Winlogon.exe is infected with Win32:Malware-gen

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
I am running Windows XP Pro SP 2 (build 2600)(ver 5.1). My anti-virus is avast 5 (newly updated) and Malwarebytes' anti-malware. I keep on getting an Avast warning that it is blocking (1) win32:malware-gen[Trj], found in my c:\windows\systems32\winlogon.exe; and (2) win32:patched-UE[Trj] found in c:\windows\explorer.exe. I cannot quarantine, delete or repair these files.

When I run malwarebytes on the files, it does not identify any infections. But when I run avast on the files, it detects the viruses.

I have an external drive with an earlier installation of win xp sp2 (but same build, etc.). Is there some way to cut and paste these non-infected files with the ones infected on my internal hard drive?

Thank you.
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
I forgot to mention in original post that I am running 32-bit xp. Some help on this will be very appreciated.
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please run the following diagnostic scans:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.phphttp://www.gmer.net/download.php to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
Forgive me if this is rudimentary. But when you ask me to "Disable any script blocking protection," are you talking about avast and malwarebytes, which is the 2 third party programs I use? I think I also have Windows antivirus turned on but not sure how to check to see if it is, and if I need to, to turn it off.

Thanks for responding.
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Just make sure Avast is disabled, then you should be OK
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
Here are the DDS reports. The Gmer.txt file is attached.

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Craig at 18:24:27.85 on Mon 01/17/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1201 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\comp health\[COMP HEALTH] - Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
D:\COMPHE~1\_COMPH~1\avastUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\RTHDCPL.EXE
D:\[OFFICE]\[OFFICE] - Paperport9\pptd40nt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\[MEDIA]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe
D:\[OFFICE]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\[TOM TOM]\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\ups.exe
D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
D:\[INTERNET]\[BROWSER] - Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Craig\Desktop\dds.com

============== Pseudo HJT Report ===============

uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\[comp health]\[comp health] - avg anti-virus\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\craig\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast5] d:\comphe~1\_comph~1\avastUI.exe /nogui
mRun: [DNS7reminder] "d:\[office]\[office] - dragon naturally speaking 10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickFinder Scheduler] "d:\[office]\[office] - wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [PdxRegCl] "d:\[office]\[office] - wordperfect office x3\programs\PdxRegCl.exe" /s /c
mRun: [PaperPort PTD] d:\[office]\[office] - paperport9\pptd40nt.exe
mRun: [Nuance.ctfmngr] d:\_offic~1\_o0930~1\program\ctfmngr.exe /restore
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\[comp health]\[comp health] - malwarebytes\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IndexSearch] d:\[office]\[office] - paperport9\IndexSearch.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "d:\[media]\[media] - divx\divx\divx plus web player\DDmService.exe" start
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Acrobat Speed Launcher] "d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\Acrotray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\[media]\[media] - widcomm\bluetooth software\BTTray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with WordPerfect - d:\[office]\[office] - wordperfect office x3\programs\WPLauncher.hta
IE: Send to &Bluetooth Device... - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: acaptuser32.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\5s8eyo5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: d:\[internet]\[browser] - firefox\components\browserdirprovider.dll
FF - component: d:\[internet]\[browser] - firefox\components\brwsrcmp.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npdeploytk.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npnul32.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\nppdf32.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin2.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin3.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin4.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin5.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin6.dll
FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin7.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npdivx32.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npdsplay.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\NPSWF32.dll
FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\[media]\[media] - divx\divx\divx web player\npdivx32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat 9\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat pro 9 ext\adobe acrobat 9 pro extended\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - adobe acrobat pro 9\acrobat\browser\nppdf32.dll
FF - plugin: d:\[office]\[office] - canon pixma mx340\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: d:\[office]\[office] - pdfpro6trial\pdf professional 6\bin\nppdf.dll
FF - plugin: d:\[office]\[office] adobe acrobat 9\acrobat\browser\nppdf32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\[internet]\[browser] - firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - d:\[internet]\[browser] - firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\[internet]\[browser] - firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\[media]\[media] - divx\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - d:\[media]\[media] - divx\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-2 294608]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-2 17744]
R2 avast! Antivirus;avast! Antivirus;d:\comp health\[comp health] - avast5\AvastSvc.exe [2010-1-24 40384]
R2 SITomcat;SI Tomcat;d:\[gm spo]\[gm spo] - service manual '95-'05\esi\apache group\tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]
R2 SITransbase;SI Transbase;d:\[gm spo]\[gm spo] - service manual '95-'05\esi\transbase\tbmux32.exe [2001-11-20 165376]
R2 TomTomHOMEService;TomTomHOMEService;d:\[tom tom]\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbvm305.sys --> c:\windows\system32\drivers\usbVM305.sys [?]

=============== Created Last 30 ================

2011-01-17 20:23:42 -------- d--h--w- c:\windows\PIF
2011-01-17 19:22:32 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-01-17 19:22:32 -------- d-----w- c:\program files\Belarc
2011-01-15 05:26:41 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-15 05:26:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-15 05:26:15 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-15 05:26:15 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-15 05:26:15 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-15 05:26:15 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-15 05:26:15 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-15 05:26:15 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-15 05:26:15 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-15 05:20:20 -------- d-----w- c:\program files\iYogi Support Dock
2011-01-15 04:21:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-15 04:15:13 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\VS Revo Group
2011-01-15 03:31:14 -------- d-----w- c:\windows\pss
2011-01-15 03:11:37 -------- d-----w- c:\windows\system32\CatRoot2
2011-01-11 23:08:41 -------- d-----w- c:\documents and settings\craig\Bluetooth Software
2011-01-11 23:04:10 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-01-11 23:04:10 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-01-11 23:04:10 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-01-11 23:04:10 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-01-11 23:04:10 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-01-11 23:04:09 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-01-11 23:04:09 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-01-11 23:04:09 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2011-01-02 23:01:51 -------- d-----w- c:\docume~1\craig\applic~1\Local

==================== Find3M ====================

2011-01-18 00:01:18 502272 ----a-w- c:\windows\system32\winlogon.exe
2011-01-18 00:00:23 1033216 ----a-w- c:\windows\explorer.exe
2011-01-17 18:13:42 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

============= FINISH: 18:24:55.64 ===============

Attach.txt

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2009 5:45:54 PM
System Uptime: 1/17/2011 5:09:45 PM (1 hours ago)

Motherboard: MICRO-STAR INTERANTONAL CO.,LTD | | MS-7302
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 71.08 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 73.884 GiB free.
E: is FIXED (NTFS) - 103 GiB total, 100.739 GiB free.
F: is CDROM ()
H: is FIXED (NTFS) - 37 GiB total, 20.535 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


µTorrent
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
AMD Processor Driver
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
avast! Free Antivirus
Belarc Advisor 8.1
Canon MF Toolbox 4.9.1.1.mf08
Canon MF6500 Series
Canon MP Navigator EX 3.1
Canon MX340 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CaseMap 4 - InstallShield Wizard
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dragon NaturallySpeaking 10
E-Transcript Bundle Viewer
EPSON Printer Software
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
ImgBurn
IrfanView (remove only)
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
Media Player Classic
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.0.19)
Mozilla Thunderbird (2.0.0.24)
My Bar-Bat Mitzvah Companion 3.0
ObjectDock Plus
Objection Series 3.3
OpenOffice.org 3.1
Opera 9.63
PaperPort 9.0
Paradox
PDFCreator
pdfforge Toolbar v4.1
PFPortChecker 1.0.32
Quick View Plus
QuickTime
Realtek High Definition Audio Driver
Safari
SI Data SIen v2004.19
SI Stand-alone application
SI Tiff Viewer Plugin v4
Software Update for Web Folders
SpaceMonger 2.1.1
TomTom HOME 2.7.2.1825
TomTom HOME Visual Studio Merge Modules
Update Manager
VC80CRTRedist - 8.0.50727.4053
Visual C++ Runtime for Dragon NaturallySpeaking
WIDCOMM Bluetooth Software
Windows Imaging Component
Windows Installer 3.1 (KB893803)
WinRAR archiver
WordPerfect Office X3

==== Event Viewer Messages From Past Week ========

1/17/2011 10:36:22 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service dmadmin with arguments "/com" in order to run the server: {4FB6BB00-3347-11D0-B40A-00AA005FF586}
1/17/2011 10:05:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
1/15/2011 6:40:00 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
1/14/2011 9:22:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/14/2011 7:12:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/14/2011 7:10:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/14/2011 6:56:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
1/14/2011 6:56:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/14/2011 6:43:49 PM, error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
1/14/2011 6:43:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn Rescue (ee49ea17-a882-475e-a36c-2b1209ea7b1a) service to connect.
1/14/2011 6:43:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.
1/14/2011 6:43:49 PM, error: Service Control Manager [7000] - The LogMeIn Rescue (ee49ea17-a882-475e-a36c-2b1209ea7b1a) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2011 6:43:49 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2011 5:57:58 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Thank you for your assistance.
 

Attachments

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
Catbyte, I did not see any directions to turn off malwarebyte's anti-malware program in the link you provided. Do you have any directions for doing this?
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
You don't need to worry about MBAM, just your AV programs
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
Sorry I took so long. During the running of combofix, the computer rebooted itself and combofix was no longer running and there was no text file generated that I can tell. Avast came back on upon reboot and a warning pop-up about the winlogon.exe virus came up and stated that it was blocked during the process of svchost.exe running. What do I do now? :confused:
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
Catbyte, I know the instructions said not to re-run ComboFix if there is a problem the 1st time, but since I did not hear back from you, I decided to run it again. This time it ran all the way through. The log generated is below. Please let me know if the malware has been eradicated.

I also wanted to say that during this ordeal, I noticed my wireless trackball and wireless keyboard were also not working opproperly, as I needed to place the wireless receivers (which are connected to my computer via usb ports) about a foot away from the devices to allow them to work. I also noticed today that I was getting re-routed to ad and spam sites when using google web search. Please let me know if these are all symptoms of the same problem, or do I have something even more insidious happening?

ComboFix 11-01-17.03 - Craig 01/17/2011 21:29:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1585 [GMT -8:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Craig\Application Data\Local
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Craig\g2mdlhlpx.exe
c:\documents and settings\Craig\My Documents\Iyogi.reg
c:\program files\pdfforge Toolbar\IE\4.1\pdFForgetoolbarie.dll

c:\windows\regedit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP2\A0000040.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP2\A0000428.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-17 20:23 . 2011-01-17 20:23 -------- d--h--w- c:\windows\PIF
2011-01-17 19:22 . 2011-01-17 19:22 -------- d-----w- c:\program files\Belarc
2011-01-17 19:22 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\program files\MSBuild
2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\program files\Reference Assemblies
2011-01-15 05:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-15 05:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-15 05:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-15 05:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-15 05:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-15 05:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-15 05:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-15 05:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-15 05:20 . 2011-01-15 14:32 -------- d-----w- c:\program files\iYogi Support Dock
2011-01-15 04:15 . 2011-01-15 04:15 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\VS Revo Group
2011-01-15 03:11 . 2011-01-18 05:28 -------- d-----w- c:\windows\system32\CatRoot2
2011-01-15 02:33 . 2011-01-15 02:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-01-11 23:08 . 2011-01-11 23:08 -------- d-----w- c:\documents and settings\Craig\Bluetooth Software
2011-01-11 23:04 . 2009-06-21 16:56 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-01-11 23:04 . 2009-05-11 21:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-01-11 23:04 . 2008-09-26 15:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-01-11 23:04 . 2008-07-25 00:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-01-11 23:04 . 2007-09-20 18:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-01-11 23:04 . 2009-08-17 21:00 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-01-11 23:04 . 2009-07-09 19:45 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-01-11 23:04 . 2008-02-05 00:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-18 00:01 . 2004-08-03 23:56 502272 ----a-w- c:\windows\system32\winlogon.exe
2011-01-18 00:00 . 2007-02-18 21:37 1033216 ----a-w- c:\windows\explorer.exe
2011-01-13 08:47 . 2010-07-05 00:59 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-12-02 18:38 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-12-02 18:39 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-12-02 18:39 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-12-02 18:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-12-02 18:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-12-02 18:39 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-12-02 18:39 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-12-02 18:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.

------- Sigcheck -------

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-02-18 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
[-] 2007-02-18 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\dllcache\browser.dll

[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2007-02-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2007-02-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll

[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2007-02-18 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
[-] 2007-02-18 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe

[-] 2007-02-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2007-02-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2011-01-18 . 06E9698963CCDB85FAE513801F7AF6B5 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2007-02-18 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2007-02-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2007-02-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2007-02-18 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
[-] 2007-02-18 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2007-02-18 21:37 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
[-] 2007-02-18 21:37 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\dllcache\es.dll

[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2007-02-18 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\system32\kernel32.dll
[-] 2007-02-18 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2007-02-18 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
[-] 2007-02-18 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2007-02-18 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\system32\mshtml.dll
[-] 2007-02-18 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2007-02-18 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2007-02-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2007-02-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2007-02-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
[-] 2007-02-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll

[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2007-02-18 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\system32\wininet.dll
[-] 2007-02-18 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2011-01-18 . 375F1144332062F5C72F7B94BF4E4192 . 1033216 . . [6.00.2900.2894] . . c:\windows\explorer.exe

[-] 2007-02-18 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
[-] 2007-02-18 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\ole32.dll

[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll

[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2007-02-18 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2007-02-18 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2007-02-18 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2007-02-18 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll

[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2005-05-28 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2005-05-28 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2007-02-18 21:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2007-02-18 21:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2007-02-18 21:40 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\mspmsnsv.dll
[-] 2007-02-18 21:40 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2007-02-18 . 1F9DD693DF8F6A1841E57EC62D22CC1C . 2017280 . . [5.1.2600.3023] . . c:\windows\system32\ntkrnlpa.exe

[-] 2004-08-03 23:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 23:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2004-08-03 23:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-03 23:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll

[-] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe

[-] 2007-02-18 . 0C58CB9E8C2163F290FCDDCC75D9BEFA . 2137600 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe

[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll

[-] 2007-02-18 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
[-] 2007-02-18 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="d:\comphe~1\_COMPH~1\avastUI.exe" [2011-01-13 3396624]
"DNS7reminder"="d:\[office]\[OFFICE] - Dragon Naturally Speaking 10\Ereg\Ereg.exe" [2007-04-16 14:33 259624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-23 524288]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"QuickFinder Scheduler"="d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 04:21 83568]
"PdxRegCl"="d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\PdxRegCl.exe" [2004-06-14 23:57 49152]
"PaperPort PTD"="d:\[office]\[OFFICE] - Paperport9\pptd40nt.exe" [2003-02-27 10:12 57393]
"Nuance.ctfmngr"="d:\_offic~1\_O0930~1\Program\ctfmngr.exe" [2009-04-10 50536]
"Malwarebytes Anti-Malware (reboot)"="d:\[comp health]\[COMP HEALTH] - Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 18:53 1312080]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"IndexSearch"="d:\[office]\[OFFICE] - Paperport9\IndexSearch.exe" [2003-02-27 10:40 40960]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 21:15 63360]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"Adobe Acrobat Speed Launcher"="d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrobat_sl.exe" [2008-06-12 10:25 37232]
"Acrobat Assistant 8.0"="d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe" [2008-06-12 06:43 640376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="d:\[tom tom]\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus C86 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB003" /M "Stylus C86"
"BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\[INTERNET]\\[TORRENT] - uTorrent\\uTorrent.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/2/2009 10:39 AM 294608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [10/22/2010 4:38 PM 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/2/2009 10:39 AM 17744]
R2 SITomcat;SI Tomcat;d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe [10/27/2003 3:33 AM 65536]
R2 SITransbase;SI Transbase;d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe [11/20/2001 5:37 AM 165376]
R2 TomTomHOMEService;TomTomHOMEService;d:\[tom tom]\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 7:05 AM 92008]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with WordPerfect - d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\WPLauncher.hta
IE: Send to &Bluetooth Device... - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\5s8eyo5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\[internet]\[BROWSER] - Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - d:\[internet]\[BROWSER] - Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\[internet]\[BROWSER] - Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\[media]\[MEDIA] - DivX\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 21:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"d:\comp health\
[COMP HEALTH] - Avast5\AvastSvc.exe\""

--
"ImagePath"="D:\
[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe"

--
"ImagePath"="\"D:\
[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe\""

"ImagePath"="\"D:\
[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe\""

--
"ImagePath"="D:\
[TOM TOM]\TomTom HOME 2\TomTomHOMEService.exe"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus]
"ImagePath"="\"d:\comp health\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwdins]
"ImagePath"="D:\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SITomcat]
"ImagePath"="\"D:\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SITransbase]
"ImagePath"="\"D:\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TomTomHOMEService]
"ImagePath"="D:\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\comp health\[COMP HEALTH] - Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\[office]\[OFFICE] - Paperport9\pptd40nt.exe
c:\windows\system32\PSIService.exe
d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe
d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrobat_sl.exe
d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe
d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\[tom tom]\TomTom HOME 2\TomTomHOMEService.exe
d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
.
**************************************************************************
.
Completion time: 2011-01-17 21:36:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 05:36

Pre-Run: 77,326,409,728 bytes free
Post-Run: 77,430,202,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 37C5C113B80F1E7EC887F854ADCAA8EB
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
When I scanned the explorer.exe and winlogon.exe in the c:\windows directory, avast 5 still shows that these 2 files are infected the same way as set forth in my original post.

What do I do now?:confused:
 

attcbf

Thread Starter
Joined
Sep 11, 2010
Messages
25
Hi, it looks like the download will take about an hour, so I am going to sleep and will install it when I get up. Is there anyhting I should know to do to make it an easy install?
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Make sure that all other programs are closed and you shouldn't encounter any difficulties.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top