Solved Internet Explorer Crashes

Ken · 2011/07/31

[Resolved] Internet Explorer Crashes

I am running XP SP3 with IE6. IE disappears right after launch or encounters a problem and needs to close. Installing newer versions over it does not fix it.
I ran Avast that found nothing and then Malwarebytes as suggested on the IE forum. Here is the log shortened to fit here:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7328

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/30/2011 4:43:36 PM
mbam-log-2011-07-30 (16-43-36).txt

Scan type: Quick scan
Objects scanned: 157705
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 142
Files Infected: 392

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\ati3duag32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0CEA4EAB-3133-488E-A72D-02F84EBFB8A8} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CEA4EAB-3133-488E-A72D-02F84EBFB8A8} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CEA4EAB-3133-488E-A72D-02F84EBFB8A8} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\application data\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\winantispyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\winantispyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\Kenneth\application data\winantispyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\Kenneth\application data\winantispyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\common files\winantispyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.181.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.181.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.181.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\database (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\quaratine.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\01361b7e49534026bf0990a4 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\031a6457941f43392e3b5882 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\041510c089f14f24247844a4 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\049468dcdfa045989c6b86a5 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\0bbaee62810b4f0ab83e2d87 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\13b75406386846f4caec5fa3 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\1490d4af7b564d30f09472a4 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\212fbbd19b254cec70d7b993 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\26f8467031b6442badb074aa (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2980bd4e6df7438c10ed8289 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2dfc6b272c50434085947f86 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\5b81ce73266d4ffd591eb7b9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\5c94fe9af6524a807b9392bc (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\648b529ccb6944b724ffa393 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\6e2eadedce084dfe4e8ad0ab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\759bc7e4d4514510fa1c7e9e (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\768cff23abbc4dedf4c8878d (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\76fd09394f364dac99766886 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\78858695339440441c2482a9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\7da5a6a9dd364fd777ecb4ba (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\7f8c9fee49584d571a590183 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\8f9748dc9fab4ed98f08cca2 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\95c74f19840c4df2510fd2bb (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\a8db491737884c071511a098 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\ac59a6843fb8435d118800ab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\aed175f071e94561361a0e9d (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\b0c8e8e12bf745834aff5cb3 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\b13811a650a846827a0526ab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\bad38636991746a12e5b8090 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\c0e4d30c6b214db0696bb884 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\c9dd41ca0b5c44afda3cf790 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\ce4aa5ab4c7f453a84b13fae (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d0df24df01d344e125e396a5 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d3f2ca0efbee44a1b15650a0 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d5a7982568d446f93250b488 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\de0ba25557054355773a5680 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\e1edbfdf57234ef399726088 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\e2e50224cbfa415cc4bc7985 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\f3caaf468136477f24b117a9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\f7a197d69908436d66db9a9a (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\fab13a309b564c3cae34059c (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\342575225c364d559bf88a86 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\36def0d47f454dcfc20e7392 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\3e0c4a8993e24b24bc607580 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\41ad25085eb74c0d58822f82 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\420c88a5160e4d6ea0ff0f85 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\44c9e25ca711455de52b9598 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\4ac691bb9362442c4f40ec88 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\54a0234bb6044df0a23e4f98 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2f4d57c5c445495bf9ee3cad (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\8b01b859595549d58660a38d (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\9578dcde631e4f4523eef68a (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\a8ea5302f02c44c01b982dab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\daa00230858e47e821f7dba4 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\03b0e98402ca48fadd6e00ae (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\0bdb45f3470e46bec2635685 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\13b17fa9c4ac47842618269c (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\1aa73735e1ea4bb02e02d59c (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\1e849d86314d46f7d44d778c (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\25a8ccd8999940f6b5cf84b3 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\293a870b41a44bd3c9648193 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\98eb4f51a8884ebc20c85abe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\990f622a35e0483c9d915092 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\9a2fe31eadcc498a5853c0a8 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\9bb14c81ce2a40da0843e6a4 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\9e32f4a9ef624dd61bea91b6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\a03010c0a1524d164211efb0 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\a6afe1d77a324462c6a08dac (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\a8eb5eae395743ed74d9759e (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\afc6b0c71aa2469e2867f79e (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\b15a81b9001b4b18a0feb7a9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\b40bf5a4beeb4515155a9e80 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\b5987454dd1d40348dbbd585 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\b6002b6cec5240f435e657b1 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\bc67629fb3a04ae69574cca0 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\634dfa807078474fff23baab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\657071abaeae40b9c3be0db8 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\68d79e2f20aa401855515ab3 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\701860744d17484a14b5ddb5 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\73c088ff1af44d5e060232b3 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\74d143f24b5b44d574783598 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\78298eb0fb45441aa36d61aa (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\7bb1b99215ce4e74c73a4ea5 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\8428ac266ff0409a01512884 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\86011168083c4d040e2b1d81 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\8d6d096106fc4c9e6f76f184 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\8e0a5190352044f18f4a2ab9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\8fbd1538bb7a4d04f786a6bb (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\bd2c889725b542dc690421a5 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\c2e536b3d9fd4e10ddc63d8d (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\c66f8f95687b4810629c41a6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\c6b6163a192c4dbdba4a97b6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\c71d96d8b2104f73788be684 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\c9551e2554744fe4683fb093 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\c97299ee23e443101249fd92 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\cedf205c7ca349d32a1735aa (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\d03c9547ae934f04c8884aa1 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\d14ee2f1963a4645a8de95b8 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\d6fa48bce83d475b70fde0a5 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\30ead9798496418d7c4a3fa7 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\5be420e8714b473b175df581 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\97a44a81262d4c7962760d9f (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\db69b012192748c6608fbbbc (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\e511ddd7705a4632d413808d (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\e8bd0b0cae744716cb0bb181 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\e947137e3bf642661f92e183 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\eb972c2c50684c9cb3b02598 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\effd0421193f42aaaa95d6ae (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\f856331206e042c7f69e408d (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\ff136d06d6be452462b9b4ab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\3a63ff6a161845e5d7ac08a4 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\3b6978f8d1964086d4d5d091 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\3bb38b89044848a7adbedfb6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\3f592b17b3cf4018878ca6b6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\529cfddd1d9a460ce6fe7b95 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\56b3dd3f349a43e01361949e (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\59bc0bb2e02a459369380383 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\522779a0ae364a8ef8174a89\59bd97b15dfa488553583480 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\de5736df741547f784b13b91 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\de5736df741547f784b13b91\0e5bb69533cd490ee0bbbdab (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\de5736df741547f784b13b91\c992e27d8ff94fde755a1e83 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\de5736df741547f784b13b91\f69f4d2c202f43276b2e8e9a (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\ati3duag32.dll (Trojan.Agent) -> Delete on reboot.
c:\windows\system32\ati3duag32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\kenneth\local settings\temp\tmph4087694835225931019.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA\hblitesa_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\winantispyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\winantispyware 2007\Data\productcode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\Kenneth\application data\winantispyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\common files\winantispyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.181.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\outerinfo\Terms.rtf (Adware.PurityScan) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\scanlog.xml (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\Activate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\appupdate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\AsAgents.xml (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\autoprocess.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\bnlink.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\dbupdate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\lapv.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\license.rtf (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\manual.pdf (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\manual.url (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\monstate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\ps.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\pv.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\readme.rtf (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\sr.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\Summary.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\support.url (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\tasks.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\threatnet.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\unins000.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\unwizard.xml (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\up.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\updater.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\WAS7.url (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\WAS7.xml (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\database\knownfiles.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\database\TEBase.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\database\vbpv.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\quaratine.dat\#post_quarantine (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\01361b7e49534026bf0990a4\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\01361b7e49534026bf0990a4\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\031a6457941f43392e3b5882\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\031a6457941f43392e3b5882\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\041510c089f14f24247844a4\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\041510c089f14f24247844a4\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\041510c089f14f24247844a4\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\049468dcdfa045989c6b86a5\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\049468dcdfa045989c6b86a5\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\0bbaee62810b4f0ab83e2d87\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\0bbaee62810b4f0ab83e2d87\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\13b75406386846f4caec5fa3\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\13b75406386846f4caec5fa3\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\1490d4af7b564d30f09472a4\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\1490d4af7b564d30f09472a4\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\212fbbd19b254cec70d7b993\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\212fbbd19b254cec70d7b993\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\26f8467031b6442badb074aa\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\26f8467031b6442badb074aa\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2980bd4e6df7438c10ed8289\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2980bd4e6df7438c10ed8289\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2dfc6b272c50434085947f86\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2dfc6b272c50434085947f86\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\5b81ce73266d4ffd591eb7b9\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\5b81ce73266d4ffd591eb7b9\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\5c94fe9af6524a807b9392bc\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\5c94fe9af6524a807b9392bc\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\648b529ccb6944b724ffa393\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\648b529ccb6944b724ffa393\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\6e2eadedce084dfe4e8ad0ab\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\6e2eadedce084dfe4e8ad0ab\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\759bc7e4d4514510fa1c7e9e\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\759bc7e4d4514510fa1c7e9e\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\768cff23abbc4dedf4c8878d\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\768cff23abbc4dedf4c8878d\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\76fd09394f364dac99766886\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\76fd09394f364dac99766886\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\78858695339440441c2482a9\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\78858695339440441c2482a9\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\7da5a6a9dd364fd777ecb4ba\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\7da5a6a9dd364fd777ecb4ba\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\7f8c9fee49584d571a590183\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\7f8c9fee49584d571a590183\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\8f9748dc9fab4ed98f08cca2\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\8f9748dc9fab4ed98f08cca2\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\95c74f19840c4df2510fd2bb\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\95c74f19840c4df2510fd2bb\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\a8db491737884c071511a098\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\a8db491737884c071511a098\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\ac59a6843fb8435d118800ab\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\ac59a6843fb8435d118800ab\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\aed175f071e94561361a0e9d\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\aed175f071e94561361a0e9d\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\b0c8e8e12bf745834aff5cb3\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\b0c8e8e12bf745834aff5cb3\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\b13811a650a846827a0526ab\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\b13811a650a846827a0526ab\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\bad38636991746a12e5b8090\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\bad38636991746a12e5b8090\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\c0e4d30c6b214db0696bb884\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\c0e4d30c6b214db0696bb884\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\c9dd41ca0b5c44afda3cf790\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\c9dd41ca0b5c44afda3cf790\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\ce4aa5ab4c7f453a84b13fae\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\ce4aa5ab4c7f453a84b13fae\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d0df24df01d344e125e396a5\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d0df24df01d344e125e396a5\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d3f2ca0efbee44a1b15650a0\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d3f2ca0efbee44a1b15650a0\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d5a7982568d446f93250b488\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\d5a7982568d446f93250b488\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\de0ba25557054355773a5680\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\de0ba25557054355773a5680\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\de0ba25557054355773a5680\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\e1edbfdf57234ef399726088\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\e1edbfdf57234ef399726088\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\e2e50224cbfa415cc4bc7985\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\e2e50224cbfa415cc4bc7985\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\f3caaf468136477f24b117a9\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\f3caaf468136477f24b117a9\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\f7a197d69908436d66db9a9a\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\f7a197d69908436d66db9a9a\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\fab13a309b564c3cae34059c\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\fab13a309b564c3cae34059c\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\342575225c364d559bf88a86\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\342575225c364d559bf88a86\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\36def0d47f454dcfc20e7392\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\36def0d47f454dcfc20e7392\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\3e0c4a8993e24b24bc607580\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\3e0c4a8993e24b24bc607580\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\3e0c4a8993e24b24bc607580\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\41ad25085eb74c0d58822f82\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\41ad25085eb74c0d58822f82\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\420c88a5160e4d6ea0ff0f85\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\420c88a5160e4d6ea0ff0f85\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\44c9e25ca711455de52b9598\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\44c9e25ca711455de52b9598\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\4ac691bb9362442c4f40ec88\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\4ac691bb9362442c4f40ec88\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\54a0234bb6044df0a23e4f98\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\54a0234bb6044df0a23e4f98\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2f4d57c5c445495bf9ee3cad\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\e0fdbf13b90d4091ced2dcb6\2f4d57c5c445495bf9ee3cad\#startup (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\8b01b859595549d58660a38d\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\8b01b859595549d58660a38d\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\winantispyware 2007\rtmonitor.dat\f81307ddc1764f4a5421a7b9\2d52df806d844597771b0290\8b01b859595549d58660a38d\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

PeteC · 2011/07/31

Yes - your computer is infected ....

Please read this as indicated at the head of the forum and post all the logs requested in this thread.

Ken · 2011/07/31

How do I turn off Avast and Malwarebytes to run step2?

PeteC · 2011/07/31

Broni will advise in due course - I do not use Avast or the (presumably) paid for version of Malwarebytes - the free version runs only on demand.

broni · 2011/07/31

It's all in our instructions.
Just read them carefully.
There is a link in GMER instructions, which explains how to do it.
If your MBAM is a free version, you don't have to do anything about MBAM.

Ken · 2011/07/31

I did step 2, GMER. It ran for about an hour and collected about 25 items. Before I could copy or save it, Windows was threatened, shut down, and did a memory dump. Should I do GMER over.

broni · 2011/07/31

Run this instead....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

Ken · 2011/07/31

Rootkit run and here is report:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7F51000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7DCF000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF7BE9000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7D3A000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xF84F4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEC973000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xEDAD1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7B63000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEDCB6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB3589000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xEC9E3000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7CC0000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEDC7E000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF8628000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB3631000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF84C7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3033000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEDB69000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEDC56000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7D14000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xEDA65000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7C9C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7F19000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7EF6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEDC34000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF85C0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF85F8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF84AD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB3BF9000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB3BE0000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF85E0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB3C28000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB3BC9000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF8581000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7BD2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF8598000 drvmcdb.sys 90112 bytes (Sonic Solutions, Device Driver)
0xB3C12000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB390C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7D00000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7F3D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEDD0F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF85AE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8617000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7BC1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB42C9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8717000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF86F7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8737000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF86E7000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF8727000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF8149000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8837000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF86B7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8747000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8697000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8767000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7701000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8707000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8687000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8757000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xEDBD4000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8677000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF87D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8797000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7721000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xB33C1000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF86A7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF88C7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF88E7000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76F1000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xB31C1000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF8787000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7711000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF86C7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB5445000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF76E1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8A17000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8937000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8967000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8A07000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8A1F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF895F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF88F7000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB3F94000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF89F7000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF89DF000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xEC67F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF8A3F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8A0F000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF8A47000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF897F000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF89FF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF89CF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF89C7000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF8957000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8987000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF88FF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8A2F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8A37000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8A27000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8A57000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEEE0E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB5FD1000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF809F000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF8B33000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB63BF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8B1B000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8464000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xEEE02000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB96F1000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF8A87000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEDB4D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF846C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8470000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xEEE06000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8B23000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8458000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8B13000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF8C0F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB9A21000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF8C03000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8C0D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B7B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8B77000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8C11000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8C13000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8BCB000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF8BCD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB9721000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8BF1000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B79000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D93000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8D8F000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xF8C41000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D21000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8C3F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xB8F3B000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8F3C000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================

Nothing detected

broni · 2011/07/31

Good.

Go ahead with aswMBR and DDS.

Ken · 2011/07/31

Ran MBR. Can you read this?

¸ Å½Ã¼ |Å½Ã˜Ã¼¹â‚¬ ‹Ã´¿ Å½Ã€Ã³f¥Ãª- Ã¨Ã… ´ Ã tH= ‰uC´ Ã 3Ã›Ã†‡¾ â‚¬¿Ã‚Ã›t
ƒÃƒ ƒÃ»@rÃ¬¾GÃ©’ Ã†‡¾â‚¬Ã†‡Ã‚
.Ã‡ ! ¸C †Ã„²â‚¬¾ Ã rÃ›
Ã¤uÃ—3Ã›3Ã‰Š‡¾< t
<â‚¬t ¾ŠÃ«ZA‹Ã«ƒÃƒ ƒÃ»@rÃ¤¾•
â‚¬Ã¹ rKwC¾X‹Ã…ÃÃ¨ D Ã¿Ã—f‹†Ã†f.£% .Ã‡ ! |´B²â‚¬¾ Ã ¾â‚¬r
Ã¤u ¾xÃ¿Ã—¾«>Ã¾}Uªu Ã© uÃ¿Ã—´ Ã Ã ¸ Ã ¸ ¸Å½Ã€3Ã¿¸ -¹P Ã³«±
¾;¿D «Ã¢Ã¼´ · º Ã ´†¹- ºâ‚¬„Ã ¿,Ãƒ< t ´
» Ã Ã«Ã²Ãƒwww.delcomCannot restore

Loading PBR for descriptor 1... done.

failed.

Bad flag

0 active partitions

Bad PBR

ŒsÃ´Ã ÃžÃ¾? ? †9 â‚¬ Ã¾Ã¿Ã¿Ã…9 p˜Ã® ÃÃ¿Ã›Ã¾Ã¿Ã¿5Ã’Ã¯ ˆ ` Uª

broni · 2011/07/31

Go ahead with GMER.

Ken · 2011/08/01

I ran DDS. Do I now re-run GMER?
DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Kenneth at 8:03:58 on 2011-08-01
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\tbub2\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SBCONVERT Class: {a1056498-d09a-41e4-864b-505edd640d9e} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
BHO: GoogleAFE: {ca6319c0-31b7-401e-a518-a07c3db8f777} - CBrowserHelperObject Object
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\tbub2\grabber.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\tbub2\tbcore3.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe "
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxps://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{32D46FAE-3E40-430A-ABFA-04AF80559E43} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\8wzp06h5.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? dlcd_device;dlcd_device
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
.
=============== Created Last 30 ================
.
2011-07-31 23:41:37 -------- d-----w- C:\System Cleaners
2011-07-30 20:20:59 -------- d-----w- c:\documents and settings\kenneth\application data\Malwarebytes
2011-07-30 20:20:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 20:20:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-30 20:20:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 20:20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 18:08:23 -------- d-----w- c:\program files\Internet Explorer2
2011-07-28 14:33:18 0 ---ha-w- c:\documents and settings\kenneth\simtgikebq.tmp
2011-07-20 14:09:52 -------- d-----w- C:\ftm
2011-07-19 23:16:15 468480 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-19 23:16:14 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-19 23:16:14 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-07-19 23:16:13 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2011-07-19 23:16:13 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2011-07-19 23:16:13 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2011-07-19 23:16:12 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2011-07-19 23:16:11 6076416 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-07-19 19:52:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-19 19:52:09 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-20 11:06:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-20 15:28:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-12 12:34:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
============= FINISH: 8:12:48.50 ===============

Ken · 2011/08/01

I think I have a clue to the IE problem. It shuts down right after "fix registry errors" shows up on the tool bar. I don't know where that came from.

broni · 2011/08/01

Please do nothing else, but only what I ask you to do.

I still need Attach.txt part of DDS.

Then...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Ken · 2011/08/02

Do I need to disable the free Malwarebytes to run Combofix? If so, how?

The first attach.txt was lost, so I re-ran DDS.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Kenneth at 9:30:16 on 2011-08-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.287 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\tbub2\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SBCONVERT Class: {a1056498-d09a-41e4-864b-505edd640d9e} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
BHO: GoogleAFE: {ca6319c0-31b7-401e-a518-a07c3db8f777} - CBrowserHelperObject Object
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\tbub2\grabber.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\tbub2\tbcore3.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe "
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxps://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{32D46FAE-3E40-430A-ABFA-04AF80559E43} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\8wzp06h5.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-25 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-12 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-12 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-12 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-30 366640]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-30 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
.
=============== Created Last 30 ================
.
2011-07-31 23:41:37 -------- d-----w- C:\System Cleaners
2011-07-30 20:20:59 -------- d-----w- c:\documents and settings\kenneth\application data\Malwarebytes
2011-07-30 20:20:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 20:20:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-30 20:20:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 20:20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 18:08:23 -------- d-----w- c:\program files\Internet Explorer2
2011-07-28 14:33:18 0 ---ha-w- c:\documents and settings\kenneth\simtgikebq.tmp
2011-07-20 14:09:52 -------- d-----w- C:\ftm
2011-07-19 23:16:15 468480 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-19 23:16:14 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-19 23:16:14 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-07-19 23:16:13 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2011-07-19 23:16:13 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2011-07-19 23:16:13 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2011-07-19 23:16:12 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2011-07-19 23:16:11 6076416 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-07-19 19:52:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-19 19:52:09 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-20 11:06:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-20 15:28:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-12 12:34:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
============= FINISH: 9:32:29.31 ===============

.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2005 1:24:37 PM
System Uptime: 8/2/2011 6:39:43 AM (3 hours ago)
.
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 46.864 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1551: 6/20/2011 11:08:47 AM - System Checkpoint
RP1552: 6/21/2011 11:52:19 AM - System Checkpoint
RP1553: 6/22/2011 12:23:04 PM - System Checkpoint
RP1554: 6/23/2011 12:54:03 PM - System Checkpoint
RP1555: 6/24/2011 1:35:12 PM - System Checkpoint
RP1556: 6/25/2011 1:48:51 PM - System Checkpoint
RP1557: 6/26/2011 2:13:06 PM - System Checkpoint
RP1558: 6/27/2011 2:51:36 PM - System Checkpoint
RP1559: 6/28/2011 2:57:39 PM - System Checkpoint
RP1560: 6/29/2011 3:00:25 PM - Software Distribution Service 3.0
RP1561: 6/30/2011 3:01:06 PM - System Checkpoint
RP1562: 7/1/2011 3:59:20 PM - System Checkpoint
RP1563: 7/2/2011 4:46:51 PM - System Checkpoint
RP1564: 7/3/2011 5:43:02 PM - System Checkpoint
RP1565: 7/4/2011 7:02:52 PM - System Checkpoint
RP1566: 7/5/2011 7:44:59 PM - System Checkpoint
RP1567: 7/6/2011 7:54:55 PM - System Checkpoint
RP1568: 7/7/2011 8:19:51 PM - System Checkpoint
RP1569: 7/9/2011 7:32:01 AM - System Checkpoint
RP1570: 7/10/2011 7:37:58 AM - System Checkpoint
RP1571: 7/11/2011 7:57:36 AM - System Checkpoint
RP1572: 7/12/2011 8:28:51 AM - System Checkpoint
RP1573: 7/13/2011 9:12:15 AM - System Checkpoint
RP1574: 7/13/2011 3:00:18 PM - Software Distribution Service 3.0
RP1575: 7/14/2011 3:00:29 PM - System Checkpoint
RP1576: 7/15/2011 3:31:51 PM - System Checkpoint
RP1577: 7/16/2011 3:51:04 PM - System Checkpoint
RP1578: 7/17/2011 4:05:31 PM - System Checkpoint
RP1579: 7/18/2011 4:39:36 PM - System Checkpoint
RP1580: 7/19/2011 2:58:52 PM - Restore Operation
RP1581: 7/19/2011 3:45:40 PM - Restore Operation
RP1582: 7/19/2011 5:44:39 PM - Software Distribution Service 3.0
RP1583: 7/19/2011 7:24:09 PM - Installed Windows NLSDownlevelMapping.
RP1584: 7/19/2011 7:24:49 PM - Installed Windows IDNMitigationAPIs.
RP1585: 7/19/2011 7:26:29 PM - Installed Windows Internet Explorer 7.
RP1586: 7/19/2011 7:27:31 PM - Software Distribution Service 3.0
RP1587: 7/20/2011 6:18:00 AM - Software Distribution Service 3.0
RP1588: 7/20/2011 3:00:25 PM - Software Distribution Service 3.0
RP1589: 7/21/2011 3:27:14 PM - System Checkpoint
RP1590: 7/22/2011 3:31:45 PM - System Checkpoint
RP1591: 7/23/2011 4:13:12 PM - System Checkpoint
RP1592: 7/24/2011 6:47:16 PM - System Checkpoint
RP1593: 7/25/2011 7:05:48 PM - System Checkpoint
RP1594: 7/27/2011 7:08:11 AM - System Checkpoint
RP1595: 7/28/2011 7:45:45 AM - System Checkpoint
RP1596: 7/29/2011 7:51:10 AM - System Checkpoint
RP1597: 7/30/2011 9:16:22 AM - System Checkpoint
RP1598: 7/30/2011 2:21:32 PM - Installed Windows NLSDownlevelMapping.
RP1599: 7/30/2011 2:22:07 PM - Installed Windows IDNMitigationAPIs.
RP1600: 7/30/2011 2:23:36 PM - Installed Windows Internet Explorer 7.
RP1601: 7/30/2011 2:24:42 PM - Software Distribution Service 3.0
RP1602: 7/30/2011 3:00:36 PM - Software Distribution Service 3.0
RP1603: 7/31/2011 3:28:35 PM - System Checkpoint
RP1604: 8/1/2011 4:26:57 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOLIcon
avast! Free Antivirus
Belarc Advisor 7.0
CodeStuff Starter
Conduit Engine
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo AIO Printer 944
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
DjVu Browser Plug-in 3.5
Family Tree Maker
Family Tree Maker 2006
FTP Explorer
Google AFE
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iCare Data Recovery 4.0
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 97
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox 5.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org Installer 1.0
Photo Click
PowerDVD 5.5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RegVac Registry Cleaner 5.01 (Trial Version)
Roxio Media Experience
SeaMonkey (2.2)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Softonic-Eng7 Toolbar
Sonic Audio module
Sonic CinePlayer Decoder Pack
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpeedBit Video Downloader
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Verizon Online
Verizon Online Support Center
Verizon SmartCall
Viewpoint Media Player
WavePad Sound Editor
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Music Jukebox
.
==== Event Viewer Messages From Past Week ========
.
8/2/2011 6:41:56 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'r103' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/31/2011 5:13:29 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
7/31/2011 1:17:12 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/31/2011 1:16:42 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/30/2011 4:46:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/30/2011 11:42:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcd_device service to connect.
7/30/2011 11:42:24 AM, error: Service Control Manager [7000] - The dlcd_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/30/2011 11:42:24 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcd_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441067}
7/29/2011 1:21:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.
.
==== End Of File ===========================

broni · 2011/08/02

Do I need to disable the free Malwarebytes to run Combofix?
Click to expand...

No....

Ken · 2011/08/03

Combofix done:
ComboFix 11-08-03.02 - Kenneth 08/03/2011 8:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.200 [GMT -4:00]
Running from: c:\documents and settings\Kenneth\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\8wzp06h5.default\extensions\{c94bc0b6-1562-4d53-93d4-251ca8eecce9}
c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\8wzp06h5.default\extensions\{c94bc0b6-1562-4d53-93d4-251ca8eecce9}\chrome.manifest
c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\8wzp06h5.default\extensions\{c94bc0b6-1562-4d53-93d4-251ca8eecce9}\chrome\xulcache.jar
c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\8wzp06h5.default\extensions\{c94bc0b6-1562-4d53-93d4-251ca8eecce9}\defaults\preferences\xulcache.js
c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\8wzp06h5.default\extensions\{c94bc0b6-1562-4d53-93d4-251ca8eecce9}\install.rdf
c:\documents and settings\Kenneth\Application Data\PriceGong
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kenneth\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Kenneth\GoToAssistDownloadHelper.exe
c:\documents and settings\Kenneth\simtgikebq.tmp
c:\documents and settings\Kenneth\WINDOWS
c:\temp\0b9
c:\temp\0b9\tmpTF.log
c:\temp\iee
c:\temp\iee\tmpZTF.log
c:\temp\tn3
c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\jjkmp.bak1
c:\windows\system32\jjkmp.bak2
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-07-31 23:41 . 2011-08-01 12:00 -------- d-----w- C:\System Cleaners
2011-07-30 20:20 . 2011-07-30 20:20 -------- d-----w- c:\documents and settings\Kenneth\Application Data\Malwarebytes
2011-07-30 20:20 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 20:20 . 2011-07-30 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-30 20:20 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 20:20 . 2011-07-30 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 18:08 . 2011-07-30 18:08 -------- d-----w- c:\program files\Internet Explorer2
2011-07-20 14:09 . 2011-07-20 14:11 -------- d-----w- C:\ftm
2011-07-19 23:16 . 2011-04-25 15:51 468480 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-19 23:16 . 2011-04-25 15:51 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-19 23:16 . 2011-04-25 15:51 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-07-19 23:16 . 2011-04-25 15:51 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2011-07-19 23:16 . 2011-04-25 15:51 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2011-07-19 23:16 . 2011-04-25 12:00 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2011-07-19 23:16 . 2010-02-22 22:04 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2011-07-19 23:16 . 2011-04-25 15:51 6076416 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-07-19 19:52 . 2011-07-19 19:52 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-12 12:33 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-12 12:33 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-25 11:18 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-09-12 12:33 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-12 12:33 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-09-12 12:33 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-09-12 12:33 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-09-12 12:33 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-12 12:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-09-12 12:33 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-20 11:06 . 2011-05-15 11:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-10 18:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-20 15:28 . 2005-12-26 19:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-12 12:34 . 2010-12-22 19:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-08 07:16 . 2011-07-29 13:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} "= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-10-19 21:36 2447360 ------w- c:\program files\SpeedBit Video Downloader\TBUB2\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ------w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ------w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} "= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} "= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-12-26 98304]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dlcdmon.exe "= "c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2011-05-20 273544]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"DLCDCATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
.
c:\documents and settings\Kenneth\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-9 111376]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/25/2011 7:18 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/12/2010 8:33 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/12/2010 8:33 AM 19544]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/30/2011 4:20 PM 22712]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP100
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:27]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:27]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2216002632-2257328244-1610888821-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2216002632-2257328244-1610888821-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2010-10-01 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-24 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxps://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
FF - ProfilePath - c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\8wzp06h5.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 08:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-03 08:47:51
ComboFix-quarantined-files.txt 2011-08-03 12:47
.
Pre-Run: 50,377,269,248 bytes free
Post-Run: 50,920,210,432 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E0B7833CE51EDECC3E3A3D6A1FA983A1

broni · 2011/08/03

Combofix log looks good now.

How is computer doing?

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

Ken · 2011/08/04

How is computer doing?

Since you asked, not good. Boot now takes 2 min and after Windows starts, it is virtually not usable for 10 min. The hard disk is churning and Process Explorer says the CPU is spending up to 95% of the time doing Hardware Interrupts and little else.
I now off to do Bootkit.

Ken · 2011/08/04

I ran Bootkit and it says "Unknown boot code has been found" but it won't copy into Notepad. I saved the screen image and put it in a Word document, but I don't know how to post it.
It gives instruction on how to inspect and disinfect, but I did nothing.

Log in or Sign up

Solved Internet Explorer Crashes

Ken Well-Known Member Thread Starter

PeteC SuperGeek Staff

Ken Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

Ken Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Internet Explorer Crashes

Ken Well-Known Member Thread Starter

PeteC SuperGeek Staff

Ken Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

broni Moderator Malware Analyst

Ken Well-Known Member Thread Starter

Ken Well-Known Member Thread Starter

Share This Page

Useful Searches