1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Your kind, knowledgeable assistance on scanned logs is required!

Discussion in 'Virus & Other Malware Removal' started by wickedjon, Jan 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. wickedjon

    wickedjon Thread Starter

    Joined:
    Jan 8, 2011
    Messages:
    2
    To whomever can assist me in this matter.
    I've had many an issue with my computer of late, most definitely have been affected by malware etc. I run Windows XP on my Acer netbook. Am not entirely sure what else is required. I have copied/pasted/attached the relevant logs below. Looking forward to your interpretation and analysis of it!! Many thanks!


    Logfile of HijackThis v1.99.1
    Scan saved at 08:55:51 PM, on 2011/01/08
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\windows\system32\wuaucldt.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0209&m=aspire_one
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe vryw.kco xtxiwm
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\ACER\LOCALS~1\Temp\svchost.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Services] C:\windows\system32\system.exe
    O4 - HKCU\..\Run: [JDK5SWFMZY] C:\DOCUME~1\ACER\LOCALS~1\Temp\Nzd.exe
    O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\acer\wuaucldt.exe
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{01DE4D2A-1043-4694-8452-72AB0E685981}: NameServer = 196.43.34.190,196.43.46.190
    O17 - HKLM\System\CS2\Services\Tcpip\..\{01DE4D2A-1043-4694-8452-72AB0E685981}: NameServer = 196.43.34.190,196.43.46.190
    O17 - HKLM\System\CS3\Services\Tcpip\..\{01DE4D2A-1043-4694-8452-72AB0E685981}: NameServer = 196.43.34.190,196.43.46.190
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Winferno Subscription Service (qaca1ne7r3o5l) - Unknown owner - C:\WINDOWS\system32\sagujoussou.exe (file missing)
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by ACER at 17:48:17.84 on 2011/01/08
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.27.1033.18.1014.335 [GMT 2:00]

    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\windows\system32\wuaucldt.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\ACER\My Documents\Downloads\dds.scr
    C:\WINDOWS\system32\taskmgr.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0209&m=aspire_one
    mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
    mWinlogon: Shell=Explorer.exe rundll32.exe vryw.kco xtxiwm
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    mWinlogon: Taskman=c:\documents and settings\acer\application data\nsvb.exe
    uWinlogon: Shell=c:\documents and settings\acer\application data\juzjf.exe,explorer.exe,c:\documents and settings\acer\application data\nsvb.exe
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Services] c:\windows\system32\system.exe
    uRun: [JDK5SWFMZY] c:\docume~1\acer\locals~1\temp\Nzd.exe
    uRun: [QNPlus]
    uRun: [wuaucldt] c:\documents and settings\acer\wuaucldt.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [Yahoo Messenger]
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Windows Firewall] c:\docume~1\acer\locals~1\temp\svchost.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [wuaucldt] c:\windows\system32\wuaucldt.exe
    mRun: [Regedit32] c:\windows\system32\regedit.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRunOnce: [<NO NAME>]
    mExplorerRun: [<NO NAME>] 1 (0x1)
    StartupFolder: c:\documents and settings\acer\start menu\programs\startup\703w0xt.exe
    StartupFolder: c:\documents and settings\acer\start menu\programs\startup\kabg81sd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: {01DE4D2A-1043-4694-8452-72AB0E685981} = 196.43.34.190,196.43.46.190
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {67KLN5J0-4OPM-01WE-AAX2-5657QCA554112} - c:\sp\read\DRG.exe

    ============= SERVICES / DRIVERS ===============

    R0 xltwzlpv;xltwzlpv;c:\windows\system32\drivers\xltwzlpv.sys [2010-7-14 40128]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-8 165584]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214024]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-8 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-8 40384]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-8 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-8 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-8 136176]
    S2 owqtsh;gosnsmcz;c:\windows\system32\svchost.exe -k netsvcs [2009-1-16 14336]
    S2 qaca1ne7r3o5l;Winferno Subscription Service;c:\windows\system32\sagujoussou.exe --> c:\windows\system32\sagujoussou.exe [?]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-16 79880]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-16 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-16 34216]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-16 40552]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    SUnknown SSHNAS;SSHNAS; [x]

    =============== Created Last 30 ================

    2011-01-08 15:30:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-08 15:30:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-08 13:51:47 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-08 13:51:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2011-01-08 13:09:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-01-08 10:01:02 -------- d-----w- c:\docume~1\acer\locals~1\applic~1\Temp
    2011-01-08 09:59:09 -------- d-----w- c:\docume~1\acer\locals~1\applic~1\Real
    2011-01-08 09:58:28 -------- d-----w- c:\program files\common files\xing shared
    2011-01-08 08:45:22 203776 --sh--r- c:\docume~1\acer\applic~1\nsvb.exe
    2011-01-08 08:44:53 33280 ----a-w- c:\windows\system32\wuaucldt.exe
    2011-01-08 08:44:53 33280 ----a-w- c:\documents and settings\acer\wuaucldt.exe

    ==================== Find3M ====================

    2011-01-08 15:39:33 256 ----a-w- c:\windows\system32\pool.bin
    2011-01-08 09:57:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-01-08 09:57:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-11-30 09:05:28 100352 --sh--r- c:\docume~1\acer\applic~1\juzjf.exe

    ============= FINISH: 17:55:19.04 ===============



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-08 20:39:31
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
    Running: hmusgehl.exe; Driver: C:\DOCUME~1\ACER\LOCALS~1\Temp\pgeyqfow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA6BCFCF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA6BCFBAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA6BD0160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA6BD008A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA6BCF782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA6BCFC86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA6BCF6C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA6BCF726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA6BCFDA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA6BD022E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA6BCFD66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA6BCFEE6]
    SSDT 85B21E40 ZwTerminateProcess

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA6BDCBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA6BDC9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA6BDCB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A6BD9FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP A6BDC9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP A6BDCBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwLoadDriver 805AEDE2 7 Bytes JMP A6BDCB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP A6BD85D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\drivers\xltwzlpv.sys section is writeable [0xF78CE000, 0x2F40, 0xEC000040]
    .reloc C:\WINDOWS\system32\drivers\xltwzlpv.sys section is executable [0xF78D4E60, 0x1E60, 0xEE000040]
    ? C:\WINDOWS\system32\drivers\xltwzlpv.sys Access is denied.
    ? C:\DOCUME~1\ACER\LOCALS~1\Temp\cdfss The system cannot find the file specified. !
    ? C:\DOCUME~1\ACER\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    ? C:\WINDOWS\system32\svchost.exe[208] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[280] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 023B9DD2
    .text C:\WINDOWS\System32\svchost.exe[1108] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 023B9D72
    .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 008C9DD2
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    ? C:\WINDOWS\System32\svchost.exe[1696] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
    .text C:\program files\real\realplayer\update\realsched.exe[3092] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    ? C:\WINDOWS\system32\svchost.exe[3176] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \FileSystem\RAW \Device\RawTape xltwzlpv.sys
    Device \FileSystem\MRxDAV \Device\WebDavRedirector xltwzlpv.sys

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\RAW \Device\RawDisk xltwzlpv.sys
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver xltwzlpv.sys
    Device xltwzlpv.sys
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device \FileSystem\RAW \Device\RawCdRom xltwzlpv.sys
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer xltwzlpv.sys
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer xltwzlpv.sys
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer xltwzlpv.sys
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer xltwzlpv.sys
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer xltwzlpv.sys

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:440] 85B21B60

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] owqtsh <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011f60126cb (not active ControlSet)
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f60126cb
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] gosnsmcz
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Acer VCM Raw Socket Service
    Reg HKLM\SYSTEM\CurrentControlSet\Services\owqtsh\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\owqtsh\[email protected] C:\WINDOWS\system32\csobfk.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011f60126cb (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] gosnsmcz
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Acer VCM Raw Socket Service
    Reg HKLM\SYSTEM\ControlSet003\Services\owqtsh\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\owqtsh\[email protected] C:\WINDOWS\system32\csobfk.dll

    ---- EOF - GMER 1.0.15 ----


    Thanks again! Good luck.. ;-)
     

    Attached Files:

  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  3. wickedjon

    wickedjon Thread Starter

    Joined:
    Jan 8, 2011
    Messages:
    2
    Hey there Catbyte!

    I did as told, and as the Combofix program was deleting files and folders, I got the blue screen message stating that a stop error due to a device or driver had happened.
    I didnt rerun combofix. what to do now please?
    Jon

     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please delete the copy of ComboFix that you have on your desktop, download a fresh copy, but rename it to iexplore before saving it,


    if it still wont complete a run, try running it in safe mode:

    To enter safe mode:

    reboot > tap F8 repeatedly on boot up until an advanced option menu appears > arrow up to "safe mode with networking"

    Post the resulting log

    Note: Make certain you security programs are disabled or they will interfere.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - kind knowledgeable assistance
  1. Mantas101
    Replies:
    13
    Views:
    855
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973431

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice