Solved Win 2000 checked but eventually not clean!

SKN66 · 2011/02/28

[Resolved] Win 2000 checked but eventually not clean!

Actually I don't have enough of knowledge about all that **** that's designed to infect computers, so my question will not be an intelligent one....
Everything works fine except Windows Explore won't allow me to drag and drop - anything anywhere and desktop icons can't be drag in to Quick launch bar. the last one I could live without, but the first issue is annoying.
I can still "work around" it, by using an old 2 pane alternative Explorer, but....
Got the suggestion to drop the guest ion here because, I did found (avasti prog. did) something called Vw0.exe (with friends) and Vzavia.exe and Vzavib.exe
By letting the anti virus prog. to remove them, I thought tat part done with, but obviously smarter people than me thinks there still may be some **** left that's causing trouble......
So, anybody that recognizes anything similar ...?
Any sugsestions is more than welcome, the alternative would be a totally new istallation and that is a long and tiresome prosedure best avoided...

PeteC · 2011/02/28

You were advised in post #11 here .....

http://www.windowsbbs.com/windows-2000/97961-win-2000-drag-drop-issue.html

to .....

Please read this as indicated at the head of the forum and post the logs requested in this thread.

So please do so.

SKN66 · 2011/02/28

Yes, reading and trying to do as instructed only little slow, because this is way over my knowlege level :-/.....

SKN66 · 2011/02/28

I Could kiss You guys! It was that simple, a (F and so an) malware!
I would Not have figured that out on my own!
But now I know (and You also) that this bug manifest in this way and can help others!
One million thanks to everybody who took time to read it and advise me!

Obviously there is still some things to take care of, but I can now transfer files again without much trouble

Here is the log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5906

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

2011-02-28 20:53:02
mbam-log-2011-02-28 (20-52-41).txt

Scan type: Quick scan
Objects scanned: 131540
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINNT\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\WINNT\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken.
c:\WINNT\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.

SKN66 · 2011/02/28

So, what do I do now?
9 objects in qcuarantine - Do I delite them or does that make my PC to crasch?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5906

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

2011-02-28 20:53:17
mbam-log-2011-02-28 (20-53-17).txt

Scan type: Quick scan
Objects scanned: 131540
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINNT\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINNT\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINNT\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Did try to run all disks at once (after one each other, not actually simultaneously) but that or that Winamp was using one of the files made the prog to crash... or was it one of these "tings" that did that, well I don’t know, but the MAM found two more of these.... one was an old one...hmm it means it's been there a long time... S... Thought I had it under control. - wrong again!

pcbugdoctor_newsetup.exe (Rogue.PCBugDoctor) -> Quarantined and deleted successfully.
farming-simulator-full-cracked.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (Sample File System Filter Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

SKN66 · 2011/02/28

The TFC told that it will reboot, but the system seemed to hung up in the process....?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 2000 Professional
Windows Information: Service Pack 4 (build 2195)
Logical Drives Mask: 0x0001fffd

Kernel Drivers (total 132):
0x80400000 \WINNT\System32\ntoskrnl.exe
0x80062000 \WINNT\System32\hal.dll
0xF6010000 \WINNT\System32\BOOTVID.dll
0xBFFD8000 ACPI.sys
0xF61C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
0xF5C00000 pci.sys
0xF5C10000 isapnp.sys
0xF5C20000 ohci1394.sys
0xF5C30000 \WINNT\System32\DRIVERS\1394BUS.SYS
0xF61C9000 pciide.sys
0xF5E80000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
0xF5E88000 MountMgr.sys
0xBFFBB000 ftdisk.sys
0xF6100000 Diskperf.sys
0xF6102000 dmload.sys
0xBFF99000 dmio.sys
0xF6014000 PartMgr.sys
0xBFF83000 atapi.sys
0xBFF67000 jraid.sys
0xBFF54000 \WINNT\system32\DRIVERS\SCSIPORT.SYS
0xBFF3B000 nvata.sys
0xF5E90000 disk.sys
0xF5C40000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
0xBFF19000 fltmgr.sys
0xF5C50000 PxHelp20.sys
0xBFF07000 KSecDD.sys
0xBFE89000 Ntfs.sys
0xBFE5F000 NDIS.sys
0xF6018000 sisperf.sys
0xF5E98000 sisidex.sys
0xBFE49000 Mup.sys
0xF6104000 JGOGO.sys
0xF5C80000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBF6B7000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF5F88000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF5C90000 \SystemRoot\System32\DRIVERS\serial.sys
0xF608C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF5EB0000 \SystemRoot\System32\DRIVERS\parport.sys
0xF5ED8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF5EC0000 \SystemRoot\System32\DRIVERS\openhci.sys
0xBF695000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF5EE8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF61ED000 \SystemRoot\System32\Drivers\hpcd2k.SYS
0xF61EF000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
0xF5F18000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF5F28000 \SystemRoot\System32\Drivers\incdrm.SYS
0xF5F38000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xF61F4000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xBF670000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF611A000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xF61F8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF5CA0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF60B0000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBF659000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF60C0000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF5CB0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF5ED0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF5EF0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF5CC0000 \SystemRoot\System32\DRIVERS\parallel.sys
0xBF639000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6202000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBF5E6000 \SystemRoot\System32\DRIVERS\update.sys
0xF5F70000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF5CE0000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF5CF0000 \SystemRoot\System32\DRIVERS\usbhub20.sys
0xBE15F000 \SystemRoot\system32\drivers\portcls.sys
0xBE184000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF5D00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBE5DE000 \SystemRoot\System32\Drivers\EFS.SYS
0xF5D10000 \SystemRoot\system32\DRIVERS\hppadt40.sys
0xBFE05000 \SystemRoot\System32\Drivers\LCcFltr.Sys
0xBE596000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xBE5AE000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF5D20000 \SystemRoot\System32\Drivers\LHidUsb.Sys
0xF5F80000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
0xBFDFD000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF5D30000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xF5EF8000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBFDF5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF5F08000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF5F20000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF60B8000 \SystemRoot\system32\DRIVERS\hppaprt0.sys
0xBE055000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF5F60000 \SystemRoot\System32\Drivers\Modem.SYS
0xF612A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF6226000 \SystemRoot\System32\Drivers\Null.SYS
0xF6228000 \SystemRoot\System32\Drivers\Beep.SYS
0xF60C4000 \SystemRoot\System32\drivers\vga.sys
0xF622C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF6130000 \??\C:\WINNT\system32\Drivers\InCDFatRec.sys
0xBFE09000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xBDFF4000 \SystemRoot\System32\Drivers\InCDfs.SYS
0xBE59E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF5D50000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6136000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBDFA5000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5D60000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF5F68000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF5D70000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xBDF2A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5EA8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF5D80000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBDF00000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xBDE88000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBE09B000 \??\C:\WINNT\system32\drivers\EIO_XP.sys
0xBDE40000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBE04D000 \SystemRoot\system32\drivers\atkkbnt.sys
0xF6140000 \SystemRoot\system32\drivers\AsIO.sys
0xF5F40000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF61FA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBDDA1000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xA0000000 \??\C:\WINNT\system32\win32k.sys
0xBC5D5000 \SystemRoot\System32\atkdisp.dll
0xBC053000 \SystemRoot\System32\nv4_disp.dll
0xBBE0B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBBD95000 \SystemRoot\System32\drivers\afd.sys
0xF6132000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF612E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xBBCB7000 \SystemRoot\System32\Drivers\aswMon.SYS
0xF5E10000 \SystemRoot\System32\Drivers\Fips.SYS
0xBBBB5000 \SystemRoot\system32\drivers\wdmaud.sys
0xBBD3D000 \SystemRoot\system32\drivers\sysaudio.sys
0xBBAAF000 \SystemRoot\System32\DRIVERS\srv.sys
0xBDF6D000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xBBC6F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBB8FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBB7D3000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBB3A9000 \SystemRoot\System32\atkosdmini.dll
0xBA87C000 \??\D:\@-PRIV~1\--WIND~1\TEMP\ufldqpob.sys
0xBA7B7000 \SystemRoot\system32\drivers\kmixer.sys
0xBDF8D000 \SystemRoot\System32\DRIVERS\asyncmac.sys
0x77F80000 \WINNT\system32\NTDLL.DLL

Processes (total 41):
0 System Idle Process
8 System
264 \SystemRoot\System32\smss.exe
292 CSRSS.EXE
316 \??\C:\WINNT\system32\winlogon.exe
344 C:\WINNT\system32\services.exe
356 C:\WINNT\system32\lsass.exe
508 C:\WINNT\system32\svchost.exe
532 C:\WINNT\system32\spoolsv.exe
584 C:\WINNT\ATKKBService.exe
604 D:\PROGRAM\SysTools\13 - Antivir\AvastSvc.exe
628 C:\WINNT\System32\svchost.exe
644 C:\WINNT\system32\hidserv.exe
672 D:\PROGRAM\Nec DVD\InCD\InCDsrv.exe
764 C:\WINNT\System32\nvsvc32.exe
832 C:\WINNT\System32\SCardSvr.exe
964 C:\WINNT\System32\WBEM\WinMgmt.exe
980 C:\WINNT\system32\svchost.exe
992 C:\WINNT\System32\svchost.exe
1276 C:\WINNT\Explorer.EXE
1200 C:\WINNT\system32\RUNDLL32.EXE
1428 D:\PROGRAM\Nec DVD\InCD\InCD.exe
1436 C:\WINNT\system32\carpserv.exe
1452 C:\WINNT\system32\rundll32.exe
1472 C:\WINNT\RTHDCPL.EXE
1516 D:\PROGRAM\Logitech\iTouch\iTouch.exe
1528 D:\PROGRAM\Logitech\MouseWare\system\em_exec.exe
1188 D:\PROGRAM\Winamp\winampa.exe
1216 D:\PROGRAM\SysTools\13 - Antivir\avastUI.exe
1500 C:\Program Files\RAMpage\RAMpage.exe
1564 C:\WINNT\system32\internat.exe
1568 D:\Wintools\Iconoid\iconoid.exe
1572 D:\PROGRAM\Telia\Mobile Broadband\Telia mobile broadband.exe
1612 D:\PROGRAM\1stClock\1stClock.exe
1640 D:\Wintools\DESKMENU.EXE
1684 D:\Wintools\EditPad.exe
1772 C:\WINNT\explorer.exe
400 D:\PROGRAM\Winamp\winamp.exe
1656 D:\PROGRAM\Firefox\firefox.exe
2024 C:\Program Files\Microsoft Office\Office\WINWORD.EXE
1296 D:\@ - Privat\-- Windows Folder\- Desktop items\MBRCheck.exe

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\L: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\M: --> \\.\PhysicalDrive5 at offset 0x0000001f`ff588800 (NTFS)

PhysicalDrive4 Model Number: WDCWD800AAJS-22PSA0, Rev: 05.06H05
PhysicalDrive5 Model Number: WDCWD1600AAJS-00B4A0, Rev: 01.03A01
PhysicalDrive0 Model Number: Maxtor2B020H1, Rev: WAH21PB0
PhysicalDrive1 Model Number: WDCWD800BB-00CAA1, Rev: 17.07W17
PhysicalDrive2 Model Number: IC35L080AVVA07-0, Rev: VA4OA52A
PhysicalDrive3 Model Number: WDCWD800BB-00CAA1, Rev: 17.07W17

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive4 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive5
It stopped to "work" here! Only drive above 80 GB is the D drive and W2k can't handle more than 130 GB in a same partition, so D is split up in D 127 GB and
M 21 GB with probably some loss of space in between....

broni · 2011/02/28

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Please continue with DDS logs.

SKN66 · 2011/02/28

Hi!
Thanks for all the patience.... it's very late here.. or very early depends... and now after all scans and all I can't even find the place where to close tis topic... I did start a new one as instructed, though

broni · 2011/02/28

No, no new topic.
Continue right here.

SKN66 · 2011/02/28

Sorry already did that... a new topic What do I do now?

SKN66 · 2011/02/28

1) No firewall available on my machine....

2) GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-01 04:03:54
Windows 5.0.2195 Service Pack 4 Harddisk4\DR4 -> \Device\00000028 WDC_WD800AAJS-22PSA0 rev.05.06H05
Running: om28umof.exe; Driver: D:\@-PRIV~1\--WIND~1\TEMP\ufldqpob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (Sample File System Filter Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

3)Full scan completed log file in several parts because it crashed the firs time....

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5906

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

2011-02-28 20:53:17
mbam-log-2011-02-28 (20-53-17).txt

Scan type: Quick scan
Objects scanned: 131540
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINNT\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINNT\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINNT\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Did try to run all disks at once (after one each other, not actually simultaneously) but that or that Winamp was using one of the files made the prog to crash... or was it one of these "tings" that did that, well I don’t know, but the MAM found two more of these.... one was an old one...hmm it means it's been there a long time... S... Thought I had it under control. - wrong again!

These Two was found on the rest of the disks.

pcbugdoctor_newsetup.exe (Rogue.PCBugDoctor) -> Quarantined and deleted successfully.
farming-simulator-full-cracked.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

3) The TFC told that it will reboot, but the system seemed to hung up in the process....?

4) MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 2000 Professional
Windows Information: Service Pack 4 (build 2195)
Logical Drives Mask: 0x0001fffd

Kernel Drivers (total 132):
0x80400000 \WINNT\System32\ntoskrnl.exe
0x80062000 \WINNT\System32\hal.dll
0xF6010000 \WINNT\System32\BOOTVID.dll
0xBFFD8000 ACPI.sys
0xF61C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
0xF5C00000 pci.sys
0xF5C10000 isapnp.sys
0xF5C20000 ohci1394.sys
0xF5C30000 \WINNT\System32\DRIVERS\1394BUS.SYS
0xF61C9000 pciide.sys
0xF5E80000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
0xF5E88000 MountMgr.sys
0xBFFBB000 ftdisk.sys
0xF6100000 Diskperf.sys
0xF6102000 dmload.sys
0xBFF99000 dmio.sys
0xF6014000 PartMgr.sys
0xBFF83000 atapi.sys
0xBFF67000 jraid.sys
0xBFF54000 \WINNT\system32\DRIVERS\SCSIPORT.SYS
0xBFF3B000 nvata.sys
0xF5E90000 disk.sys
0xF5C40000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
0xBFF19000 fltmgr.sys
0xF5C50000 PxHelp20.sys
0xBFF07000 KSecDD.sys
0xBFE89000 Ntfs.sys
0xBFE5F000 NDIS.sys
0xF6018000 sisperf.sys
0xF5E98000 sisidex.sys
0xBFE49000 Mup.sys
0xF6104000 JGOGO.sys
0xF5C80000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBF6B7000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF5F88000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF5C90000 \SystemRoot\System32\DRIVERS\serial.sys
0xF608C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF5EB0000 \SystemRoot\System32\DRIVERS\parport.sys
0xF5ED8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF5EC0000 \SystemRoot\System32\DRIVERS\openhci.sys
0xBF695000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF5EE8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF61ED000 \SystemRoot\System32\Drivers\hpcd2k.SYS
0xF61EF000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
0xF5F18000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF5F28000 \SystemRoot\System32\Drivers\incdrm.SYS
0xF5F38000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xF61F4000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xBF670000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF611A000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xF61F8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF5CA0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF60B0000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBF659000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF60C0000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF5CB0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF5ED0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF5EF0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF5CC0000 \SystemRoot\System32\DRIVERS\parallel.sys
0xBF639000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6202000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBF5E6000 \SystemRoot\System32\DRIVERS\update.sys
0xF5F70000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF5CE0000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF5CF0000 \SystemRoot\System32\DRIVERS\usbhub20.sys
0xBE15F000 \SystemRoot\system32\drivers\portcls.sys
0xBE184000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF5D00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBE5DE000 \SystemRoot\System32\Drivers\EFS.SYS
0xF5D10000 \SystemRoot\system32\DRIVERS\hppadt40.sys
0xBFE05000 \SystemRoot\System32\Drivers\LCcFltr.Sys
0xBE596000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xBE5AE000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF5D20000 \SystemRoot\System32\Drivers\LHidUsb.Sys
0xF5F80000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
0xBFDFD000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF5D30000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xF5EF8000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBFDF5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF5F08000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF5F20000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF60B8000 \SystemRoot\system32\DRIVERS\hppaprt0.sys
0xBE055000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF5F60000 \SystemRoot\System32\Drivers\Modem.SYS
0xF612A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF6226000 \SystemRoot\System32\Drivers\Null.SYS
0xF6228000 \SystemRoot\System32\Drivers\Beep.SYS
0xF60C4000 \SystemRoot\System32\drivers\vga.sys
0xF622C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF6130000 \??\C:\WINNT\system32\Drivers\InCDFatRec.sys
0xBFE09000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xBDFF4000 \SystemRoot\System32\Drivers\InCDfs.SYS
0xBE59E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF5D50000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6136000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBDFA5000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5D60000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF5F68000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF5D70000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xBDF2A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5EA8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF5D80000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBDF00000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xBDE88000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBE09B000 \??\C:\WINNT\system32\drivers\EIO_XP.sys
0xBDE40000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBE04D000 \SystemRoot\system32\drivers\atkkbnt.sys
0xF6140000 \SystemRoot\system32\drivers\AsIO.sys
0xF5F40000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF61FA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBDDA1000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xA0000000 \??\C:\WINNT\system32\win32k.sys
0xBC5D5000 \SystemRoot\System32\atkdisp.dll
0xBC053000 \SystemRoot\System32\nv4_disp.dll
0xBBE0B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBBD95000 \SystemRoot\System32\drivers\afd.sys
0xF6132000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF612E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xBBCB7000 \SystemRoot\System32\Drivers\aswMon.SYS
0xF5E10000 \SystemRoot\System32\Drivers\Fips.SYS
0xBBBB5000 \SystemRoot\system32\drivers\wdmaud.sys
0xBBD3D000 \SystemRoot\system32\drivers\sysaudio.sys
0xBBAAF000 \SystemRoot\System32\DRIVERS\srv.sys
0xBDF6D000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xBBC6F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBB8FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBB7D3000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBB3A9000 \SystemRoot\System32\atkosdmini.dll
0xBA87C000 \??\D:\@-PRIV~1\--WIND~1\TEMP\ufldqpob.sys
0xBA7B7000 \SystemRoot\system32\drivers\kmixer.sys
0xBDF8D000 \SystemRoot\System32\DRIVERS\asyncmac.sys
0x77F80000 \WINNT\system32\NTDLL.DLL

Processes (total 41):
0 System Idle Process
8 System
264 \SystemRoot\System32\smss.exe
292 CSRSS.EXE
316 \??\C:\WINNT\system32\winlogon.exe
344 C:\WINNT\system32\services.exe
356 C:\WINNT\system32\lsass.exe
508 C:\WINNT\system32\svchost.exe
532 C:\WINNT\system32\spoolsv.exe
584 C:\WINNT\ATKKBService.exe
604 D:\PROGRAM\SysTools\13 - Antivir\AvastSvc.exe
628 C:\WINNT\System32\svchost.exe
644 C:\WINNT\system32\hidserv.exe
672 D:\PROGRAM\Nec DVD\InCD\InCDsrv.exe
764 C:\WINNT\System32\nvsvc32.exe
832 C:\WINNT\System32\SCardSvr.exe
964 C:\WINNT\System32\WBEM\WinMgmt.exe
980 C:\WINNT\system32\svchost.exe
992 C:\WINNT\System32\svchost.exe
1276 C:\WINNT\Explorer.EXE
1200 C:\WINNT\system32\RUNDLL32.EXE
1428 D:\PROGRAM\Nec DVD\InCD\InCD.exe
1436 C:\WINNT\system32\carpserv.exe
1452 C:\WINNT\system32\rundll32.exe
1472 C:\WINNT\RTHDCPL.EXE
1516 D:\PROGRAM\Logitech\iTouch\iTouch.exe
1528 D:\PROGRAM\Logitech\MouseWare\system\em_exec.exe
1188 D:\PROGRAM\Winamp\winampa.exe
1216 D:\PROGRAM\SysTools\13 - Antivir\avastUI.exe
1500 C:\Program Files\RAMpage\RAMpage.exe
1564 C:\WINNT\system32\internat.exe
1568 D:\Wintools\Iconoid\iconoid.exe
1572 D:\PROGRAM\Telia\Mobile Broadband\Telia mobile broadband.exe
1612 D:\PROGRAM\1stClock\1stClock.exe
1640 D:\Wintools\DESKMENU.EXE
1684 D:\Wintools\EditPad.exe
1772 C:\WINNT\explorer.exe
400 D:\PROGRAM\Winamp\winamp.exe
1656 D:\PROGRAM\Firefox\firefox.exe
2024 C:\Program Files\Microsoft Office\Office\WINWORD.EXE
1296 D:\@ - Privat\-- Windows Folder\- Desktop items\MBRCheck.exe

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\L: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\M: --> \\.\PhysicalDrive5 at offset 0x0000001f`ff588800 (NTFS)

PhysicalDrive4 Model Number: WDCWD800AAJS-22PSA0, Rev: 05.06H05
PhysicalDrive5 Model Number: WDCWD1600AAJS-00B4A0, Rev: 01.03A01
PhysicalDrive0 Model Number: Maxtor2B020H1, Rev: WAH21PB0
PhysicalDrive1 Model Number: WDCWD800BB-00CAA1, Rev: 17.07W17
PhysicalDrive2 Model Number: IC35L080AVVA07-0, Rev: VA4OA52A
PhysicalDrive3 Model Number: WDCWD800BB-00CAA1, Rev: 17.07W17

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive4 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive5

It stopped to "work" here! Only drive above 80 GB is the D drive and W2k can't handle more than 130 GB in a same partition, so D is split up in D 127 GB and
M 21 GB with probably some loss of space in between....
because it's originally a 160 GB drive.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Kiolein at 3:46:11,29 on ti 2011-03-01
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.3070.2670 [GMT 1:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\WINNT\ATKKBService.exe
D:\PROGRAM\SysTools\13 - Antivir\AvastSvc.exe
C:\WINNT\system32\hidserv.exe
D:\PROGRAM\Nec DVD\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
D:\PROGRAM\Nec DVD\InCD\InCD.exe
C:\WINNT\system32\carpserv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\RTHDCPL.EXE
D:\PROGRAM\Logitech\iTouch\iTouch.exe
D:\PROGRAM\Logitech\MouseWare\system\em_exec.exe
D:\PROGRAM\Winamp\winampa.exe
D:\PROGRAM\SysTools\13 - Antivir\avastUI.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\WINNT\system32\internat.exe
D:\Wintools\Iconoid\iconoid.exe
D:\PROGRAM\1stClock\1stClock.exe
D:\Wintools\DESKMENU.EXE
D:\Wintools\EditPad.exe
C:\WINNT\explorer.exe
D:\@ - Temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program\acrobat\activex\AcroIEHelper.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [internat.exe] internat.exe
uRun: [Iconoid] "d:\wintools\iconoid\iconoid.exe" -wait 0
uRun: [Mobile Partner] "d:\program\telia\mobile broadband\Telia mobile broadband.exe "
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\winnt\system32\NeroCheck.exe
mRun: [InCD] d:\program\nec dvd\incd\InCD.exe
mRun: [CARPService] carpserv.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP SchedIndexer] c:\program files\hewlett-packard\laserjet all-in-one\hppschedindexer.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [zBrowser Launcher] d:\program\logitech\itouch\iTouch.exe
mRun: [HP AutoIndexer] c:\program files\hewlett-packard\laserjet all-in-one\hppautoindexer.exe
mRun: [JMB36X IDE Setup] c:\winnt\raidtool\xInsIDE.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [DVDBitSet] "d:\program\power dvd\umbrella\DVDBitSet.exe" /NOUI
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [WinampAgent] d:\program\winamp\winampa.exe
mRun: [avast5] "d:\program\systools\13 - antivir\avastUI.exe" /nogui
mRun: [RAMpage] "c:\program files\rampage\rampage.exe" m=28 t=4 lw p= "c:\program files\rampage\RAMpageConfig.exe "
dRun: [internat.exe] internat.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\kiolein\startm~1\programs\startup\1stclo~1.lnk - d:\program\1stclock\1stClock.exe
StartupFolder: c:\docume~1\kiolein\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\kiolein\startm~1\programs\startup\shortc~1.lnk - d:\wintools\DESKMENU.EXE
StartupFolder: c:\docume~1\kiolein\startm~1\programs\startup\todoli~1.lnk - d:\TO DO LIST.txt
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoNetConnectDisconnect = 1 (0x1)
uPolicies-explorer: NoCommonGroups = 1 (0x1)
uPolicies-explorer: NoInternetIcon = 01000000
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298547048921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: nwprovau - nwprovau.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kiolein\applic~1\mozilla\firefox\profiles\8ylzuwku.default\
FF - prefs.js: browser.search.selectedEngine - jZip Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: keyword.URL - hxxp://search.jzip.com/web?src=ffb&q=
FF - component: c:\documents and settings\kiolein\application data\mozilla\firefox\profiles\8ylzuwku.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJPI140_01.dll
FF - plugin: d:\program\acrobat\reader\browser\nppdf32.dll
FF - plugin: d:\program\firefox\plugins\npwachk.dll
FF - plugin: d:\program\vlc - dvd player\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - %profile%\extensions\multipletab@piro.sakura.ne.jp
FF - Ext: CyberSearch: cybersearch@cybernetnews.com - %profile%\extensions\cybersearch@cybernetnews.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: avast! WebRep: wrc@avast.com - d:\program\systools\13 - antivir\webrep\FF

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [2011-2-27 301528]
R1 hpcd2k;hpcd2k;c:\winnt\system32\drivers\hpcd2k.sys [2008-8-18 4421]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2011-2-27 19544]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2011-2-27 96344]
R2 avast! Antivirus;avast! Antivirus;d:\program\systools\13 - antivir\AvastSvc.exe [2011-2-28 42184]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [1999-12-7 24784]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2011-2-21 49392]
S1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [2011-2-28 371544]
S3 dwm3gmdm;DWM USB Device for Legacy Serial Communication;c:\winnt\system32\drivers\dwm3gmdm.sys --> c:\winnt\system32\drivers\dwm3gmdm.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\winnt\system32\drivers\hsfhwcd2.sys --> c:\winnt\system32\drivers\HSFHWCD2.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\winnt\system32\drivers\ewusbdev.sys [2011-2-16 100736]
S3 InCDFat;Ahead InCDFat File System Driver;c:\winnt\system32\drivers\InCDFat.sys [2008-8-7 134144]
S3 Tdsshbecr;Handelsbanken card reader;c:\winnt\system32\drivers\shbecr.sys --> c:\winnt\system32\drivers\shbecr.sys [?]

=============== File Associations ===============

txtfile=d:\wintools\EditPad.exe "%1 "

=============== Created Last 30 ================

2011-02-28 19:45:13 -------- d-----w- c:\docume~1\kiolein\applic~1\Malwarebytes
2011-02-28 19:45:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-02-28 19:45:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-28 19:45:04 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-02-28 13:00:57 69632 ----a-w- c:\winnt\system32\GkSui18.EXE
2011-02-28 13:00:57 -------- d-----w- c:\program files\RAMpage
2011-02-27 23:02:15 371544 ----a-w- c:\winnt\system32\drivers\aswSnx.sys
2011-02-27 16:35:31 40648 ----a-w- c:\winnt\avastSS.scr
2011-02-27 16:35:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-27 08:25:59 86288 -c--a-w- c:\winnt\system32\dllcache\tp4mon.exe
2011-02-27 08:24:59 388272 -c--a-w- c:\winnt\system32\dllcache\fpcmbase.sys
2011-02-27 08:23:53 38464 -c--a-w- c:\winnt\system32\dllcache\ecnb.sys
2011-02-26 19:19:01 21776 -c--a-w- c:\winnt\system32\dllcache\mouclass.sys
2011-02-26 19:19:01 21776 ----a-w- c:\winnt\system32\drivers\mouclass.sys
2011-02-26 19:19:01 11632 -c--a-w- c:\winnt\system32\dllcache\mouhid.sys
2011-02-26 19:19:01 11632 ----a-w- c:\winnt\system32\drivers\mouhid.sys
2011-02-26 02:00:51 22 --sha-w- c:\docume~1\kiolein\applic~1\Sys2662.Config.Repository.bin
2011-02-26 01:09:03 -------- d-----w- c:\docume~1\kiolein\applic~1\Uniblue
2011-02-26 01:08:41 -------- d-----w- c:\docume~1\kiolein\locals~1\applic~1\PackageAware
2011-02-25 21:30:16 -------- d-----w- c:\program files\JMHL Loader
2011-02-25 20:06:10 -------- d-----w- c:\docume~1\kiolein\locals~1\applic~1\Identities
2011-02-24 16:54:59 -------- d-----w- c:\winnt\system32\Windows Media
2011-02-24 16:54:45 -------- dc-h--w- c:\winnt\$NtUpdateRollupPackUninstall$
2011-02-24 15:33:21 -------- d-----w- c:\docume~1\kiolein\locals~1\applic~1\ApplicationHistory
2011-02-24 15:31:24 -------- dc-h--w- c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2011-02-24 14:21:46 -------- d-----w- c:\winnt\system32\URTTEMP
2011-02-24 14:21:23 -------- d-----w- c:\winnt\system32\ReinstallBackups
2011-02-24 13:48:06 491768 ----a-w- c:\program files\internet explorer\ie6setup.exe
2011-02-24 13:35:50 -------- d-----w- c:\winnt\Windows Update Setup Files
2011-02-24 13:19:30 -------- d-----w- c:\winnt\system32\BITS
2011-02-24 13:17:56 513808 -c--a-w- c:\winnt\system32\dllcache\lsasrv.dll
2011-02-24 13:17:56 513808 ----a-w- c:\winnt\system32\LSASRV.DLL
2011-02-24 12:39:57 21728 ----a-w- c:\winnt\system32\wucltui.dll.mui
2011-02-24 12:39:57 17632 ----a-w- c:\winnt\system32\wuaueng.dll.mui
2011-02-24 12:39:57 15072 ----a-w- c:\winnt\system32\wuaucpl.cpl.mui
2011-02-24 12:39:57 15064 ----a-w- c:\winnt\system32\wuapi.dll.mui
2011-02-24 12:39:57 -------- d-----w- c:\winnt\system32\SoftwareDistribution
2011-02-24 12:33:02 194328 ----a-w- c:\winnt\system32\wuaueng1.dll
2011-02-24 12:33:02 172312 ----a-w- c:\winnt\system32\wuauclt1.exe
2011-02-23 14:13:38 208896 ------w- c:\winnt\system32\nvuide.exe
2011-02-23 14:12:28 35840 ----a-w- c:\winnt\system32\NVCOI.DLL
2011-02-23 14:12:28 289792 ----a-w- c:\winnt\system32\idecoiins.dll
2011-02-23 14:12:28 289792 ----a-w- c:\winnt\system32\idecoi.dll
2011-02-23 14:12:28 100736 ----a-w- c:\winnt\system32\drivers\nvata.sys
2011-02-23 14:06:56 -------- d-----w- C:\PerfLogs
2011-02-23 13:17:21 24576 ----a-w- c:\winnt\system32\AsIO.dll
2011-02-23 13:17:21 12664 ----a-w- c:\winnt\system32\drivers\AsIO.sys
2011-02-23 11:16:01 -------- d---a-w- c:\winnt\system32\appmgmt
2011-02-23 10:49:44 69120 ----a-w- c:\winnt\system32\msdbg.dll
2011-02-23 10:49:44 183574 ----a-w- c:\winnt\system32\pdm.dll
2011-02-23 10:49:44 124200 ----a-w- c:\winnt\system32\mdm.exe
2011-02-23 10:49:44 -------- d-----w- c:\program files\Microsoft Script Debugger
2011-02-21 21:23:36 -------- d-----w- c:\documents and settings\kiolein\.java
2011-02-21 20:54:15 103000 ----a-w- c:\winnt\system32\drivers\jraid.sys
2011-02-21 20:40:43 -------- d-----w- c:\winnt\RaidTool
2011-02-21 20:39:29 -------- d-----w- c:\winnt\system32\SDA
2011-02-21 20:35:20 49392 ----a-w- c:\winnt\system32\drivers\usbhub20.sys
2011-02-21 16:33:42 24528 -c--a-w- c:\winnt\system32\dllcache\kbdclass.sys
2011-02-21 16:33:42 24528 ----a-w- c:\winnt\system32\drivers\kbdclass.sys
2011-02-21 16:33:42 13744 -c--a-w- c:\winnt\system32\dllcache\kbdhid.sys
2011-02-21 16:33:42 13744 ----a-w- c:\winnt\system32\drivers\kbdhid.sys
2011-02-21 16:32:51 24752 -c--a-w- c:\winnt\system32\dllcache\hidclass.sys
2011-02-21 16:32:51 24752 ----a-w- c:\winnt\system32\drivers\hidclass.sys
2011-02-21 16:32:51 23056 -c--a-w- c:\winnt\system32\dllcache\hidparse.sys
2011-02-21 16:32:51 23056 ----a-w- c:\winnt\system32\drivers\hidparse.sys
2011-02-21 16:32:51 18192 -c--a-w- c:\winnt\system32\dllcache\hid.dll
2011-02-21 16:32:51 18192 ----a-w- c:\winnt\system32\hid.dll
2011-02-21 16:32:51 13904 -c--a-w- c:\winnt\system32\dllcache\hidusb.sys
2011-02-21 16:32:51 13904 ----a-w- c:\winnt\system32\drivers\hidusb.sys
2011-02-21 14:44:02 -------- d-----w- c:\docume~1\kiolein\applic~1\Easeware
2011-02-21 13:20:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Mender
2011-02-21 12:40:10 -------- d-----w- c:\docume~1\kiolein\applic~1\DriverFinder
2011-02-20 15:33:04 -------- d-----w- c:\docume~1\kiolein\locals~1\applic~1\jZip
2011-02-20 15:32:21 -------- d-----w- c:\program files\jZip
2011-02-19 08:43:28 -------- d-----w- c:\docume~1\kiolein\applic~1\Goodsol
2011-02-17 00:13:26 1892184 ----a-w- c:\winnt\system32\D3DX9_42.dll
2011-02-17 00:13:25 2414360 ----a-w- c:\winnt\system32\d3dx9_31.dll
2011-02-17 00:13:25 -------- d-----w- c:\winnt\Logs
2011-02-17 00:11:57 87040 -c--a-w- c:\winnt\system32\dllcache\drmstor.dll
2011-02-17 00:11:57 87040 ----a-w- c:\winnt\system32\drmstor.dll
2011-02-17 00:11:57 306424 -c--a-w- c:\winnt\system32\dllcache\drmclien.dll
2011-02-17 00:11:57 306424 ----a-w- c:\winnt\system32\drmclien.dll
2011-02-17 00:11:57 10240 -c--a-w- c:\winnt\system32\dllcache\npwmsdrm.dll
2011-02-17 00:11:57 10240 ----a-w- c:\program files\windows media player\npwmsdrm.dll
2011-02-17 00:02:13 1700352 ----a-w- c:\winnt\system32\GdiPlus.dll
2011-02-17 00:02:13 -------- d-----w- c:\program files\Sound Processing
2011-02-17 00:02:13 -------- d-----w- c:\program files\common files\DeGoMedia
2011-02-16 23:34:42 -------- d-----w- c:\docume~1\kiolein\applic~1\Personal
2011-02-16 21:55:49 37887 ----a-w- c:\winnt\system32\drivers\LHidUsb.sys
2011-02-16 21:55:49 14095 ----a-w- c:\winnt\system32\drivers\LCcfltr.sys
2011-02-16 21:55:48 54784 ----a-w- c:\winnt\system32\MSVCI70.DLL
2011-02-16 21:55:48 1060864 ----a-w- c:\winnt\system32\MFC71.dll
2011-02-16 21:08:09 19728 -c--a-w- c:\winnt\system32\dllcache\hidserv.exe
2011-02-16 21:08:09 19728 ----a-w- c:\winnt\system32\hidserv.exe
2011-02-16 15:30:16 24448 ----a-w- c:\winnt\system32\drivers\ewdcsc.sys
2011-02-16 15:30:16 114432 ----a-w- c:\winnt\system32\drivers\ewusbnet.sys
2011-02-16 15:30:16 102912 ----a-w- c:\winnt\system32\drivers\ewusbmdm.sys
2011-02-16 15:30:16 100736 ----a-w- c:\winnt\system32\drivers\ewusbdev.sys

==================== Find3M ====================

2011-02-24 19:13:32 57344 ----a-w- c:\winnt\uneng.exe
2011-02-24 19:13:32 49152 ----a-w- c:\winnt\system32\cdrtc.dll
2011-02-24 19:13:32 45056 ----a-w- c:\winnt\system32\cdral.dll

============= FINISH: 3:47:48,50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: (974475 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel Pentium III Xeon processor | Socket 775 | 3000/333mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 3000/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 66,378 GiB free.
D: is FIXED (NTFS) - 128 GiB total, 71,614 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 19 GiB total, 12,729 GiB free.
H: is FIXED (NTFS) - 75 GiB total, 33,117 GiB free.
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 77 GiB total, 40,681 GiB free.
L: is FIXED (NTFS) - 75 GiB total, 57,654 GiB free.
M: is FIXED (NTFS) - 21 GiB total, 20,994 GiB free.
N: is CDROM (CDFS)
O: is Removable
P: is Removable
Q: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ActivIcons version 3.33
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Reader 7.0
ASUS Enhanced Display Driver
ASUS Utilities
ASUS VideoSecurity Online
ASUSUpdate
avast! Free Antivirus
CivCity
DeGo Audio Converter version 1.6.3.309
Europa Universalis III
Eye Candy 3
High Definition Audio Driver Package - KB888111
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB953300)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB971110)
hp dvd writer
HP LaserJet Serie 3200 Avinstallerare
Java 2 Runtime Environment SE v1.4.0_01
Java Web Start
JMicron JMB36X Driver
jv16 PowerTools 2011
jZip
K-Lite Codec Pack 4.1.0 (Standard)
Logitech iTouch Software
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB971108)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 Premium
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
Nero Suite
Netscape (7.01)
NVIDIA Drivers
PowerDVD
Pretty Good Solitaire Quest Edition version 7.0.1
RAMpage
RealPlayer Basic
Realtek High Definition Audio Driver
RegRun II
Security Update for DirectX 9.0 (KB975560)
Security Update for DirectX 9.0 (KB975562)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB975025)
Security Update for Windows Media Player (KB977816)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 6.4 (KB974112)
Security Update for Windows Media Player 9 (KB973540)
SoftV92 Voice Modem with SmartCP
Svea Rike III
Take Command 2nd Manassas
Telia mobile broadband
Update Rollup 1 for Windows 2000 SP4
WaveLab Lite
WebFldrs
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player (Remove Only)
Winamp
Winamp Detector Plug-in
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951748-V2
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB955759
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958869
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB969059
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971468
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972270
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973869
Windows 2000 Hotfix - KB973904
Windows 2000 Hotfix - KB974318
Windows 2000 Hotfix - KB974392
Windows 2000 Hotfix - KB974571
Windows 2000 Hotfix - KB977914
Windows 2000 Hotfix - KB978037
Windows 2000 Hotfix - KB978542
Windows 2000 Hotfix - KB978601
Windows 2000 Hotfix - KB978706
Windows 2000 Hotfix - KB979309
Windows 2000 Hotfix - KB979482
Windows 2000 Hotfix - KB979559
Windows 2000 Hotfix - KB979683
Windows 2000 Hotfix - KB980195
Windows 2000 Hotfix - KB980218
Windows 2000 Hotfix - KB980232
Windows 2000 Hotfix - KB981350
Windows 2000 Hotfix - KB982381
Windows 2000 Hotfix (SP5) Q818043
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
Xteq Systems X-Setup 6.3

==== End Of File ===========================

A lot of new things with more info that I can comperhend, so I do hope I did run everything in proper order....
No Changes made, I did miss that Avast was suppoused to be turned off..... so I did run it one more time...with Avast disabled until next boot.... same result it hung on the same drive... that is ofcourse no good news for me, right?

broni · 2011/02/28

You did just fine

Being without any firewall is dangerous.
Please, download an install Comodo 2.4 firewall: http://www.filehippo.com/download_comodo/tech/2252/
It'll work on Windows 2000.

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

SKN66 · 2011/02/28

...and now a really dumb guestion.....what's AVG?
Only Antivirus prog I do have is avast.... what should I do with that...disable until next boot?? Or should I uninstall it?
I should maybe also alter my computer knowledge to Novice in my profile here, because comared to You guys ..... well let's say I strongly reconsider may earlier belifs about my own knowledge about computers

broni · 2011/02/28

You've been doing just fine

disable until next boot?
Click to expand...

That's all you need to do.

SKN66 · 2011/02/28

Thanks! If all works out fine I'll be back with a report.... if not, I'll be back much, much later

broni · 2011/02/28

You'll be fine

SKN66 · 2011/03/01

Didn't work out as planned...
ComboFix did not run at the first attempt.
Tried to run it under the safe mode, but I only have a "mobile broadband" connected over USB and that obviously didn't work under safe mode.
The error message was both times that the ComboFix file was corrupt and I should download another one. First time it just hung after clicking OK

Downloaded ComboFix and renamed it, as instructed Sven_Kiolein.exe

2.nd time I forgot the d... Antivirus.
Managed to disable it and accidentally started rkill twice....

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 2011-03-01 at 6:58:59.
Operating System: Microsoft Windows 2000

Processes terminated by Rkill or while it was running:

D:\@ - Privat\-- Windows Folder\- Desktop items\rkill.com
D:\@ - Privat\-- Windows Folder\- Desktop items\rkill.com

Rkill completed on 2011-03-01 at 6:59:00.

ComboFix started ok, while trying to save the log file and shut down the Anti virus...
ComboFix informed me that I could not rename it Sven_Kiolein renamed it S_K that did not work either then 123aaa or something.... after that it seemed asit would run, but ended up informing me that it had expired....
Atempted to check in the Taskmanager what was running.... then the desk top dissapeard and I was forced to use the reset button.....

So my dear advicers, what's next? You lost me long time ago, now I just follow orders
Untill I get some instructions, well I don't dare to do anithing on my computer.....

PS. Don't think I'm ungrateful.... let me just sort this out first! DS.

broni · 2011/03/01

Delete your Combofix file.
Download fresh one from HERE.
I renamed it already.
Attempt to run it again in either normal, or safe mode.

SKN66 · 2011/03/01

OK. And there is a certain "time ruch" between rkill and Combofix so I'll have to to be quick and do it right this time That ofcourse is, if Combofix does not run as suppoused!
Any ideas about why it did not run under "safe mode" ?
...and If Combofix will update under safe mode... then I'm stuck because there I do not have a conection to Internet.

SKN66 · 2011/03/01

I'm BACK!
It did run and no "hicups" !
It did not reboot automaticly, and Start menu and icons was absent, so I used TaskM. to reboot...

And "saving Your settings" took a long time as it has done lately, maybe related ?
Am I "clan" now ?

ComboFix 11-02-28.07 - Kiolein 2011-03-02 1:31.1.2 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.3070.2526 [GMT 1:00]
Running from: d:\@ - privat\-- Windows Folder\- Desktop items\broni.exe
.
/wow section - STAGE 10

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\Data
c:\winnt\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-02-28 19:45 . 2011-02-28 19:45 -------- d-----w- c:\documents and settings\Kiolein\Application Data\Malwarebytes
2011-02-28 19:45 . 2011-02-28 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-28 19:45 . 2010-12-20 17:09 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-02-28 19:45 . 2010-12-20 17:08 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-02-28 13:00 . 2011-02-28 13:00 -------- d-----w- c:\program files\RAMpage
2011-02-28 13:00 . 2001-01-01 23:18 69632 ----a-w- c:\winnt\system32\GkSui18.EXE
2011-02-27 23:02 . 2011-02-23 14:56 371544 ----a-w- c:\winnt\system32\drivers\aswSnx.sys
2011-02-27 16:51 . 2011-02-27 16:51 -------- d-----w- c:\documents and settings\BIG$
2011-02-27 16:35 . 2011-02-23 14:56 301528 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2011-02-27 16:35 . 2011-02-23 14:55 49240 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2011-02-27 16:35 . 2011-02-23 14:55 102232 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2011-02-27 16:35 . 2011-02-23 14:55 96344 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2011-02-27 16:35 . 2011-02-23 14:55 25432 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2011-02-27 16:35 . 2011-02-23 14:54 30680 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2011-02-27 16:35 . 2011-02-23 14:54 19544 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2011-02-27 16:35 . 2011-02-23 15:04 40648 ----a-w- c:\winnt\avastSS.scr
2011-02-27 16:35 . 2011-02-23 15:04 190016 ----a-w- c:\winnt\system32\aswBoot.exe
2011-02-27 16:35 . 2011-02-27 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-27 14:09 . 2011-02-27 18:28 -------- d-----w- c:\documents and settings\Kiolein\Application Data\Winamp
2011-02-27 08:25 . 1999-12-07 15:43 79024 -c--a-w- c:\winnt\system32\dllcache\tgiul50.dll
2011-02-27 08:24 . 2003-03-24 15:52 208896 -c--a-w- c:\winnt\system32\dllcache\fpmmcsat.dll
2011-02-27 08:23 . 1999-11-30 22:38 33792 -c--a-w- c:\winnt\system32\dllcache\ecpagex.dll
2011-02-26 19:19 . 2003-06-19 11:05 21776 -c--a-w- c:\winnt\system32\dllcache\mouclass.sys
2011-02-26 19:19 . 2003-06-19 11:05 21776 ----a-w- c:\winnt\system32\drivers\mouclass.sys
2011-02-26 19:19 . 2003-06-19 11:05 11632 -c--a-w- c:\winnt\system32\dllcache\mouhid.sys
2011-02-26 19:19 . 2003-06-19 11:05 11632 ----a-w- c:\winnt\system32\drivers\mouhid.sys
2011-02-26 02:00 . 2011-02-26 02:00 22 --sha-w- c:\documents and settings\Kiolein\Application Data\Sys2662.Config.Repository.bin
2011-02-26 01:09 . 2011-02-26 01:09 -------- d-----w- c:\documents and settings\Kiolein\Application Data\Uniblue
2011-02-26 01:08 . 2011-02-26 01:08 -------- d-----w- c:\documents and settings\Kiolein\Local Settings\Application Data\PackageAware
2011-02-25 21:30 . 2011-02-26 11:05 -------- d-----w- c:\program files\JMHL Loader
2011-02-25 20:06 . 2011-02-25 20:06 -------- d-----w- c:\documents and settings\Kiolein\Local Settings\Application Data\Identities
2011-02-24 16:54 . 2011-02-24 16:54 -------- d-----w- c:\winnt\system32\Windows Media
2011-02-24 16:54 . 2011-02-24 16:54 -------- dc-h--w- c:\winnt\$NtUpdateRollupPackUninstall$
2011-02-24 15:33 . 2011-02-24 15:33 -------- d-----w- c:\documents and settings\Kiolein\Local Settings\Application Data\ApplicationHistory
2011-02-24 15:31 . 2011-02-24 15:31 -------- dc-h--w- c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2011-02-24 14:21 . 2011-02-24 14:21 -------- d-----w- c:\winnt\system32\URTTEMP
2011-02-24 13:48 . 2004-05-03 08:15 491768 ----a-w- c:\program files\Internet Explorer\ie6setup.exe
2011-02-24 13:35 . 2011-02-24 13:47 -------- d-----w- c:\winnt\Windows Update Setup Files
2011-02-24 13:19 . 2011-02-24 13:19 -------- d-----w- c:\winnt\system32\BITS
2011-02-24 13:17 . 2007-10-16 11:34 513808 -c--a-w- c:\winnt\system32\dllcache\lsasrv.dll
2011-02-24 13:17 . 2007-10-16 11:34 513808 ----a-w- c:\winnt\system32\LSASRV.DLL
2011-02-24 12:39 . 2009-08-06 18:24 15072 ----a-w- c:\winnt\system32\wuaucpl.cpl.mui
2011-02-24 12:39 . 2009-08-06 18:24 17632 ----a-w- c:\winnt\system32\wuaueng.dll.mui
2011-02-24 12:33 . 2009-08-06 18:24 327896 ----a-w- c:\winnt\system32\wucltui.dll
2011-02-24 12:33 . 2009-08-06 18:24 44768 ----a-w- c:\winnt\system32\wups2.dll
2011-02-24 12:33 . 2009-08-06 18:24 35552 ----a-w- c:\winnt\system32\wups.dll
2011-02-24 12:33 . 2009-08-06 18:23 575704 ----a-w- c:\winnt\system32\wuapi.dll
2011-02-24 12:33 . 2005-05-26 03:16 194328 ----a-w- c:\winnt\system32\wuaueng1.dll
2011-02-24 12:33 . 2005-05-26 03:16 172312 ----a-w- c:\winnt\system32\wuauclt1.exe
2011-02-23 14:13 . 2006-04-14 13:00 208896 ------w- c:\winnt\system32\nvuide.exe
2011-02-23 14:12 . 2006-04-24 16:52 289792 ----a-w- c:\winnt\system32\idecoiins.dll
2011-02-23 14:12 . 2006-04-24 16:52 289792 ----a-w- c:\winnt\system32\idecoi.dll
2011-02-23 14:12 . 2006-04-24 16:52 100736 ----a-w- c:\winnt\system32\drivers\nvata.sys
2011-02-23 14:12 . 2006-04-14 13:01 35840 ----a-w- c:\winnt\system32\NVCOI.DLL
2011-02-23 14:06 . 2011-02-23 14:06 -------- d-----w- C:\PerfLogs
2011-02-23 13:17 . 2006-10-18 19:12 12664 ----a-w- c:\winnt\system32\drivers\AsIO.sys
2011-02-23 13:17 . 2006-01-10 08:50 24576 ----a-w- c:\winnt\system32\AsIO.dll
2011-02-23 10:49 . 2011-02-23 10:49 -------- d-----w- c:\program files\Microsoft Script Debugger
2011-02-23 10:49 . 1999-02-28 01:32 124200 ----a-w- c:\winnt\system32\mdm.exe
2011-02-23 10:49 . 1999-02-28 01:32 183574 ----a-w- c:\winnt\system32\pdm.dll
2011-02-23 10:49 . 1999-02-28 01:31 69120 ----a-w- c:\winnt\system32\msdbg.dll
2011-02-21 21:23 . 2011-02-21 21:23 -------- d-----w- c:\documents and settings\Kiolein\.java
2011-02-21 20:54 . 2010-11-25 10:27 103000 ----a-w- c:\winnt\system32\drivers\jraid.sys
2011-02-21 20:40 . 2011-02-21 20:42 -------- d-----w- c:\winnt\RaidTool
2011-02-21 20:39 . 2011-02-21 20:39 -------- d-----w- c:\winnt\system32\SDA
2011-02-21 20:35 . 2002-04-18 10:46 49392 ----a-w- c:\winnt\system32\drivers\usbhub20.sys
2011-02-21 16:33 . 2003-06-19 11:05 24528 -c--a-w- c:\winnt\system32\dllcache\kbdclass.sys
2011-02-21 16:33 . 2003-06-19 11:05 24528 ----a-w- c:\winnt\system32\drivers\kbdclass.sys
2011-02-21 16:33 . 1999-10-04 14:04 13744 -c--a-w- c:\winnt\system32\dllcache\kbdhid.sys
2011-02-21 16:33 . 1999-10-04 14:04 13744 ----a-w- c:\winnt\system32\drivers\kbdhid.sys
2011-02-21 16:32 . 2003-06-19 11:05 24752 -c--a-w- c:\winnt\system32\dllcache\hidclass.sys
2011-02-21 16:32 . 2003-06-19 11:05 24752 ----a-w- c:\winnt\system32\drivers\hidclass.sys
2011-02-21 16:32 . 2003-06-19 11:05 23056 -c--a-w- c:\winnt\system32\dllcache\hidparse.sys
2011-02-21 16:32 . 2003-06-19 11:05 23056 ----a-w- c:\winnt\system32\drivers\hidparse.sys
2011-02-21 16:32 . 2003-06-19 11:05 18192 -c--a-w- c:\winnt\system32\dllcache\hid.dll
2011-02-21 16:32 . 2003-06-19 11:05 18192 ----a-w- c:\winnt\system32\hid.dll
2011-02-21 16:32 . 1999-10-04 14:03 13904 -c--a-w- c:\winnt\system32\dllcache\hidusb.sys
2011-02-21 16:32 . 1999-10-04 14:03 13904 ----a-w- c:\winnt\system32\drivers\hidusb.sys
2011-02-21 14:44 . 2011-02-21 14:44 -------- d-----w- c:\documents and settings\Kiolein\Application Data\Easeware
2011-02-21 13:20 . 2011-02-21 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Mender
2011-02-21 12:40 . 2011-02-21 12:40 -------- d-----w- c:\documents and settings\Kiolein\Application Data\DriverFinder
2011-02-20 15:33 . 2011-02-20 15:33 -------- d-----w- c:\documents and settings\Kiolein\Local Settings\Application Data\jZip
2011-02-20 15:32 . 2011-02-20 15:32 -------- d-----w- c:\program files\jZip
2011-02-19 08:43 . 2011-02-19 08:43 -------- d-----w- c:\documents and settings\Kiolein\Application Data\Goodsol
2011-02-17 00:13 . 2009-09-04 16:29 1892184 ----a-w- c:\winnt\system32\D3DX9_42.dll
2011-02-17 00:13 . 2011-02-17 00:13 -------- d-----w- c:\winnt\Logs
2011-02-17 00:13 . 2006-09-28 15:05 2414360 ----a-w- c:\winnt\system32\d3dx9_31.dll
2011-02-17 00:11 . 2005-04-05 10:20 306424 -c--a-w- c:\winnt\system32\dllcache\drmclien.dll
2011-02-17 00:11 . 2005-04-05 10:20 306424 ----a-w- c:\winnt\system32\drmclien.dll
2011-02-17 00:11 . 2005-04-05 10:20 87040 -c--a-w- c:\winnt\system32\dllcache\drmstor.dll
2011-02-17 00:11 . 2005-04-05 10:20 87040 ----a-w- c:\winnt\system32\drmstor.dll
2011-02-17 00:11 . 2005-04-05 10:20 10240 -c--a-w- c:\winnt\system32\dllcache\npwmsdrm.dll
2011-02-17 00:11 . 2005-04-05 10:20 10240 ----a-w- c:\program files\Windows Media Player\npwmsdrm.dll
2011-02-17 00:02 . 2011-02-17 00:02 -------- d-----w- c:\program files\Sound Processing
2011-02-17 00:02 . 2011-02-17 00:02 -------- d-----w- c:\program files\Common Files\DeGoMedia
2011-02-17 00:02 . 2003-05-21 21:50 1700352 ----a-w- c:\winnt\system32\GdiPlus.dll
2011-02-16 23:34 . 2011-02-16 23:34 -------- d-----w- c:\documents and settings\Kiolein\Application Data\Personal
2011-02-16 21:55 . 2004-03-03 08:50 37887 ----a-w- c:\winnt\system32\drivers\LHidUsb.sys
2011-02-16 21:55 . 2004-03-03 08:50 14095 ----a-w- c:\winnt\system32\drivers\LCcfltr.sys
2011-02-16 21:55 . 2003-03-18 21:20 1060864 ----a-w- c:\winnt\system32\MFC71.dll
2011-02-16 21:55 . 2002-01-05 03:38 54784 ----a-w- c:\winnt\system32\MSVCI70.DLL
2011-02-16 21:08 . 2003-06-19 11:05 19728 -c--a-w- c:\winnt\system32\dllcache\hidserv.exe
2011-02-16 21:08 . 2003-06-19 11:05 19728 ----a-w- c:\winnt\system32\hidserv.exe
2011-02-16 15:30 . 2009-12-08 19:19 114432 ----a-w- c:\winnt\system32\drivers\ewusbnet.sys
2011-02-16 15:30 . 2009-12-07 18:53 102912 ----a-w- c:\winnt\system32\drivers\ewusbmdm.sys
2011-02-16 15:30 . 2009-10-12 14:21 100736 ----a-w- c:\winnt\system32\drivers\ewusbdev.sys
2011-02-16 15:30 . 2007-08-09 03:13 24448 ----a-w- c:\winnt\system32\drivers\ewdcsc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2002-11-26 18:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll

c:\winnt\System32\comres.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- d:\program\SysTools\13 - Antivir\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe "= "internat.exe" [1999-12-07 20752]
"Iconoid "= "d:\wintools\Iconoid\iconoid.exe" [2005-02-20 74240]
"Mobile Partner "= "d:\program\Telia\Mobile Broadband\Telia mobile broadband.exe" [2011-02-16 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz "= "nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter "= "c:\winnt\System32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck "= "c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD "= "d:\program\Nec DVD\InCD\InCD.exe" [2006-01-16 1398272]
"CARPService "= "carpserv.exe" [2002-12-18 4608]
"RTHDCPL "= "RTHDCPL.EXE" [2006-11-14 16270848]
"HP SchedIndexer "= "c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-03-01 86016]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 19968]
"zBrowser Launcher "= "d:\program\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"HP AutoIndexer "= "c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-03-01 77824]
"JMB36X IDE Setup "= "c:\winnt\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"AsusStartupHelp "= "c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 363008]
"DVDBitSet "= "d:\program\Power DVD\Umbrella\DVDBitSet.exe" [2002-03-25 188416]
"NvCplDaemon "= "c:\winnt\system32\NvCpl.dll" [2007-12-04 8523776]
"WinampAgent "= "d:\program\Winamp\winampa.exe" [2010-12-09 74752]
"avast5 "= "d:\program\SysTools\13 - Antivir\avastUI.exe" [2011-02-23 3451496]
"RAMpage "= "c:\program files\RAMpage\RAMpage.exe" [2001-01-06 10784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe "= "internat.exe" [1999-12-07 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\Kiolein\Start Menu\Programs\Startup\
1st Clock.lnk - d:\program\1stClock\1stClock.exe [2008-8-12 829440]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-7 113664]
Shortcut to DESKMENU.EXE.lnk - d:\wintools\DESKMENU.EXE [2008-7-19 18432]
TO DO LIST.lnk - D:\TO DO LIST.txt [2008-8-17 9558]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-7 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)
"NoNetConnectDisconnect "= 1 (0x1)
"NoCommonGroups "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
2006-09-01 05:49 140048 ----a-w- c:\winnt\system32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTxfiHlp "=CTXFIHLP.EXE
"Synchronization Manager "=mobsync.exe /logon
"SkyTel "=SkyTel.EXE
"HPCDTray "= "d:\program\Power DVD\Umbrella\hpcdtray.exe "

R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [2011-02-27 301528]
R1 hpcd2k;hpcd2k;c:\winnt\system32\drivers\hpcd2k.sys [2008-08-18 4421]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2011-02-27 19544]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2011-02-27 96344]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\winnt\system32\drivers\ewusbdev.sys [2011-02-16 100736]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [1999-12-07 24784]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2011-02-21 49392]
S1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [2011-02-28 371544]
S3 dwm3gmdm;DWM USB Device for Legacy Serial Communication;c:\winnt\system32\DRIVERS\dwm3gmdm.sys --> c:\winnt\system32\DRIVERS\dwm3gmdm.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\winnt\system32\DRIVERS\HSFHWCD2.sys --> c:\winnt\system32\DRIVERS\HSFHWCD2.sys [?]
S3 InCDFat;Ahead InCDFat File System Driver;c:\winnt\system32\drivers\InCDFat.sys [2008-08-07 134144]
S3 Tdsshbecr;Handelsbanken card reader;c:\winnt\system32\DRIVERS\shbecr.sys --> c:\winnt\system32\DRIVERS\shbecr.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDFatRec
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kiolein\Application Data\Mozilla\Firefox\Profiles\8ylzuwku.default\
FF - prefs.js: browser.search.selectedEngine - jZip Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: keyword.URL - hxxp://search.jzip.com/web?src=ffb&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - %profile%\extensions\multipletab@piro.sakura.ne.jp
FF - Ext: CyberSearch: cybersearch@cybernetnews.com - %profile%\extensions\cybersearch@cybernetnews.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: avast! WebRep: wrc@avast.com - d:\program\SysTools\13 - Antivir\WebRep\FF
.
.
------- File Associations -------
.
txtfile=d:\wintools\EditPad.exe "%1 "
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 01:33
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(328)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2011-03-02 01:35:10
ComboFix-quarantined-files.txt 2011-03-02 00:35

Pre-Run: 71 229 894 656 bytes free
Post-Run: 71 193 829 376 bytes free

- - End Of File - - 284AA04450DD30F19736FA08D1654CC4

Log in or Sign up

Solved Win 2000 checked but eventually not clean!

SKN66 Inactive Thread Starter

PeteC SuperGeek Staff

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Win 2000 checked but eventually not clean!

SKN66 Inactive Thread Starter

PeteC SuperGeek Staff

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

broni Moderator Malware Analyst

SKN66 Inactive Thread Starter

SKN66 Inactive Thread Starter

Share This Page

Useful Searches