1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Winlogon.exe is infected with Win32:Malware-gen

Discussion in 'Virus & Other Malware Removal' started by attcbf, Jan 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    I am running Windows XP Pro SP 2 (build 2600)(ver 5.1). My anti-virus is avast 5 (newly updated) and Malwarebytes' anti-malware. I keep on getting an Avast warning that it is blocking (1) win32:malware-gen[Trj], found in my c:\windows\systems32\winlogon.exe; and (2) win32:patched-UE[Trj] found in c:\windows\explorer.exe. I cannot quarantine, delete or repair these files.

    When I run malwarebytes on the files, it does not identify any infections. But when I run avast on the files, it detects the viruses.

    I have an external drive with an earlier installation of win xp sp2 (but same build, etc.). Is there some way to cut and paste these non-infected files with the ones infected on my internal hard drive?

    Thank you.
     
  2. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    I forgot to mention in original post that I am running 32-bit xp. Some help on this will be very appreciated.
     
  3. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please run the following diagnostic scans:

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  4. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    Forgive me if this is rudimentary. But when you ask me to "Disable any script blocking protection," are you talking about avast and malwarebytes, which is the 2 third party programs I use? I think I also have Windows antivirus turned on but not sure how to check to see if it is, and if I need to, to turn it off.

    Thanks for responding.
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Just make sure Avast is disabled, then you should be OK
     
  6. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    Here are the DDS reports. The Gmer.txt file is attached.

    DDS.txt

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Craig at 18:24:27.85 on Mon 01/17/2011
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1201 [GMT -8:00]

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    d:\comp health\[COMP HEALTH] - Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    D:\COMPHE~1\_COMPH~1\avastUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\WINDOWS\RTHDCPL.EXE
    D:\[OFFICE]\[OFFICE] - Paperport9\pptd40nt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    D:\[MEDIA]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe
    D:\[OFFICE]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe
    D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PSIService.exe
    D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
    D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    D:\[TOM TOM]\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\System32\ups.exe
    D:\[MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe
    D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
    D:\[GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
    D:\[INTERNET]\[BROWSER] - Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Craig\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\[comp health]\[comp health] - avg anti-virus\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
    uRun: [Google Update] "c:\documents and settings\craig\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [avast5] d:\comphe~1\_comph~1\avastUI.exe /nogui
    mRun: [DNS7reminder] "d:\[office]\[office] - dragon naturally speaking 10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [QuickFinder Scheduler] "d:\[office]\[office] - wordperfect office x3\programs\QFSCHD130.EXE"
    mRun: [PdxRegCl] "d:\[office]\[office] - wordperfect office x3\programs\PdxRegCl.exe" /s /c
    mRun: [PaperPort PTD] d:\[office]\[office] - paperport9\pptd40nt.exe
    mRun: [Nuance.ctfmngr] d:\_offic~1\_o0930~1\program\ctfmngr.exe /restore
    mRun: [Malwarebytes Anti-Malware (reboot)] "d:\[comp health]\[comp health] - malwarebytes\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IndexSearch] d:\[office]\[office] - paperport9\IndexSearch.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "d:\[media]\[media] - divx\divx\divx plus web player\DDmService.exe" start
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Adobe Acrobat Speed Launcher] "d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\Acrotray.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\[media]\[media] - widcomm\bluetooth software\BTTray.exe
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Open with WordPerfect - d:\[office]\[office] - wordperfect office x3\programs\WPLauncher.hta
    IE: Send to &Bluetooth Device... - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\[media]\[media] - widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: acaptuser32.dll
    LSA: Notification Packages = scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\5s8eyo5v.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
    FF - component: d:\[internet]\[browser] - firefox\components\browserdirprovider.dll
    FF - component: d:\[internet]\[browser] - firefox\components\brwsrcmp.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npCouponPrinter.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npdeploytk.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npnul32.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\nppdf32.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin2.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin3.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin4.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin5.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin6.dll
    FF - plugin: d:\[internet]\[browser] - firefox\plugins\npqtplugin7.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npdivx32.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npdsplay.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin2.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin3.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin4.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin5.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin6.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npqtplugin7.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\NPSWF32.dll
    FF - plugin: d:\[internet]\[browser] - opera\program\plugins\npwmsdrm.dll
    FF - plugin: d:\[media]\[media] - divx\divx\divx ovs helper\npovshelper.dll
    FF - plugin: d:\[media]\[media] - divx\divx\divx player\npDivxPlayerPlugin.dll
    FF - plugin: d:\[media]\[media] - divx\divx\divx plus web player\npdivx32.dll
    FF - plugin: d:\[media]\[media] - divx\divx\divx web player\npdivx32.dll
    FF - plugin: d:\[office]\[office] - adobe acrobat 9\acrobat\browser\nppdf32.dll
    FF - plugin: d:\[office]\[office] - adobe acrobat pro 9 ext\acrobat\browser\nppdf32.dll
    FF - plugin: d:\[office]\[office] - adobe acrobat pro 9 ext\adobe acrobat 9 pro extended\acrobat\browser\nppdf32.dll
    FF - plugin: d:\[office]\[office] - adobe acrobat pro 9\acrobat\browser\nppdf32.dll
    FF - plugin: d:\[office]\[office] - canon pixma mx340\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: d:\[office]\[office] - pdfpro6trial\pdf professional 6\bin\nppdf.dll
    FF - plugin: d:\[office]\[office] adobe acrobat 9\acrobat\browser\nppdf32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\[internet]\[browser] - firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - d:\[internet]\[browser] - firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\[internet]\[browser] - firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\[media]\[media] - divx\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - d:\[media]\[media] - divx\divx\divx plus web player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
    FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-2 294608]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-2 17744]
    R2 avast! Antivirus;avast! Antivirus;d:\comp health\[comp health] - avast5\AvastSvc.exe [2010-1-24 40384]
    R2 SITomcat;SI Tomcat;d:\[gm spo]\[gm spo] - service manual '95-'05\esi\apache group\tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]
    R2 SITransbase;SI Transbase;d:\[gm spo]\[gm spo] - service manual '95-'05\esi\transbase\tbmux32.exe [2001-11-20 165376]
    R2 TomTomHOMEService;TomTomHOMEService;d:\[tom tom]\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
    S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]
    S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbvm305.sys --> c:\windows\system32\drivers\usbVM305.sys [?]

    =============== Created Last 30 ================

    2011-01-17 20:23:42 -------- d--h--w- c:\windows\PIF
    2011-01-17 19:22:32 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2011-01-17 19:22:32 -------- d-----w- c:\program files\Belarc
    2011-01-15 05:26:41 -------- d-----w- c:\windows\system32\XPSViewer
    2011-01-15 05:26:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-01-15 05:26:15 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-01-15 05:26:15 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-01-15 05:26:15 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-01-15 05:26:15 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-01-15 05:26:15 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-01-15 05:26:15 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-01-15 05:26:15 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-01-15 05:20:20 -------- d-----w- c:\program files\iYogi Support Dock
    2011-01-15 04:21:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-01-15 04:15:13 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\VS Revo Group
    2011-01-15 03:31:14 -------- d-----w- c:\windows\pss
    2011-01-15 03:11:37 -------- d-----w- c:\windows\system32\CatRoot2
    2011-01-11 23:08:41 -------- d-----w- c:\documents and settings\craig\Bluetooth Software
    2011-01-11 23:04:10 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
    2011-01-11 23:04:10 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
    2011-01-11 23:04:10 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys
    2011-01-11 23:04:10 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
    2011-01-11 23:04:10 106557 ----a-w- c:\windows\system32\btw_ci.dll
    2011-01-11 23:04:09 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
    2011-01-11 23:04:09 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
    2011-01-11 23:04:09 37160 ----a-w- c:\windows\system32\drivers\btport.sys
    2011-01-02 23:01:51 -------- d-----w- c:\docume~1\craig\applic~1\Local

    ==================== Find3M ====================

    2011-01-18 00:01:18 502272 ----a-w- c:\windows\system32\winlogon.exe
    2011-01-18 00:00:23 1033216 ----a-w- c:\windows\explorer.exe
    2011-01-17 18:13:42 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

    ============= FINISH: 18:24:55.64 ===============

    Attach.txt

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/24/2009 5:45:54 PM
    System Uptime: 1/17/2011 5:09:45 PM (1 hours ago)

    Motherboard: MICRO-STAR INTERANTONAL CO.,LTD | | MS-7302
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 71.08 GiB free.
    D: is FIXED (NTFS) - 98 GiB total, 73.884 GiB free.
    E: is FIXED (NTFS) - 103 GiB total, 100.739 GiB free.
    F: is CDROM ()
    H: is FIXED (NTFS) - 37 GiB total, 20.535 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    µTorrent
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    AMD Processor Driver
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    avast! Free Antivirus
    Belarc Advisor 8.1
    Canon MF Toolbox 4.9.1.1.mf08
    Canon MF6500 Series
    Canon MP Navigator EX 3.1
    Canon MX340 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CaseMap 4 - InstallShield Wizard
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Dragon NaturallySpeaking 10
    E-Transcript Bundle Viewer
    EPSON Printer Software
    GoToMeeting 4.0.0.320
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    ImgBurn
    IrfanView (remove only)
    Java(TM) 6 Update 17
    Malwarebytes' Anti-Malware
    Media Player Classic
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Word Viewer 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Media Video 9 VCM
    Microsoft Windows XP Video Decoder Checkup Utility
    Mozilla Firefox (3.0.19)
    Mozilla Thunderbird (2.0.0.24)
    My Bar-Bat Mitzvah Companion 3.0
    ObjectDock Plus
    Objection Series 3.3
    OpenOffice.org 3.1
    Opera 9.63
    PaperPort 9.0
    Paradox
    PDFCreator
    pdfforge Toolbar v4.1
    PFPortChecker 1.0.32
    Quick View Plus
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    SI Data SIen v2004.19
    SI Stand-alone application
    SI Tiff Viewer Plugin v4
    Software Update for Web Folders
    SpaceMonger 2.1.1
    TomTom HOME 2.7.2.1825
    TomTom HOME Visual Studio Merge Modules
    Update Manager
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ Runtime for Dragon NaturallySpeaking
    WIDCOMM Bluetooth Software
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    WinRAR archiver
    WordPerfect Office X3

    ==== Event Viewer Messages From Past Week ========

    1/17/2011 10:36:22 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service dmadmin with arguments "/com" in order to run the server: {4FB6BB00-3347-11D0-B40A-00AA005FF586}
    1/17/2011 10:05:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
    1/15/2011 6:40:00 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    1/14/2011 9:22:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    1/14/2011 7:12:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/14/2011 7:10:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/14/2011 6:56:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
    1/14/2011 6:56:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/14/2011 6:43:49 PM, error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
    1/14/2011 6:43:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn Rescue (ee49ea17-a882-475e-a36c-2b1209ea7b1a) service to connect.
    1/14/2011 6:43:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.
    1/14/2011 6:43:49 PM, error: Service Control Manager [7000] - The LogMeIn Rescue (ee49ea17-a882-475e-a36c-2b1209ea7b1a) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2011 6:43:49 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2011 5:57:58 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================

    Thank you for your assistance.
     

    Attached Files:

  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  8. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    Catbyte, I did not see any directions to turn off malwarebyte's anti-malware program in the link you provided. Do you have any directions for doing this?
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    You don't need to worry about MBAM, just your AV programs
     
  10. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    Sorry I took so long. During the running of combofix, the computer rebooted itself and combofix was no longer running and there was no text file generated that I can tell. Avast came back on upon reboot and a warning pop-up about the winlogon.exe virus came up and stated that it was blocked during the process of svchost.exe running. What do I do now? :confused:
     
  11. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    Catbyte, I know the instructions said not to re-run ComboFix if there is a problem the 1st time, but since I did not hear back from you, I decided to run it again. This time it ran all the way through. The log generated is below. Please let me know if the malware has been eradicated.

    I also wanted to say that during this ordeal, I noticed my wireless trackball and wireless keyboard were also not working opproperly, as I needed to place the wireless receivers (which are connected to my computer via usb ports) about a foot away from the devices to allow them to work. I also noticed today that I was getting re-routed to ad and spam sites when using google web search. Please let me know if these are all symptoms of the same problem, or do I have something even more insidious happening?

    ComboFix 11-01-17.03 - Craig 01/17/2011 21:29:18.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1585 [GMT -8:00]
    Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Craig\Application Data\Local
    c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\0.ddi
    c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\Craig\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\documents and settings\Craig\g2mdlhlpx.exe
    c:\documents and settings\Craig\My Documents\Iyogi.reg
    c:\program files\pdfforge Toolbar\IE\4.1\pdFForgetoolbarie.dll

    c:\windows\regedit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

    Infected copy of c:\windows\regedit.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP2\A0000040.exe
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{071F661E-B190-42AA-AB57-D42AA37602ED}\RP2\A0000428.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
    .

    2011-01-17 20:23 . 2011-01-17 20:23 -------- d--h--w- c:\windows\PIF
    2011-01-17 19:22 . 2011-01-17 19:22 -------- d-----w- c:\program files\Belarc
    2011-01-17 19:22 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\windows\system32\XPSViewer
    2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\program files\MSBuild
    2011-01-15 05:26 . 2011-01-15 05:26 -------- d-----w- c:\program files\Reference Assemblies
    2011-01-15 05:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-01-15 05:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-01-15 05:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-01-15 05:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-01-15 05:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-01-15 05:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-01-15 05:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-01-15 05:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-01-15 05:20 . 2011-01-15 14:32 -------- d-----w- c:\program files\iYogi Support Dock
    2011-01-15 04:15 . 2011-01-15 04:15 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\VS Revo Group
    2011-01-15 03:11 . 2011-01-18 05:28 -------- d-----w- c:\windows\system32\CatRoot2
    2011-01-15 02:33 . 2011-01-15 02:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
    2011-01-11 23:08 . 2011-01-11 23:08 -------- d-----w- c:\documents and settings\Craig\Bluetooth Software
    2011-01-11 23:04 . 2009-06-21 16:56 45984 ----a-w- c:\windows\system32\drivers\btwusb.sys
    2011-01-11 23:04 . 2009-05-11 21:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
    2011-01-11 23:04 . 2008-09-26 15:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
    2011-01-11 23:04 . 2008-07-25 00:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
    2011-01-11 23:04 . 2007-09-20 18:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
    2011-01-11 23:04 . 2009-08-17 21:00 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
    2011-01-11 23:04 . 2009-07-09 19:45 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
    2011-01-11 23:04 . 2008-02-05 00:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-18 00:01 . 2004-08-03 23:56 502272 ----a-w- c:\windows\system32\winlogon.exe
    2011-01-18 00:00 . 2007-02-18 21:37 1033216 ----a-w- c:\windows\explorer.exe
    2011-01-13 08:47 . 2010-07-05 00:59 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2009-12-02 18:38 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2009-12-02 18:39 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2009-12-02 18:39 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:40 . 2009-12-02 18:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-01-13 08:39 . 2009-12-02 18:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-01-13 08:37 . 2009-12-02 18:39 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2009-12-02 18:39 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-01-13 08:37 . 2009-12-02 18:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    .

    ------- Sigcheck -------

    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

    [-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
    [-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

    [-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

    [-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

    [-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
    [-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

    [-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
    [-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

    [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

    [-] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2007-02-18 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
    [-] 2007-02-18 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\dllcache\browser.dll

    [-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
    [-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

    [-] 2007-02-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
    [-] 2007-02-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll

    [-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
    [-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

    [-] 2007-02-18 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
    [-] 2007-02-18 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\rpcss.dll

    [-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
    [-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe

    [-] 2007-02-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
    [-] 2007-02-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

    [-] 2011-01-18 . 06E9698963CCDB85FAE513801F7AF6B5 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

    [-] 2007-02-18 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    [-] 2007-02-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2007-02-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [-] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

    [-] 2007-02-18 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
    [-] 2007-02-18 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\dllcache\cryptsvc.dll

    [-] 2007-02-18 21:37 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
    [-] 2007-02-18 21:37 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\dllcache\es.dll

    [-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
    [-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

    [-] 2007-02-18 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\system32\kernel32.dll
    [-] 2007-02-18 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows\system32\dllcache\kernel32.dll

    [-] 2007-02-18 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
    [-] 2007-02-18 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\dllcache\linkinfo.dll

    [-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
    [-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

    [-] 2007-02-18 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\system32\mshtml.dll
    [-] 2007-02-18 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\system32\dllcache\mshtml.dll

    [-] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2007-02-18 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    [-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
    [-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

    [-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
    [-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll

    [-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
    [-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

    [-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
    [-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

    [-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
    [-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

    [-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
    [-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

    [-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
    [-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

    [-] 2007-02-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
    [-] 2007-02-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll

    [-] 2007-02-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
    [-] 2007-02-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll

    [-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
    [-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

    [-] 2007-02-18 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\system32\wininet.dll
    [-] 2007-02-18 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\windows\system32\dllcache\wininet.dll

    [-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
    [-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

    [-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
    [-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

    [-] 2011-01-18 . 375F1144332062F5C72F7B94BF4E4192 . 1033216 . . [6.00.2900.2894] . . c:\windows\explorer.exe

    [-] 2007-02-18 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
    [-] 2007-02-18 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\ole32.dll

    [-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
    [-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll

    [-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

    [-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
    [-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

    [-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
    [-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

    [-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
    [-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

    [-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    [-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

    [-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
    [-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

    [-] 2007-02-18 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
    [-] 2007-02-18 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll

    [-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
    [-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

    [-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
    [-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

    [-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
    [-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

    [-] 2007-02-18 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
    [-] 2007-02-18 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\dllcache\termsrv.dll

    [-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
    [-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll

    [-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
    [-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

    [-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

    [-] 2005-05-28 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
    [-] 2005-05-28 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

    [-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
    [-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

    [-] 2007-02-18 21:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [-] 2007-02-18 21:38 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

    [-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
    [-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

    [-] 2007-02-18 21:40 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\mspmsnsv.dll
    [-] 2007-02-18 21:40 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll

    [-] 2007-02-18 . 1F9DD693DF8F6A1841E57EC62D22CC1C . 2017280 . . [5.1.2600.3023] . . c:\windows\system32\ntkrnlpa.exe

    [-] 2004-08-03 23:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
    [-] 2004-08-03 23:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

    [-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
    [-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

    [-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
    [-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

    [-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
    [-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

    [-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
    [-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

    [-] 2004-08-03 23:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
    [-] 2004-08-03 23:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

    [-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
    [-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

    [-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
    [-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll

    [-] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe

    [-] 2007-02-18 . 0C58CB9E8C2163F290FCDDCC75D9BEFA . 2137600 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe

    [-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

    [-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
    [-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll

    [-] 2007-02-18 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
    [-] 2007-02-18 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="d:\comphe~1\_COMPH~1\avastUI.exe" [2011-01-13 3396624]
    "DNS7reminder"="d:\[office]\[OFFICE] - Dragon Naturally Speaking 10\Ereg\Ereg.exe" [2007-04-16 14:33 259624]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-23 524288]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "QuickFinder Scheduler"="d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 04:21 83568]
    "PdxRegCl"="d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\PdxRegCl.exe" [2004-06-14 23:57 49152]
    "PaperPort PTD"="d:\[office]\[OFFICE] - Paperport9\pptd40nt.exe" [2003-02-27 10:12 57393]
    "Nuance.ctfmngr"="d:\_offic~1\_O0930~1\Program\ctfmngr.exe" [2009-04-10 50536]
    "Malwarebytes Anti-Malware (reboot)"="d:\[comp health]\[COMP HEALTH] - Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 18:53 1312080]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "IndexSearch"="d:\[office]\[OFFICE] - Paperport9\IndexSearch.exe" [2003-02-27 10:40 40960]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 21:15 63360]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
    "Adobe Acrobat Speed Launcher"="d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrobat_sl.exe" [2008-06-12 10:25 37232]
    "Acrobat Assistant 8.0"="d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe" [2008-06-12 06:43 640376]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "TomTomHOME.exe"="d:\[tom tom]\TomTom HOME 2\TomTomHOMERunner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "EPSON Stylus C86 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB003" /M "Stylus C86"
    "BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "d:\\[INTERNET]\\[TORRENT] - uTorrent\\uTorrent.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/2/2009 10:39 AM 294608]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [10/22/2010 4:38 PM 386560]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/2/2009 10:39 AM 17744]
    R2 SITomcat;SI Tomcat;d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe [10/27/2003 3:33 AM 65536]
    R2 SITransbase;SI Transbase;d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe [11/20/2001 5:37 AM 165376]
    R2 TomTomHOMEService;TomTomHOMEService;d:\[tom tom]\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 7:05 AM 92008]
    S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]
    S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Open with WordPerfect - d:\[office]\[OFFICE] - WordPerfect Office X3\Programs\WPLauncher.hta
    IE: Send to &Bluetooth Device... - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\5s8eyo5v.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\[internet]\[BROWSER] - Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - d:\[internet]\[BROWSER] - Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\[internet]\[BROWSER] - Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
    FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Google Update - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\[media]\[MEDIA] - DivX\DivX\DivXCodecUninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-17 21:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    "ImagePath"="\"d:\comp health\
    [COMP HEALTH] - Avast5\AvastSvc.exe\""

    --
    "ImagePath"="D:\
    [MEDIA]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe"

    --
    "ImagePath"="\"D:\
    [GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe\""

    "ImagePath"="\"D:\
    [GM SPO]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe\""

    --
    "ImagePath"="D:\
    [TOM TOM]\TomTom HOME 2\TomTomHOMEService.exe"


    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus]
    "ImagePath"="\"d:\comp health\

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwdins]
    "ImagePath"="D:\

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SITomcat]
    "ImagePath"="\"D:\

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SITransbase]
    "ImagePath"="\"D:\

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TomTomHOMEService]
    "ImagePath"="D:\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(732)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3124)
    c:\windows\system32\btmmhook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    d:\comp health\[COMP HEALTH] - Avast5\AvastSvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    d:\[office]\[OFFICE] - Paperport9\pptd40nt.exe
    c:\windows\system32\PSIService.exe
    d:\[media]\[MEDIA] - DivX\DivX\DivX Plus Web Player\DDmService.exe
    d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrobat_sl.exe
    d:\[office]\[OFFICE] - Adobe Acrobat Pro 9 ext\Acrobat\Acrotray.exe
    d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\BTTray.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
    d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbmux32.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    d:\[tom tom]\TomTom HOME 2\TomTomHOMEService.exe
    d:\[media]\[MEDIA] - WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\wscntfy.exe
    d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
    d:\[gm spo]\[GM SPO] - Service Manual '95-'05\eSI\Transbase\tbkern32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-17 21:36:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-18 05:36

    Pre-Run: 77,326,409,728 bytes free
    Post-Run: 77,430,202,368 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - 37C5C113B80F1E7EC887F854ADCAA8EB
     
  12. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    When I scanned the explorer.exe and winlogon.exe in the c:\windows directory, avast 5 still shows that these 2 files are infected the same way as set forth in my original post.

    What do I do now?:confused:
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
  14. attcbf

    attcbf Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    25
    Hi, it looks like the download will take about an hour, so I am going to sleep and will install it when I get up. Is there anyhting I should know to do to make it an easy install?
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Make sure that all other programs are closed and you shouldn't encounter any difficulties.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975282

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice