:18 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-11 01:16 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-11 01:16 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-04-11 01:16 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-11 01:16 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-11 01:16 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-11 01:16 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-11 01:16 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-11 01:16 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-11 01:16 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-04-11 01:15 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-11 01:15 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-11 01:15 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-11 01:15 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-11 01:13 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-11 01:13 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-11 01:13 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-11 01:13 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-11 01:13 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-04-11 01:13 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-11 01:13 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-11 01:13 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-11 01:13 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-11 01:13 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-11 01:13 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-04-11 01:12 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-04-11 01:09 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-11 00:55 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-11 00:55 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-04-11 00:55 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-04-11 00:55 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-11 00:54 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-04-11 00:54 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-04-11 00:54 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-04-11 00:54 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-11 00:54 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-10 01:57 . 2010-04-10 01:57 -------- d-----w- c:\programdata\WindowsSearch
2010-04-09 08:50 . 2010-04-09 08:50 52224 ----a-w- c:\users\me\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-09 08:50 . 2010-04-23 02:32 117760 ----a-w- c:\users\me\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-09 08:49 . 2010-04-09 08:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-09 08:49 . 2010-04-09 19:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-09 08:49 . 2010-04-09 08:49 -------- d-----w- c:\users\me\AppData\Roaming\SUPERAntiSpyware.com
2010-04-09 08:43 . 2010-04-09 08:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 03:19 . 2008-03-25 01:02 83792 ----a-w- c:\users\me\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-04 03:18 . 2008-04-04 19:52 -------- d-----w- c:\users\me\AppData\Roaming\OpenOffice.org2
2010-05-04 03:16 . 2008-04-04 19:54 1 ----a-w- c:\users\me\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-03 04:35 . 2010-02-08 01:03 -------- d-----w- c:\program files\ERUNT
2010-04-11 05:12 . 2008-04-04 03:57 -------- d-----w- c:\program files\Alwil Software
2010-04-11 01:52 . 2008-06-07 05:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-10 05:28 . 2008-03-28 12:16 -------- d-----w- c:\program files\SpywareBlaster
2010-04-10 05:14 . 2008-04-01 11:53 -------- d-----w- c:\program files\Comodo
2010-04-10 05:13 . 2010-02-08 02:45 1117857 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-09 03:10 . 2010-02-08 06:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 06:39 . 2010-04-11 01:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-11 01:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-11 01:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-11 01:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-08 19:39 . 2008-03-25 17:34 7944 ----a-w- c:\users\me\AppData\Local\d3d9caps.dat
2010-02-08 02:31 . 2010-02-08 02:31 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2008-05-26 08:57 . 2008-06-06 19:01 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-01-10 06:47 . 2008-01-10 06:47 80 --sh--r- c:\windows\CT4CET.bin
2008-01-10 14:12 . 2008-01-10 13:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-01-19 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys

[-] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys

[-] 2008-01-19 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys

[-] 2008-01-19 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe

[-] 2008-01-19 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll

[-] 2008-01-19 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll

[-] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

[-] 2008-01-19 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

[-] 2008-01-19 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe

[-] 2008-01-19 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe

[-] 2008-01-19 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll

[-] 2008-01-19 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll

[-] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\System32\es.dll

[-] 2008-01-19 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\System32\imm32.dll

[-] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll

[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll

[-] 2008-01-19 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\System32\lpk.dll

[-] 2010-02-23 . 8D5FB97AE3D30CCDD8C9D8AF447C7D09 . 5944832 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll

[-] 2008-01-19 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\System32\msvcrt.dll

[-] 2008-01-19 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll

[-] 2008-01-19 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll

[-] 2008-01-19 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll

[-] 2008-01-19 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll

[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll

[-] 2008-01-19 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe

[-] 2008-01-19 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll

[-] 2008-01-19 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll

[-] 2008-01-19 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe

[-] 2010-02-23 . EC3B3E6071E3FCD4290BFD42676EE064 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll

[-] 2008-01-19 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll

[-] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\explorer.exe

[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll

[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe

[-] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

[-] 2008-01-19 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll

[-] 2008-01-19 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll

[-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll

[-] 2008-01-19 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll

[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll

[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

[-] 2008-01-19 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll

[-] 2008-01-19 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2007-02-14 124488]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

c:\users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserFolderInStartMenu"= 1 (0x1)
"RestrictWelcomeCenter"= 1 (0x1)
"AlwaysShowClassicMenu"= 1 (0x1)
"DontSetAutoplayCheckbox"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2405252055-3148991795-3519484069-1000]
"EnableNotificationsRef"=dword:00000001

R3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys [2007-04-19 225280]
R3 PAC7311;VGA USB Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2006-11-08 530304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SIWIO;SIWIO; [x]
R3 VReadMemDriver;VReadMemDriver;c:\windows\system32\drivers\vreadmem.sys [2008-04-02 3189]
R4 gupdate1c98d2b2e13c40e;Google Update Service (gupdate1c98d2b2e13c40e); [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
S2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2008-03-29 3712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: {B7ACB803-79B2-4C72-B9D0-F683697E4FB7} = 208.67.222.222,208.67.220.220
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 9.26\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 9.26\program\plugins\NPSWF32_back.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 20:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\me\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Completion time: 2010-05-04 20:43:07
ComboFix-quarantined-files.txt 2010-05-05 01:43

Pre-Run: 28,654,383,104 bytes free
Post-Run: 28,627,009,536 bytes free

- - End Of File - - E465EAC7ED1FD39333909FEDAC40C8F0

.

Edited by Resistor, 04 May 2010 - 09:55 PM.

  • 0

#9
SweetTech
Posted 05 May 2010 - 02:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please Set Your System to Show Hidden Files
  • Please go to Start -> Computer
  • Click on Posted Image
  • Click on Posted Image
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.


NEXT:



VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following file: c:\windows\System32\userinit.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please repeat the above process for these files below:

c:\windows\System32\winlogon.exe
c:\windows\explorer.exe
c:\windows\System32\lsass.exe

Please post the results in your next reply
  • 0

#10
Resistor
Posted 05 May 2010 - 08:31 PM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
SweetTech, what is the best way to proceed?

Since I cannot connect to the internet, would it be acceptable to copy those file from the Dell to the Acer, and then visit VirusTotal?

If so, I could copy those files to an SD card, and then send them to VirusTotal, from the SD card.


Result from today's boot up:

There was another notice that IE search had changed from user to none.
WinPatrol reports a new Windows Service has been installed: appmgmts.dll
I allowed.

Windows task manager opens, instead of Process Explorer.
I restored Process Explorer.

Local area connection reports "Identifying", connected to the router, but no web access.

Edited by Resistor, 05 May 2010 - 08:34 PM.

  • 0

Advertisements

#11
SweetTech
Posted 06 May 2010 - 02:14 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Did your internet stop working after running ComboFix? Have you tried to reboot your computer to see if that solves the no internet access?
  • 0

#12
Resistor
Posted 06 May 2010 - 10:36 AM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The entire problem has been one of connectivity.
This started in the Summer of 2009.

The Dell was working fine.
I updated Windows Vista, and un-intentionally acquired IE 8.
I also installed Firefox 3.5.

That is when the problems started.

Some sites would load, some sites would not load.
That is how I selected the topic, to start the thread.

There was consistency in behavior.


As per my post #4, on May 3, 2010:

Otherwise, I cannot no longer get on the internet, at all.
I have apparent connectivity to the router, but not from the router to the web.
I suspect this is a setting.

I do not know if the present issue has been resolved, by the detection and removal of the rootkit.
I'm hopeful, but not optimistic.


I am wondering if the root kit that Avast detected, might have been a false positive.

There was no apparent problem, in the Summer of 2009.
That is when I updated Windows Vista, & upgraded to Firefox 3.5.

I do not think there is malware, on the computer.

I continue to suspect settings, or components of the operating system.

Edited by Resistor, 06 May 2010 - 10:41 AM.

  • 0

#13
SweetTech
Posted 06 May 2010 - 01:08 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I would like for you to reset your router to see if that helps out with any of the issues. Please make sure you let me know in your next post.

Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.
  • 0

#14
Resistor
Posted 06 May 2010 - 10:32 PM

Resistor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
SweetTech,

I appreciate your attempting to help me.

Though, it seems that you do not understand the problem, as I presented it, in my post #1. Here is part of the original post:

I cannot access many of my book-marked sites. The url's are good.
I can access a few sites, including Google, The Drudge Report and Geeks to Go.
From a search, it is hit or miss, whether any individual link will take me to the respective site.

A WIFI connection provided normal access.

The problem affects [only the Dell notebook, on] DSL connections, as well as a 2-way satellite connection, with a phone line for upload, and the satellite for download.


The satellite connection was in a neighboring State.
The problem also affected a dial-up connection, also in a neighboring state.

The problem is with the Dell notebook, on all connections, other than public wifi connections.
The Dell notebook works well, on public wifi connections.

The Dell notebook was my primary computer, to access the internet.

The Acer notebook was my backup computer.
The Acer notebook works well, on all connections.
The Dell does not.

I am using the Acer notebook, to talk with you, on these forums.


I am reluctant to re-set the router, for several reasons:

1. I do not believe the router to be the problem.
2. I do not own the router. I am not the only one using the router.
3. The problem does not affect the Acer notebook.
4. The problem is limited to the Dell notebook.
5. The Dell notebook has completely lost all access to the internet.
6. The Acer notebook works well, on the same cable to the router.

Again, I do not think there is malware, on the computer.

I continue to suspect settings on the Dell notebook.
Or, corrupt components of the operating system, on the Dell notebook.

And, I hope to avoid reformatting, and reinstalling the operating system.

Many have reported this problem, after installing Firefox 3.5.
Firefox has not acknowledged that the problem originated from the Firefox download site, nor Firefox version 3.5.

Of course, there are many more installations of this version of Firefox, that have not experienced the problem.

While others have experienced the problem,
I am not aware of any discovered solutions.

My appearance on these forums, is a final act of desperation, before reinstalling the vista operating system.

If I had the time for the steep learning curve of Linux, that would be the way to go ...
  • 0

#15
myrti
Posted 10 May 2010 - 04:43 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

Sweettech is currently unavailable and I'm taking over his logs. How are things? Unchanged I guess.

You said that the problem originally started with installing IE8 and Firefox3.5, what were you using before? Have you tried uninstalling IE8 and FF.

Since you believe the problem to be software related, have you tried using system restore at the time?

I would like to reset your hosts file and flush your DNS and see if that helps:
Have them flush DNS and repair Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click and select Run as Administrator on the flush.bat file to run it.

regards myrti
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP