Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unknown Malware

Started by aaron587 , May 07 2011 11:43 AM

Please log in to reply

#1
aaron587

Posted 07 May 2011 - 11:43 AM

Member

Member
25 posts

Hi everyone,

First off thanks for all the great work you guys do here. Anyways here's the situation. This is my mom's laptop which is likely full of viruses (which ones i have no idea). She plays a lot of social games (farmville, petville, etc) and has undoubtedly clicked on many malicious links. Her email has been infected and spams to her contact list and her computer lags very badly. Sorry i can't be more specific. Thanks in advance!

OTL logfile created on: 5/7/2011 10:30:50 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin-do not use\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 64.91 Gb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.87% Space Free | Partition Type: FAT32

Computer Name: YOUR-555E3BEF9C | User Name: Admin-do not use | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 10:30:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin-do not use\My Documents\Downloads\OTL.exe
PRC - [2011/04/30 11:23:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.YOUR-555E3BEF9C\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/03/15 15:59:40 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 10:34:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 15:13:08 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/03 12:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/16 13:41:17 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:41:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:39:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 12:09:13 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/05/23 20:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2005/12/27 11:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/11/05 08:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 10:30:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin-do not use\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/05 08:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/16 13:41:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2006/11/21 12:09:13 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/05/05 15:20:01 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 13:40:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/13 12:46:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/18 16:14:56 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV - [2009/07/18 16:14:36 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV - [2009/07/18 16:14:32 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNSP.sys -- (PTUMWNSP)
DRV - [2009/07/18 16:14:28 | 000,114,192 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV - [2009/07/18 16:14:16 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV - [2009/07/18 16:14:08 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV - [2009/07/18 16:14:04 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCSP.sys -- (PTUMWCSP)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/15 16:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 20:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/22 17:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 18:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 18:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=MX6959

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX6959
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:35:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/26 00:54:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:24:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 17:32:18 | 000,000,000 | ---D | M]

[2011/05/07 10:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin-do not use\Application Data\Mozilla\Extensions
[2011/05/07 10:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin-do not use\Application Data\Mozilla\Firefox\Profiles\j64vit5d.default\extensions
[2011/05/07 10:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin-do not use\Application Data\Mozilla\Firefox\Profiles\j64vit5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 10:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin-do not use\Application Data\Mozilla\Firefox\Profiles\j64vit5d.default\extensions\staged-xpis
[2009/11/20 01:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/24 10:35:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/10/26 00:54:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\My Documents\Downloads
[2011/05/07 10:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Macromedia
[2011/05/07 10:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Adobe
[2011/05/07 10:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\AVG Security Toolbar
[2011/05/07 10:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\Mozilla
[2011/05/07 10:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Mozilla
[2011/04/16 21:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Apple Computer
[2011/04/16 21:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\Apple Computer
[2011/04/16 21:41:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft
[2011/04/16 21:41:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin-do not use\SendTo
[2011/04/16 21:41:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin-do not use\Recent
[2011/04/16 21:41:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin-do not use\Application Data
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\Startup
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\Start Menu
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\My Documents\My Pictures
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\My Documents\My Music
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\My Documents
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\Favorites
[2011/04/16 21:41:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\Accessories
[2011/04/16 21:41:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin-do not use\Cookies
[2011/04/16 21:41:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin-do not use\Templates
[2011/04/16 21:41:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin-do not use\PrintHood
[2011/04/16 21:41:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin-do not use\NetHood
[2011/04/16 21:41:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\You've Got Pictures Screensaver
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\WINDOWS
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\Wildtangent
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\System Recovery
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\SampleView
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\Microsoft
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Intel
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Application Data\Identities
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\Google
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Desktop
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\ApplicationHistory
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\America Online
[2011/04/16 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin-do not use\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 10:28:16 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1600235818-4258184071-1634653983-1006UA.job
[2011/05/07 10:27:00 | 075,688,043 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/05/07 10:20:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 10:20:42 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 15:20:01 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/05/01 11:28:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1600235818-4258184071-1634653983-1006Core.job
[2011/04/19 21:01:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/16 21:41:57 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 21:41:52 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Admin-do not use\Desktop\Windows Media Player.lnk
[2011/04/16 21:41:50 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/04/15 06:50:47 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 23:34:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 23:32:22 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 23:32:22 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/16 21:41:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\Windows Media Player.lnk
[2011/04/16 21:41:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Desktop\Windows Media Player.lnk
[2011/04/16 21:41:38 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/04/16 21:41:37 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/04/16 21:41:37 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/04/16 21:41:37 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 21:41:37 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2011/04/16 21:41:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/04/16 21:41:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/16 21:41:35 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\Remote Assistance.lnk
[2011/04/16 21:41:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\Internet Explorer.lnk
[2011/04/16 21:41:35 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Admin-do not use\Start Menu\Programs\Outlook Express.lnk
[2009/05/02 20:28:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 17:49:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/21 12:14:41 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/21 12:06:37 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/21 12:04:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/11/21 12:01:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/11/21 12:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin-do not use\Application Data\SampleView
[2010/06/12 12:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/12 12:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 16:01:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/13 17:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/11/21 12:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/13 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/18 17:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/02/13 18:41:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2009/02/13 18:41:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 08 May 2011 - 10:12 PM

Malware Expert

Expert
24,624 posts

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Do not run Combofix yet!

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

AVG 9 is obsolete anyway. Let's replace it with the free Avast.
Replace with the free Avast!
http://www.avast.com...ivirus-download

Download and Save it to your desktop but don't install it until after you run Combofix.

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Now install Avast.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron

#3
aaron587

Posted 09 May 2011 - 01:24 AM

Member

Topic Starter
Member
25 posts

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6534

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/8/2011 10:35:34 PM
mbam-log-2011-05-08 (22-35-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 236044
Time elapsed: 50 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 11-05-08.04 - Admin-do not use 05/08/2011 23:13:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.528 [GMT -7:00]
Running from: c:\documents and settings\Admin-do not use\Desktop\george.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin-do not use\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner.YOUR-555E3BEF9C\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 06:05 . 2011-05-09 06:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-09 06:00 . 2011-05-09 06:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-09 05:59 . 2011-05-09 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-09 05:59 . 2011-05-09 05:59 -------- d-----w- c:\program files\AVAST Software
2011-05-09 04:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 04:43 . 2011-05-09 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 04:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-17 04:41 . 2011-05-09 06:16 -------- d-----w- c:\documents and settings\Admin-do not use
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-06-17 09:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2006-06-17 09:23 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-06-17 09:23 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2006-06-17 09:23 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2006-06-17 09:23 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2006-06-17 09:23 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-06-17 09:23 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-06-17 09:23 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 00:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-06-17 09:23 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-06-17 09:23 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33 . 2006-06-17 09:23 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-06-17 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-11-21 18:58 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-08-02 08:32 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-08-02 08:38 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2011 11:00 PM 136176]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [10/3/2010 4:10 PM 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [10/3/2010 4:10 PM 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [10/3/2010 4:10 PM 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [10/3/2010 4:10 PM 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [10/3/2010 4:10 PM 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [10/3/2010 4:10 PM 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [10/3/2010 4:10 PM 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - GUPDATE
*Deregistered* - avast! Antivirus
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 06:00]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 06:00]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1600235818-4258184071-1634653983-1006Core.job
- c:\documents and settings\Owner.YOUR-555E3BEF9C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-25 07:24]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1600235818-4258184071-1634653983-1006UA.job
- c:\documents and settings\Owner.YOUR-555E3BEF9C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-25 07:24]
.
2009-02-14 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
2009-02-14 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin-do not use\Application Data\Mozilla\Firefox\Profiles\j64vit5d.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c13dec3&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 23:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-08 23:19:02
ComboFix-quarantined-files.txt 2011-05-09 06:18
.
Pre-Run: 69,498,122,240 bytes free
Post-Run: 70,882,762,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CBCB08940371ACF2E93AEB1707D69FAC

***Fix button was enabled for aswMBR after scan***
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-09 00:20:53
-----------------------------
00:20:53.468 OS Version: Windows 5.1.2600 Service Pack 3
00:20:53.468 Number of processors: 2 586 0xF06
00:20:53.468 ComputerName: YOUR-555E3BEF9C UserName:
00:20:53.968 Initialize success
00:21:09.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:21:09.765 Disk 0 Vendor: WDC_WD10 01.0 Size: 95396MB BusType: 3
00:21:09.781 Disk 0 MBR read successfully
00:21:09.781 Disk 0 MBR scan
00:21:09.781 Disk 0 unknown MBR code
00:21:09.781 Disk 0 scanning sectors +195350400
00:21:09.812 Disk 0 scanning C:\WINDOWS\system32\drivers
00:21:17.265 Service scanning
00:21:18.453 Disk 0 trace - called modules:
00:21:18.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IASTOR.SYS
00:21:18.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dc84a0]
00:21:18.484 3 CLASSPNP.SYS[f75defd7] -> nt!IofCallDriver -> \Device\000000a3[0x86d58308]
00:21:18.484 5 ACPI.sys[f73d5620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d73030]
00:21:18.484 Scan finished successfully
00:22:17.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin-do not use\Desktop\MBR.dat"
00:22:17.437 The log file has been saved successfully to "C:\Documents and Settings\Admin-do not use\Desktop\aswMBR_log.txt"

#4
RKinner

Posted 09 May 2011 - 01:36 AM

Malware Expert

Expert
24,624 posts

If the Fix button (and not the FixMBR button) was enabled then run aswmbr again and press the Fix button.

Then run TDSSKiller just to make sure:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then Run it.
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

PS Going to bed now.

#5
aaron587

Posted 09 May 2011 - 04:13 PM

Member

Topic Starter
Member
25 posts

Sorry, the fix button was not enabled but the FixMBR button was. Anyhow i still ran the TDSSkiller

2011/05/09 09:49:53.0093 2428 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/09 09:49:53.0812 2428 ================================================================================
2011/05/09 09:49:53.0812 2428 SystemInfo:
2011/05/09 09:49:53.0812 2428
2011/05/09 09:49:53.0812 2428 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/09 09:49:53.0812 2428 Product type: Workstation
2011/05/09 09:49:53.0812 2428 ComputerName: YOUR-555E3BEF9C
2011/05/09 09:49:53.0812 2428 UserName: Admin-do not use
2011/05/09 09:49:53.0812 2428 Windows directory: C:\WINDOWS
2011/05/09 09:49:53.0812 2428 System windows directory: C:\WINDOWS
2011/05/09 09:49:53.0812 2428 Processor architecture: Intel x86
2011/05/09 09:49:53.0812 2428 Number of processors: 2
2011/05/09 09:49:53.0812 2428 Page size: 0x1000
2011/05/09 09:49:53.0812 2428 Boot type: Normal boot
2011/05/09 09:49:53.0812 2428 ================================================================================
2011/05/09 09:49:54.0296 2428 Initialize success
2011/05/09 09:50:06.0390 2560 ================================================================================
2011/05/09 09:50:06.0390 2560 Scan started
2011/05/09 09:50:06.0390 2560 Mode: Manual;
2011/05/09 09:50:06.0390 2560 ================================================================================
2011/05/09 09:50:06.0781 2560 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/09 09:50:06.0828 2560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/09 09:50:06.0875 2560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/09 09:50:06.0890 2560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/09 09:50:06.0921 2560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/09 09:50:06.0968 2560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/09 09:50:07.0015 2560 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/09 09:50:07.0078 2560 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/09 09:50:07.0109 2560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/09 09:50:07.0156 2560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/09 09:50:07.0187 2560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/09 09:50:07.0203 2560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/09 09:50:07.0234 2560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/09 09:50:07.0265 2560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/09 09:50:07.0281 2560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/09 09:50:07.0312 2560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/09 09:50:07.0328 2560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/09 09:50:07.0390 2560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/09 09:50:07.0421 2560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/09 09:50:07.0437 2560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/09 09:50:07.0468 2560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/09 09:50:07.0546 2560 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/09 09:50:07.0578 2560 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/09 09:50:07.0609 2560 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/09 09:50:07.0828 2560 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/09 09:50:07.0906 2560 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/09 09:50:07.0953 2560 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/09 09:50:07.0984 2560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/09 09:50:08.0015 2560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/09 09:50:08.0078 2560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/09 09:50:08.0140 2560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/09 09:50:08.0187 2560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/09 09:50:08.0359 2560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/09 09:50:08.0390 2560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/09 09:50:08.0406 2560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/09 09:50:08.0437 2560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/09 09:50:08.0453 2560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/09 09:50:08.0515 2560 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/09 09:50:08.0703 2560 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/09 09:50:08.0718 2560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/09 09:50:08.0781 2560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/09 09:50:08.0812 2560 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/09 09:50:08.0828 2560 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/09 09:50:08.0875 2560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/09 09:50:08.0906 2560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/09 09:50:08.0921 2560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/09 09:50:08.0953 2560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/09 09:50:09.0031 2560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/09 09:50:09.0093 2560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/09 09:50:09.0125 2560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/09 09:50:09.0156 2560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/09 09:50:09.0187 2560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/09 09:50:09.0218 2560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/09 09:50:09.0281 2560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/09 09:50:09.0343 2560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/09 09:50:09.0359 2560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/09 09:50:09.0390 2560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/09 09:50:09.0421 2560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/09 09:50:09.0453 2560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/09 09:50:09.0468 2560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/09 09:50:09.0531 2560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/09 09:50:09.0703 2560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/09 09:50:09.0750 2560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/09 09:50:09.0781 2560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/09 09:50:09.0796 2560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/09 09:50:09.0843 2560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/09 09:50:09.0875 2560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/09 09:50:09.0921 2560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/09 09:50:09.0953 2560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/09 09:50:10.0062 2560 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/09 09:50:10.0156 2560 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
2011/05/09 09:50:10.0203 2560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/09 09:50:10.0250 2560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/09 09:50:10.0281 2560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/09 09:50:10.0328 2560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/09 09:50:10.0515 2560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/09 09:50:10.0562 2560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/09 09:50:10.0609 2560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/09 09:50:10.0656 2560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/09 09:50:10.0703 2560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/09 09:50:10.0750 2560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/09 09:50:10.0781 2560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/09 09:50:10.0828 2560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/09 09:50:10.0843 2560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/09 09:50:10.0875 2560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/09 09:50:10.0953 2560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/09 09:50:11.0062 2560 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/09 09:50:11.0234 2560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/09 09:50:11.0281 2560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/09 09:50:11.0312 2560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/09 09:50:11.0328 2560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/09 09:50:11.0359 2560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/09 09:50:11.0375 2560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/09 09:50:11.0406 2560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/09 09:50:11.0484 2560 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/09 09:50:11.0531 2560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/09 09:50:11.0578 2560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/09 09:50:11.0609 2560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/09 09:50:11.0640 2560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/09 09:50:11.0687 2560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/09 09:50:11.0718 2560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/09 09:50:11.0750 2560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/09 09:50:11.0796 2560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/09 09:50:11.0859 2560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/09 09:50:11.0890 2560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/09 09:50:11.0921 2560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/09 09:50:11.0968 2560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/09 09:50:12.0015 2560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/09 09:50:12.0328 2560 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/05/09 09:50:12.0359 2560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/09 09:50:12.0421 2560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/09 09:50:12.0468 2560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/09 09:50:12.0546 2560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/09 09:50:12.0593 2560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/09 09:50:12.0609 2560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/09 09:50:12.0640 2560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/09 09:50:12.0687 2560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/09 09:50:12.0718 2560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/09 09:50:12.0750 2560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/09 09:50:12.0781 2560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/09 09:50:12.0828 2560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/09 09:50:12.0859 2560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/09 09:50:12.0968 2560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/09 09:50:12.0984 2560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/09 09:50:13.0062 2560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/09 09:50:13.0093 2560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/09 09:50:13.0125 2560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/09 09:50:13.0171 2560 PTUMWBus (31152d655189703dec05d7d585281ab3) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys
2011/05/09 09:50:13.0375 2560 PTUMWCSP (800e9d0e8628b99191d4e6811237b166) C:\WINDOWS\system32\DRIVERS\PTUMWCSP.sys
2011/05/09 09:50:13.0421 2560 PTUMWFLT (154abe6f191c1a235ffb8dcc305f7955) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys
2011/05/09 09:50:13.0484 2560 PTUMWMdm (3f3f7a22242d179146237cdda5023b31) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys
2011/05/09 09:50:13.0531 2560 PTUMWNET (caed59c03a6eaf40d9a8bfeed537800c) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys
2011/05/09 09:50:13.0593 2560 PTUMWNSP (c21601f8a0302e4f07faa080afd8e639) C:\WINDOWS\system32\DRIVERS\PTUMWNSP.sys
2011/05/09 09:50:13.0640 2560 PTUMWVsp (9236328954fcaa0a1c895297bd1efe3a) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys
2011/05/09 09:50:13.0703 2560 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/09 09:50:13.0718 2560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/09 09:50:13.0750 2560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/09 09:50:13.0765 2560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/09 09:50:13.0796 2560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/09 09:50:13.0828 2560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/09 09:50:13.0859 2560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/09 09:50:13.0921 2560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/09 09:50:14.0093 2560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/09 09:50:14.0125 2560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/09 09:50:14.0187 2560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/09 09:50:14.0218 2560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/09 09:50:14.0265 2560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/09 09:50:14.0312 2560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/09 09:50:14.0359 2560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/09 09:50:14.0453 2560 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/09 09:50:14.0546 2560 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/09 09:50:14.0578 2560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/09 09:50:14.0640 2560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/09 09:50:14.0703 2560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/09 09:50:14.0781 2560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/09 09:50:15.0031 2560 smserial (78da3038965de2b3834303dfb0578326) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/05/09 09:50:15.0156 2560 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/05/09 09:50:15.0203 2560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/09 09:50:15.0250 2560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/09 09:50:15.0281 2560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/09 09:50:15.0359 2560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/09 09:50:15.0484 2560 STHDA (3b24ada55d3bdfdc0e6679d15fa668d8) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/09 09:50:15.0515 2560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/09 09:50:15.0578 2560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/09 09:50:15.0765 2560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/09 09:50:15.0781 2560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/09 09:50:15.0812 2560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/09 09:50:15.0828 2560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/09 09:50:15.0906 2560 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/09 09:50:15.0968 2560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/09 09:50:16.0046 2560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/09 09:50:16.0109 2560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/09 09:50:16.0156 2560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/09 09:50:16.0187 2560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/09 09:50:16.0250 2560 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/05/09 09:50:16.0312 2560 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/09 09:50:16.0375 2560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/09 09:50:16.0390 2560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/09 09:50:16.0468 2560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/09 09:50:16.0687 2560 USBAAPL (39d087ff228c9cd57ce766bf0c9c62de) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/09 09:50:16.0750 2560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/09 09:50:16.0781 2560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/09 09:50:16.0812 2560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/09 09:50:16.0875 2560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/09 09:50:16.0921 2560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/09 09:50:16.0968 2560 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/09 09:50:17.0015 2560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/09 09:50:17.0046 2560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/09 09:50:17.0109 2560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/09 09:50:17.0140 2560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/09 09:50:17.0171 2560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/09 09:50:17.0218 2560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/09 09:50:17.0296 2560 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/09 09:50:17.0375 2560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/09 09:50:17.0531 2560 yukonwxp (bf0a5f084f95f52bb483803aa2ae38f2) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/05/09 09:50:17.0593 2560 ================================================================================
2011/05/09 09:50:17.0593 2560 Scan finished
2011/05/09 09:50:17.0593 2560 ================================================================================

Sigverif scan:

clpalen.dat c:\windows\system32\spool\drivers\w32x86\3 modified 9/1/10

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/05/2011 3:08:11 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/05/2011 3:09:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/05/2011 3:07:01 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application sigverif.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 09/05/2011 3:03:48 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application sigverif.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 09/05/2011 2:26:57 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 14985

Log: 'Application' Date/Time: 09/05/2011 2:26:57 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 14985

Log: 'Application' Date/Time: 09/05/2011 2:26:57 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6
RKinner

Posted 09 May 2011 - 09:51 PM

Malware Expert

Expert
24,624 posts

Can you submit clpalen.dat which I assume is in c:\windows\system32\spool\drivers\w32x86\3\ to http://virustotal.com and if the report doesn't say 0/40 or so then copy it and paste it into a reply.

The event log says that sigverif hung so I'm not sure it actually finished. Don't think I've ever seen sigverif hang before so you should probably submit it to http://virustotal.com too. It should be in c:\windows\system32\

The Bonjour Service is not happy so I would just uninstall it and all of the rest of the apple stuff:
http://support.apple.com/kb/HT1925. If you reinstall itunes apparently you get it all back.

Ron

#7
aaron587

Posted 10 May 2011 - 08:48 PM

Member

Topic Starter
Member
25 posts

I submitted the clpa 1en.dat file and it came back 0/43. The sigverif comes back as an 0/42 as well. The link for the apple support goes to a blank page. Just to make sure for the apple stuff i should uninstall all the iTunes applicable stuff along with bonjour?

ETA: uninstalled bonjour and itunes. Will reinstall it later. Also sorry this took so long. Last night virustotal.com wouldn't load up and was working all day today.

Edited by aaron587, 10 May 2011 - 09:05 PM.

#8
RKinner

Posted 11 May 2011 - 12:22 AM

Malware Expert

Expert
24,624 posts

I'm retired and have no sense of time so don't worry about delays.

I went to the apple page and it came up blank for me but I hit it a second time and it came up. This is what it said:

Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP

Last Modified: May 02, 2011
Article: HT1925

Old Article: 93698

Email this article
Print this page
Summary

Learn how to completely uninstall iTunes, QuickTime, and other essential software components from your Windows XP PC.
Products Affected

QuickTime for Windows, iTunes 9 for Windows, iTunes 8 for Windows, iTunes 7 for Windows, Windows, Windows XP

For Windows Vista or Windows 7, refer to Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7.

Expand All Sections | Collapse All Sections
Overview

In some rare instances, it may be necessary to remove all traces of iTunes, QuickTime, and related software components from your computer before reinstalling iTunes. For most technical issues though, reinstalling iTunes is an unnecessary and overused troubleshooting step. If you are directed to reinstall iTunes by AppleCare, a Knowledge Base article, or an alert dialog, you can do so by following the steps in this article.

Notes:

iTunes Store purchases or songs imported from CDs are saved in your My Music folder by default and are not deleted by removing iTunes. While it is highly unlikely that you will lose any contents of your iTunes Library when following these steps, it is always a good idea to ensure that your iTunes library is backed up. See how to back up the contents of your iTunes library in How to back up your media in iTunes.
These steps may take a significant amount of time to complete, depending on your system.

Steps

1. Remove iTunes and related components from the Control Panel

Use the Control Panel to uninstall iTunes and related software components in the following order. Then, restart your computer.

iTunes
QuickTime
Apple Software Update
Apple Mobile Device Support
Bonjour
Apple Application Support (iTunes 9 or later)

Important: Uninstalling these components in a different order, or only uninstalling some of these components may have unintended effects.

If you need more detailed steps on removing and these components, refer to the following steps:

Quit the following programs, if they are running:
iTunes 
QuickTime Player 
Apple Software Update
From the Start menu, choose Control Panel.
In Control Panel, open "Add or Remove Programs."
Select iTunes from the list of currently installed programs, then click Remove.
When asked if you would like to remove iTunes, select Yes.
After the uninstallation is complete, do not restart your computer if you are prompted to.
If other program entries were listed for iTunes in Add or Remove Programs, remove those as well by repeating steps 4-6.
Remove any iPod Updater applications that are listed the same way you removed iTunes.
Remove all instances of QuickTime the same way you removed iTunes.
Remove all instances of Apple Software Update the same way you removed iTunes.
Remove all instances of Apple Mobile Device Support the same way you removed iTunes.
Remove all instances of Bonjour the same way you removed iTunes.
Remove all instances of Apple Application Support the same way you removed iTunes.
Restart your computer.

2. Verify iTunes and related components are completely uninstalled

In most cases removing iTunes and its related components from the Control Panel will remove all supporting files belonging to those programs. In some rare cases those files may be left behind. After following the previous steps, you should confirm that the following files and folders have been removed and if any are left behind, remove them now:

C:\Program Files\Bonjour
C:\Program Files\Common Files\Apple\
C:\Program Files\iTunes\
C:\Program Files\iPod\ Note: Follow the additional steps at the end of this article if you receieve the alert "Cannot delete iPodService.exe: It is being used by another person or program" when trying to delete this folder.
C:\Program Files\QuickTime\
C:\Windows\System32\QuickTime
C:\Windows\System32\QuickTimeVR

If you aren't sure how to remove these files, you can follow these detailed steps:

From the Start menu, select My Computer.
Open Local Disk (C:) located in Computer or whichever hard disk your programs are installed on.
Open the Program Files folder.
Right-click the Bonjour folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Right-click the iPod folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion. Note: Follow the additional steps at the end of this article if you receieve the alert "Cannot delete iPodService.exe: It is being used by another person or program" when trying to delete this folder.
Right-click the iTunes folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Right-click the QuickTime folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Open the Common Files folder.
Right-click the Apple folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
From the Start menu, select My Computer.
Open Local Disk (C:) located in Computer or whichever hard disk your operating system is installed on.
Open the Windows folder.
Open the System32 folder.
Right-click the QuickTime file (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Right-click the QuickTimeVR file (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Right-click the Recycle Bin and select Empty Recycle Bin.

3. Reinstall iTunes and related components

After verifying that iTunes is completely uninstalled, restart your computer and then install the latest version of iTunes.

If the issue you are troubleshooting is not resolved after following these steps, it is not necessary to remove and reinstall iTunes multiple times. Instead, you may find helpful information at the iTunes Support page, such as trobleshooting steps related to specific alert messages.
Additional Information

iPodService.exe Alert

Follow these steps if the message, "Cannot delete iPodService.exe: It is being used by another person or program" appears when you try to delete the iPod folder.

Make sure that iTunes and the iPod Updater utility are not open.
Press and hold Control-Alt-Delete. Select Start Task Manager.
Click the Processes tab.
Locate "iPodService.exe" in the list.
Click "iPodService.exe" and choose End Process.
Quit the Task Manager.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Rate this article:

Not helpful
Somewhat helpful
Helpful
Very helpful
Solved my problem

Ron

#9
aaron587

Posted 13 May 2011 - 01:23 PM

Member

Topic Starter
Member
25 posts

Hi Ron,

Thanks so much for your help. Computer is running a bit faster and hopefully the problems with the laptop will stop.

You've been very helpful and solved my problem (as far as i know). Thanks!

#10
RKinner

Posted 13 May 2011 - 02:24 PM

Malware Expert

Expert
24,624 posts

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron