0

Hello.

I'm looking for help with what appears to be a stubborn trojan problem.

I've read the sticky on how to post requests for help so hopefully I've got this right.

It's regarding a PC running XP Pro. Yesterday morning I began experiencing problems such as right-click disabled, incomplete Start menu, inconsistent navigating with file Explorer.

I suspected a virus and so restarted in Safe Mode and then found the Daniweb virus forum. I followed all the steps outlined in the sticky and MBAM found two trojans. I deleted those with MBAM and then restarted my computer. I was able to log in but then Windows seemed to hang up at the point that it was loading my peronal preferences.

I restarted into Safe Mode again and ran MBAM again. It found two trojans again which means they are somehow hiding out and then regnerating since I had deleted them after the first scan.

I've attached the the logs called "attach" and "dds" but when I attempted to attach the two GMER logs your attachment manager told me they were invalid file types. What do I need to do in order to attach those?

Thanks for your help.

Attachments
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/03/2010 3:15:30 PM
System Uptime: 17/12/2011 11:58:45 AM (23 hours ago)
.
Motherboard: Intel Corporation |  | DG35EC
Processor: Intel Pentium III Xeon processor | LGA 775 | 2982/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 429 GiB total, 35.365 GiB free.
D: is FIXED (NTFS) - 502 GiB total, 48.6 GiB free.
E: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 379.606 GiB free.
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C8EB141&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C8EB141&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2C8EB141&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2C8EB141&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1008: 16/12/2011 2:01:31 AM - Software Distribution Service 3.0
RP1009: 16/12/2011 9:36:01 AM - Software Distribution Service 3.0
RP1010: 17/12/2011 2:01:13 AM - Software Distribution Service 3.0
RP1011: 17/12/2011 9:37:27 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Torrent
2007 Microsoft Office system
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe LiveCycle Designer ES2
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.2
Air Video Server 2.4.3
Akamai NetSession Interface
Akamai NetSession Interface Service
AllToAVI v4 r5394
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Problem Report Wizard
ATI Stream SDK v2 Developer
AutoUpdate
avast! Free Antivirus
Bonjour
Browser Defender 4.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cobian Backup 10
Combined Community Codec Pack 2009-09-09
Convert AVI to MP4 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dropbox
DVD Suite
EPSON Artisan 810 Series Printer Uninstall
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
Evernote v. 4.3.1
GIMP 2.6.11
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB972828)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Desktop Utilities
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 13.1.33.0
Intel(R) SMBus
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
Nitro PDF Professional
OpenOffice.org 3.2
PC Tools Spyware Doctor 9.0
PDF Settings CS5
PowerDVD
PowerISO
PrinterShare 2.1.03
QuickBooks Pro 2009
Quicken 2011
QuickTax 2008
QuickTax 2009
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update f
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
Run by Troy at 10:29:11 on 2011-12-18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1383 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI239C~1\msseces.exe
C:\Documents and Settings\Troy\Desktop\8hhot6n0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [EPSON Artisan 810 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifra.exe /fu "c:\windows\temp\E_S203.tmp" /EF "HKCU"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [Akamai NetSession Interface] c:\documents and settings\troy\local settings\application data\akamai\netsession_win.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>] 
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\troy\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\troy\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\troy\startm~1\programs\startup\everno~1.lnk - c:\documents and settings\troy\local settings\application data\apps\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Evernote 4.0 - c:\documents and settings\troy\local settings\application data\apps\evernote\evernote\EvernoteIE.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268091590437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{DA98F2CD-4DC2-4250-A9F2-8F24FE85EC5B} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\607\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\troy\application data\mozilla\firefox\profiles\tg51mrvu.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\google\goog
2
Contributors
19
Replies
20
Views
5 Years
Discussion Span
Last Post by jholland1964
0

We request that all logs be copy/pasted, not attached. Please copy/paste those logs and also the MBA-M log and we will be happy to assist.

0

Aha. OK the GMER ONE and TWO logs and the MBAM log are pasted in below. Thanks for having a look.

GMER ONE LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-17 20:23:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9 WDC_WD1001FALS-00E3A0 rev.05.01D05
Running: 8hhot6n0.exe; Driver: C:\DOCUME~1\Troy\LOCALS~1\Temp\kwdiraow.sys


GMER TWO LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 08:47:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9 WDC_WD1001FALS-00E3A0 rev.05.01D05
Running: 8hhot6n0.exe; Driver: C:\DOCUME~1\Troy\LOCALS~1\Temp\kwdiraow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???'C:???????????r??????AL???????????????2???m??????PC Tools Auxiliary Service???$??? ????????????????????????????????X??????????????????n??????????? ???????a?????isa???a?|?|?W?z?a?|?{?|?|?}?|?|?p?}?|?|?|?|?|?|?|?}?|?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?p?z?}?}?}?}?{?|?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?|?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}???????????????????????????}?????????????????????????????????????????????????????????????????????????????????????????????}?}?}?}?}?}?}?}?}?}?}?}?????????}?}?}?}?????????}???E?????????????'???????????????|?}?}?}?a?a?f?}?c?}?}?}?}?}?p?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?}?~?}?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?{?}?~?~?~?~?}?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?

---- EOF - GMER 1.0.15 ----


MBAM LOG

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8383

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

17/12/2011 8:13:23 PM
mbam-log-2011-12-17 (20-13-23).txt

Scan type: Full scan (C:\|D:\|G:\|Z:\|)
Objects scanned: 645698
Time elapsed: 1 hour(s), 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\AllToAVI\bin\pmp_muxer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\downloads\oi_setup_mj.exe (PUP.Adware.OpenInstall) -> Quarantined and deleted successfully.
g:\full backup - cobian\c 2011-07-24 23;55;07\program files\AllToAVI\bin\pmp_muxer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

0

I also scanned with Microsoft Malicious Software Removal Tool and that scan came up clean.

Just for the heck of it I'm doing a Kapersky online scan too.

0

The Kapersky scan is going REALLY slowly. It ran all night and is still only 37% complete.

Any chance you'd be willing to get started with the logs I've already posted? I can submit the Kapersky log when it finally completes.

0

There is no way any tool should take all night and only be at 37%. A piece of advice, never leave an online scanner running all night when you cannot be there to watch it scan. Stop that scan and run this tool.
Post back with the log:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Save the tool to the desktop. Shut down all other programs and then run that tool.
When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
After clicking Next, the utility applies selected actions and outputs the result.

A reboot might require after disinfection.
Come back with the log.

0

And just in case you needed the "attach" and "dds" logs copy/pasted too I've pasted them here:

ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/03/2010 3:15:30 PM
System Uptime: 17/12/2011 11:58:45 AM (23 hours ago)
.
Motherboard: Intel Corporation | | DG35EC
Processor: Intel Pentium III Xeon processor | LGA 775 | 2982/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 429 GiB total, 35.365 GiB free.
D: is FIXED (NTFS) - 502 GiB total, 48.6 GiB free.
E: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 379.606 GiB free.
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C8EB141&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C8EB141&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2C8EB141&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2C8EB141&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1008: 16/12/2011 2:01:31 AM - Software Distribution Service 3.0
RP1009: 16/12/2011 9:36:01 AM - Software Distribution Service 3.0
RP1010: 17/12/2011 2:01:13 AM - Software Distribution Service 3.0
RP1011: 17/12/2011 9:37:27 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
µTorrent
2007 Microsoft Office system
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe LiveCycle Designer ES2
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.2
Air Video Server 2.4.3
Akamai NetSession Interface
Akamai NetSession Interface Service
AllToAVI v4 r5394
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Problem Report Wizard
ATI Stream SDK v2 Developer
AutoUpdate
avast! Free Antivirus
Bonjour
Browser Defender 4.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cobian Backup 10
Combined Community Codec Pack 2009-09-09
Convert AVI to MP4 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dropbox
DVD Suite
EPSON Artisan 810 Series Printer Uninstall
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
Evernote v. 4.3.1
GIMP 2.6.11
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB972828)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Desktop Utilities
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 13.1.33.0
Intel(R) SMBus
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
Nitro PDF Professional
OpenOffice.org 3.2
PC Tools Spyware Doctor 9.0
PDF Settings CS5
PowerDVD
PowerISO
PrinterShare 2.1.03
QuickBooks Pro 2009
Quicken 2011
QuickTax 2008
QuickTax 2009
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skins
Skype™ 5.3
Squeezebox Server 7.6.1
Subtitle Workshop 2.51
SupportSoft Assisted Service
TeamViewer 6
The KMPlayer (remove only)
The Lord of the Rings FREE Trial
Trixie
TurboTax 2010
TVersity Codec Pack 1.4
TVersity Media Server 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.10
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
WinHTTrack Website Copier 3.44-1
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
18/12/2011 2:02:40 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1272.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
18/12/2011 2:02:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
17/12/2011 8:13:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
17/12/2011 7:04:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
17/12/2011 12:50:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/12/2011 12:05:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/12/2011 12:00:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips i8042prt intelppm MpFilter SCDEmu
14/12/2011 12:41:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
.
==== End Of File ===========================


DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Troy at 10:29:11 on 2011-12-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1383 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI239C~1\msseces.exe
C:\Documents and Settings\Troy\Desktop\8hhot6n0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [EPSON Artisan 810 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifra.exe /fu "c:\windows\temp\E_S203.tmp" /EF "HKCU"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [Akamai NetSession Interface] c:\documents and settings\troy\local settings\application data\akamai\netsession_win.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\troy\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\troy\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\troy\startm~1\programs\startup\everno~1.lnk - c:\documents and settings\troy\local settings\application data\apps\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Evernote 4.0 - c:\documents and settings\troy\local settings\application data\apps\evernote\evernote\EvernoteIE.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268091590437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{DA98F2CD-4DC2-4250-A9F2-8F24FE85EC5B} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\607\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\troy\application data\mozilla\firefox\profiles\tg51mrvu.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-17 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-17 341656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-18 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-18 314456]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
S1 MpKslbdc61c7a;MpKslbdc61c7a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{798e1967-5d9c-429a-959c-058103bbd45e}\MpKslbdc61c7a.sys [2011-12-17 29904]
S1 MpKslf0f37c99;MpKslf0f37c99;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb81c804-7ec6-484c-bec5-4783fd67a3a9}\mpkslf0f37c99.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb81c804-7ec6-484c-bec5-4783fd67a3a9}\MpKslf0f37c99.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-17 185560]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-8-12 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-18 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-18 44768]
S2 AWService;Admin Works Agent X8;c:\program files\intel\idu\awServ.exe [2006-12-27 74520]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2011-12-17 546768]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-5-14 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2011-5-14 1125376]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-12 2337144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-17 56840]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2011-12-17 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2011-12-17 1117624]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-18 16:51:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-18 16:50:40 41184 ----a-w- c:\windows\avastSS.scr
2011-12-18 16:50:33 -------- d-----w- c:\program files\AVAST Software
2011-12-18 16:50:33 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-18 04:13:31 54016 ----a-w- c:\windows\system32\drivers\iduvylm.sys
2011-12-18 03:04:49 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2011-12-18 03:04:48 767952 ----a-w- c:\windows\BDTSupport.dll
2011-12-18 03:04:48 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-12-18 03:04:48 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-12-18 03:04:48 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-12-18 03:04:15 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-18 03:04:12 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-12-18 03:04:09 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-12-18 03:04:03 -------- d-----w- c:\program files\PC Tools
2011-12-18 03:03:16 660992 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-12-18 03:03:16 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-18 03:03:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-18 03:03:12 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-18 03:03:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-18 03:03:12 -------- d-----w- c:\program files\common files\PC Tools
2011-12-18 03:02:49 -------- d-----w- c:\documents and settings\troy\application data\TestApp
2011-12-18 03:02:49 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-12-17 17:37:42 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{798e1967-5d9c-429a-959c-058103bbd45e}\MpKslbdc61c7a.sys
2011-12-17 17:37:30 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{798e1967-5d9c-429a-959c-058103bbd45e}\offreg.dll
2011-12-17 17:37:28 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{798e1967-5d9c-429a-959c-058103bbd45e}\mpengine.dll
2011-12-16 05:19:25 -------- d-----w- c:\program files\MediaJoin
2011-12-16 05:19:22 -------- d-----w- c:\documents and settings\all users\application data\{9E3A8735-9ABB-468A-A982-A50862FC9AB3}
2011-12-16 05:18:59 -------- d-----w- c:\documents and settings\troy\application data\Seven Zip
2011-12-06 05:00:47 -------- d-----w- c:\program files\iPod
2011-11-30 06:30:52 -------- d-----w- c:\documents and settings\troy\local settings\application data\Help
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-17 21:03:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 10:35:22.10 ===============

0

Thanks for the tip on online scans.

The Kapersky rootkit tool came up with nothing. The log is below. OK to reboot now?


08:14:23.0187 3360 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
08:14:23.0671 3360 ============================================================
08:14:23.0671 3360 Current date / time: 2011/12/19 08:14:23.0671
08:14:23.0671 3360 SystemInfo:
08:14:23.0671 3360
08:14:23.0671 3360 OS Version: 5.1.2600 ServicePack: 3.0
08:14:23.0671 3360 Product type: Workstation
08:14:23.0671 3360 ComputerName: YOUR-8FB6E6A2FA
08:14:23.0671 3360 UserName: Troy
08:14:23.0671 3360 Windows directory: C:\WINDOWS
08:14:23.0671 3360 System windows directory: C:\WINDOWS
08:14:23.0671 3360 Processor architecture: Intel x86
08:14:23.0671 3360 Number of processors: 2
08:14:23.0671 3360 Page size: 0x1000
08:14:23.0671 3360 Boot type: Safe boot with network
08:14:23.0671 3360 ============================================================
08:14:24.0890 3360 Initialize success
08:14:28.0218 2944 ============================================================
08:14:28.0218 2944 Scan started
08:14:28.0218 2944 Mode: Manual;
08:14:28.0218 2944 ============================================================
08:14:29.0953 2944 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:14:29.0953 2944 Aavmker4 - ok
08:14:29.0953 2944 Abiosdsk - ok
08:14:29.0968 2944 abp480n5 - ok
08:14:30.0000 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:14:30.0000 2944 ACPI - ok
08:14:30.0031 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:14:30.0031 2944 ACPIEC - ok
08:14:30.0031 2944 adfs - ok
08:14:30.0046 2944 adpu160m - ok
08:14:30.0078 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:14:30.0078 2944 aec - ok
08:14:30.0093 2944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:14:30.0093 2944 AFD - ok
08:14:30.0109 2944 Aha154x - ok
08:14:30.0109 2944 aic78u2 - ok
08:14:30.0125 2944 aic78xx - ok
08:14:30.0140 2944 AliIde - ok
08:14:30.0156 2944 amsint - ok
08:14:30.0187 2944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:14:30.0187 2944 Arp1394 - ok
08:14:30.0187 2944 asc - ok
08:14:30.0203 2944 asc3350p - ok
08:14:30.0218 2944 asc3550 - ok
08:14:30.0250 2944 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:14:30.0250 2944 aswFsBlk - ok
08:14:30.0265 2944 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
08:14:30.0265 2944 aswMon2 - ok
08:14:30.0281 2944 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
08:14:30.0281 2944 aswRdr - ok
08:14:30.0296 2944 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
08:14:30.0296 2944 aswSnx - ok
08:14:30.0328 2944 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
08:14:30.0328 2944 aswSP - ok
08:14:30.0343 2944 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
08:14:30.0343 2944 aswTdi - ok
08:14:30.0359 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:14:30.0359 2944 AsyncMac - ok
08:14:30.0375 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:14:30.0375 2944 atapi - ok
08:14:30.0390 2944 Atdisk - ok
08:14:30.0500 2944 ati2mtag (3fff73a29663eda8ec7169a7cfde29f4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:14:30.0593 2944 ati2mtag - ok
08:14:30.0625 2944 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
08:14:30.0625 2944 AtiHdmiService - ok
08:14:30.0640 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:14:30.0640 2944 Atmarpc - ok
08:14:30.0656 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:14:30.0671 2944 audstub - ok
08:14:30.0718 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:14:30.0718 2944 Beep - ok
08:14:30.0750 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:14:30.0750 2944 cbidf2k - ok
08:14:30.0765 2944 cd20xrnt - ok
08:14:30.0781 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:14:30.0781 2944 Cdaudio - ok
08:14:30.0796 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:14:30.0796 2944 Cdfs - ok
08:14:30.0812 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:14:30.0812 2944 Cdrom - ok
08:14:30.0812 2944 Changer - ok
08:14:30.0843 2944 CmdIde - ok
08:14:30.0875 2944 Cpqarray - ok
08:14:30.0890 2944 dac2w2k - ok
08:14:30.0890 2944 dac960nt - ok
08:14:30.0906 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:14:30.0906 2944 Disk - ok
08:14:30.0953 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:14:30.0953 2944 dmboot - ok
08:14:30.0968 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:14:30.0968 2944 dmio - ok
08:14:30.0984 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:14:30.0984 2944 dmload - ok
08:14:31.0000 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:14:31.0000 2944 DMusic - ok
08:14:31.0015 2944 dpti2o - ok
08:14:31.0015 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:14:31.0015 2944 drmkaud - ok
08:14:31.0046 2944 e1express (12774e08ae0b9b418e55e7338ad8b0dc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:14:31.0046 2944 e1express - ok
08:14:31.0078 2944 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
08:14:31.0078 2944 EL90XBC - ok
08:14:31.0109 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:14:31.0125 2944 Fastfat - ok
08:14:31.0140 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:14:31.0140 2944 Fdc - ok
08:14:31.0140 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:14:31.0140 2944 Fips - ok
08:14:31.0156 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:14:31.0171 2944 Flpydisk - ok
08:14:31.0171 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:14:31.0187 2944 FltMgr - ok
08:14:31.0203 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:14:31.0203 2944 Fs_Rec - ok
08:14:31.0218 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:14:31.0218 2944 Ftdisk - ok
08:14:31.0234 2944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:14:31.0234 2944 GEARAspiWDM - ok
08:14:31.0250 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:14:31.0250 2944 Gpc - ok
08:14:31.0281 2944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:14:31.0281 2944 HDAudBus - ok
08:14:31.0296 2944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:14:31.0296 2944 HidUsb - ok
08:14:31.0312 2944 hpn - ok
08:14:31.0343 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:14:31.0343 2944 HTTP - ok
08:14:31.0359 2944 i2omgmt - ok
08:14:31.0359 2944 i2omp - ok
08:14:31.0375 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:14:31.0375 2944 i8042prt - ok
08:14:31.0484 2944 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:14:31.0578 2944 ialm - ok
08:14:31.0609 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:14:31.0609 2944 Imapi - ok
08:14:31.0625 2944 ini910u - ok
08:14:31.0703 2944 IntcAzAudAddService (c73a4a48fbb3d00c7dbc6fe4f5e3675f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:14:31.0765 2944 IntcAzAudAddService - ok
08:14:31.0781 2944 IntelIde - ok
08:14:31.0812 2944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:14:31.0812 2944 intelppm - ok
08:14:31.0828 2944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:14:31.0843 2944 Ip6Fw - ok
08:14:31.0843 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:14:31.0843 2944 IpFilterDriver - ok
08:14:31.0859 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:14:31.0859 2944 IpInIp - ok
08:14:31.0859 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:14:31.0859 2944 IpNat - ok
08:14:31.0875 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:14:31.0875 2944 IPSec - ok
08:14:31.0906 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:14:31.0906 2944 IRENUM - ok
08:14:31.0921 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:14:31.0921 2944 isapnp - ok
08:14:31.0921 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:14:31.0921 2944 Kbdclass - ok
08:14:31.0953 2944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:14:31.0953 2944 kbdhid - ok
08:14:31.0968 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:14:31.0968 2944 kmixer - ok
08:14:31.0984 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:14:31.0984 2944 KSecDD - ok
08:14:32.0000 2944 lbrtfdc - ok
08:14:32.0031 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:14:32.0031 2944 mnmdd - ok
08:14:32.0046 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:14:32.0062 2944 Modem - ok
08:14:32.0062 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:14:32.0062 2944 Mouclass - ok
08:14:32.0062 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:14:32.0078 2944 mouhid - ok
08:14:32.0078 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:14:32.0078 2944 MountMgr - ok
08:14:32.0093 2944 moyqwy - ok
08:14:32.0125 2944 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:14:32.0125 2944 MpFilter - ok
08:14:32.0187 2944 MpKslbdc61c7a (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{798E1967-5D9C-429A-959C-058103BBD45E}\MpKslbdc61c7a.sys
08:14:32.0203 2944 MpKslbdc61c7a - ok
08:14:32.0203 2944 MpKslf0f37c99 - ok
08:14:32.0218 2944 mraid35x - ok
08:14:32.0234 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:14:32.0250 2944 MRxDAV - ok
08:14:32.0281 2944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:14:32.0281 2944 MRxSmb - ok
08:14:32.0296 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:14:32.0296 2944 Msfs - ok
08:14:32.0328 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:14:32.0328 2944 MSKSSRV - ok
08:14:32.0343 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:14:32.0343 2944 MSPCLOCK - ok
08:14:32.0343 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:14:32.0343 2944 MSPQM - ok
08:14:32.0359 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:14:32.0359 2944 mssmbios - ok
08:14:32.0390 2944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:14:32.0390 2944 Mup - ok
08:14:32.0421 2944 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
08:14:32.0421 2944 NAL - ok
08:14:32.0437 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:14:32.0437 2944 NDIS - ok
08:14:32.0453 2944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:14:32.0453 2944 NdisTapi - ok
08:14:32.0468 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:14:32.0468 2944 Ndisuio - ok
08:14:32.0484 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:14:32.0484 2944 NdisWan - ok
08:14:32.0500 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:14:32.0500 2944 NDProxy - ok
08:14:32.0515 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:14:32.0515 2944 NetBIOS - ok
08:14:32.0531 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:14:32.0531 2944 NetBT - ok
08:14:32.0546 2944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:14:32.0546 2944 NIC1394 - ok
08:14:32.0578 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:14:32.0578 2944 Npfs - ok
08:14:32.0593 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:14:32.0593 2944 Ntfs - ok
08:14:32.0625 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:14:32.0625 2944 Null - ok
08:14:32.0640 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:14:32.0640 2944 NwlnkFlt - ok
08:14:32.0656 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:14:32.0656 2944 NwlnkFwd - ok
08:14:32.0656 2944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:14:32.0671 2944 ohci1394 - ok
08:14:32.0687 2944 osaio (1204a181aae8d17be8786ef8fb70a1c6) C:\WINDOWS\system32\drivers\osaio.sys
08:14:32.0687 2944 osaio - ok
08:14:32.0718 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:14:32.0718 2944 Parport - ok
08:14:32.0718 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:14:32.0718 2944 PartMgr - ok
08:14:32.0750 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:14:32.0750 2944 ParVdm - ok
08:14:32.0750 2944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:14:32.0750 2944 PCI - ok
08:14:32.0765 2944 PCIDump - ok
08:14:32.0781 2944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:14:32.0781 2944 PCIIde - ok
08:14:32.0796 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:14:32.0796 2944 Pcmcia - ok
08:14:32.0796 2944 PCTCore - ok
08:14:32.0812 2944 pctDS - ok
08:14:32.0828 2944 PDCOMP - ok
08:14:32.0828 2944 PDFRAME - ok
08:14:32.0843 2944 PDRELI - ok
08:14:32.0843 2944 PDRFRAME - ok
08:14:32.0859 2944 perc2 - ok
08:14:32.0875 2944 perc2hib - ok
08:14:32.0906 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:14:32.0906 2944 PptpMiniport - ok
08:14:32.0921 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:14:32.0921 2944 PSched - ok
08:14:32.0921 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:14:32.0921 2944 Ptilink - ok
08:14:32.0937 2944 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:14:32.0937 2944 PxHelp20 - ok
08:14:32.0953 2944 ql1080 - ok
08:14:32.0968 2944 Ql10wnt - ok
08:14:32.0984 2944 ql12160 - ok
08:14:32.0984 2944 ql1240 - ok
08:14:33.0000 2944 ql1280 - ok
08:14:33.0000 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:14:33.0015 2944 RasAcd - ok
08:14:33.0015 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:14:33.0015 2944 Rasl2tp - ok
08:14:33.0031 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:14:33.0031 2944 RasPppoe - ok
08:14:33.0046 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:14:33.0046 2944 Raspti - ok
08:14:33.0062 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:14:33.0062 2944 Rdbss - ok
08:14:33.0078 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:14:33.0078 2944 RDPCDD - ok
08:14:33.0093 2944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:14:33.0093 2944 rdpdr - ok
08:14:33.0125 2944 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:14:33.0125 2944 RDPWD - ok
08:14:33.0156 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:14:33.0156 2944 redbook - ok
08:14:33.0203 2944 rrfwvf (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\uruvjn.sys
08:14:33.0203 2944 rrfwvf - ok
08:14:33.0218 2944 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
08:14:33.0218 2944 SCDEmu - ok
08:14:33.0250 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:14:33.0250 2944 Secdrv - ok
08:14:33.0281 2944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:14:33.0281 2944 serenum - ok
08:14:33.0281 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:14:33.0281 2944 Serial - ok
08:14:33.0312 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:14:33.0312 2944 Sfloppy - ok
08:14:33.0328 2944 Simbad - ok
08:14:33.0328 2944 smbusp (9acbc471d86ed01a6f6bf30394c8acef) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
08:14:33.0328 2944 smbusp - ok
08:14:33.0343 2944 Sparrow - ok
08:14:33.0359 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:14:33.0359 2944 splitter - ok
08:14:33.0375 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:14:33.0375 2944 sr - ok
08:14:33.0390 2944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:14:33.0406 2944 Srv - ok
08:14:33.0421 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:14:33.0421 2944 swenum - ok
08:14:33.0421 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:14:33.0421 2944 swmidi - ok
08:14:33.0437 2944 symc810 - ok
08:14:33.0453 2944 symc8xx - ok
08:14:33.0453 2944 sym_hi - ok
08:14:33.0468 2944 sym_u3 - ok
08:14:33.0484 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:14:33.0484 2944 sysaudio - ok
08:14:33.0531 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:14:33.0531 2944 Tcpip - ok
08:14:33.0546 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:14:33.0546 2944 TDPIPE - ok
08:14:33.0546 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:14:33.0546 2944 TDTCP - ok
08:14:33.0562 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:14:33.0562 2944 TermDD - ok
08:14:33.0593 2944 TosIde - ok
08:14:33.0640 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:14:33.0640 2944 Udfs - ok
08:14:33.0656 2944 ultra - ok
08:14:33.0687 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:14:33.0687 2944 Update - ok
08:14:33.0718 2944 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:14:33.0734 2944 USBAAPL - ok
08:14:33.0765 2944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:14:33.0765 2944 usbaudio - ok
08:14:33.0781 2944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:14:33.0781 2944 usbccgp - ok
08:14:33.0796 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:14:33.0796 2944 usbehci - ok
08:14:33.0812 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:14:33.0812 2944 usbhub - ok
08:14:33.0828 2944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:14:33.0828 2944 usbprint - ok
08:14:33.0859 2944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:14:33.0859 2944 usbscan - ok
08:14:33.0875 2944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:14:33.0875 2944 USBSTOR - ok
08:14:33.0875 2944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:14:33.0875 2944 usbuhci - ok
08:14:33.0890 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:14:33.0890 2944 VgaSave - ok
08:14:33.0906 2944 ViaIde - ok
08:14:33.0921 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:14:33.0921 2944 VolSnap - ok
08:14:33.0953 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:14:33.0953 2944 Wanarp - ok
08:14:33.0953 2944 WDICA - ok
08:14:33.0968 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:14:33.0968 2944 wdmaud - ok
08:14:34.0031 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:14:34.0031 2944 WS2IFSL - ok
08:14:34.0078 2944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:14:34.0078 2944 WudfPf - ok
08:14:34.0078 2944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:14:34.0078 2944 WudfRd - ok
08:14:34.0140 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:14:34.0265 2944 \Device\Harddisk0\DR0 - ok
08:14:34.0296 2944 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk1\DR3
08:14:34.0296 2944 \Device\Harddisk1\DR3 - ok
08:14:34.0312 2944 Boot (0x1200) (f76e35169afe077110bd59f1e368f18b) \Device\Harddisk0\DR0\Partition0
08:14:34.0312 2944 \Device\Harddisk0\DR0\Partition0 - ok
08:14:34.0328 2944 Boot (0x1200) (a04b4da365860f76556c3fa58ac21232) \Device\Harddisk0\DR0\Partition1
08:14:34.0328 2944 \Device\Harddisk0\DR0\Partition1 - ok
08:14:34.0328 2944 Boot (0x1200) (cf74066b8175472b2620287440c34a69) \Device\Harddisk1\DR3\Partition0
08:14:34.0359 2944 \Device\Harddisk1\DR3\Partition0 - ok
08:14:34.0359 2944 ============================================================
08:14:34.0359 2944 Scan finished
08:14:34.0359 2944 ============================================================
08:14:34.0375 3196 Detected object count: 0
08:14:34.0375 3196 Actual detected object count: 0

0

Yes reboot. You have two anti-virus programs on there, parts of both running or attempting to run, Avast and MSE. The absolute rule is ONE anti-virus program should run or even attempt to run on a computer.
You also have PC Tools Spyware Doctor running also and it too has multiple files running.
Pick ONE of those three and Uninstall the other two, I would recommend keeping Avast and removing the others.

0

OK I'll give it a shot. For the record I only installed the multiple anti malware apps after I suspected the infection. Usually I only run Microsoft Security Essentials and then do manual scans using MBAM once a week or so.

0

Well portions of all of those programs are running or at least were running when you did the DDS scan.

Let's try something else: do the following in normal mode:

go to this link and download ALL copies available of rkill, there are 7 of them, same file just different names to fool the infection processes if needed

http://www.bleepingcomputer.com/download/anti-virus/rkill

Save all to the DESKTOP

double click on the first rkill file and see if it will run.
When RKill is run it will display a console screen, small black screen in other words, it will keep running until it rkill has finished. When it is finished it will close and then should show you a log telling you what processes were ended

After that do NOT Reboot but Update MBA-M and run another full scan with it, if it finds something have it remove of course and then reboot the computer.
Post back with that log.

0

Ok just tried to reboot a few times but it keeps hanging up either just after log in when it says it's loading my personal preferences or just when the desktop shows up.

So I wasn't able to run rkill in normal mode the way you suggested.

I'm running MBAM again in Safe Mode to see if those trojans show up again.

What else can I do here?

Edited by Soupy2: Didn't see reply from helper

0

Here's the log from the Safe Mode MBAM scan I just did. No threats detected.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8393

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

19/12/2011 12:53:44 PM
mbam-log-2011-12-19 (12-53-44).txt

Scan type: Full scan (C:\|D:\|G:\|Z:\|)
Objects scanned: 600682
Time elapsed: 1 hour(s), 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Finally booted properly into Normal Mode so now I'm doing the MBAM scan you requested.

In the meantime here's the rKill log. Are all the terminated processes malware or does it terminate legit processes as well?

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 19/12/2011 at 14:20:06.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\Troy\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Apps\Evernote\Evernote\EvernoteClipper.exe
C:\Documents and Settings\Troy\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


Rkill completed on 19/12/2011 at 14:20:19.

0

It does not terminate legitimate processes. It terminates malware running that stops legitimate programs from running properly. If there were none then it would have terminated nothing.

0

Here's the latest MBAM log. Looks clean.

Do the symptoms I described, right-click disabled, etc sound like it was the trojans that were causing problems?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/12/2011 5:42:53 PM
mbam-log-2011-12-19 (17-42-53).txt

Scan type: Full scan (C:\|D:\|G:\|Z:\|)
Objects scanned: 531382
Time elapsed: 2 hour(s), 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

"Do the symptoms I described, right-click disabled, etc sound like it was the trojans that were causing problems?"
If you no longer have any of those problems then yes, probably they were the cause. For the right-click problem, maybe, depends on what it was that you were right clicking. If it was only on web pages and not everything on the computer, some web pages are written to disable this ability on purpose to protect it from unauthorized copying of the page or items on the page. If it only happened on a web page then it was the page itself.

0

Right-click was disabled in general, not just in webpages. In fact navigation in webpages was completely disabled. The Start menu was changed so that applications, Settings, etc were not shown, Quickstart menu was mostly disabled although once in every 20 clicks or so it would show, and navigation in file explorer seemed to be really limited and most folders were inaccesible.

Anyway, thanks for your help. Much appreciated.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.