Slow Internet related to Virus?

nhaynesbrooks · April 8, 2011

Hey, so my computer has been experiencing extremely slow internet of late, and it has nothing to do with the internet provider or anything about the network. There are two other computers that share the same connection and they both have very fast internet speed. My computer has always had equally fast speed up to about 5 days ago, when suddenly the internet started going incredibly slowly. The computer is running normally, and nothing would suggest a virus except for this speed anomaly.

I have tried running scans with Avast! (including boot-time scans) and it turned up only a only a couple minor viruses which I quarantined. I also got Malware Bytes and it picked up three infections, which it quarantined and deleted. However the internet has not sped up at all, and I'm wondering if maybe there's a virus which neither program detected. It should be noted that I'm not running any torrent or p2p programs or anything that would normally slow the internet.

I could really usesome help/advice...Thanks!

enoskype · April 8, 2011

Hi nhaynesbrooks, welcome to IObit Forum.

Please follow the procedure in Guidelines for requesting malware removal assistance thread and wait for a Malware Fighter to respond.

All the best.

nhaynesbrooks · April 9, 2011

Ok here is IOBit 360 Log... 4 viruses removed (one Trojan)

IObit Security 360

OS:Windows XP

Version:1.6.0.2

Define Version:2404

Time Elapsed:00:22:39

Objects Scanned:64864

Threats Found:4

Tracking Cookies - Removed, Cookies, Cookie:noah@bs.serving-sys.com/, 7-1515

Tracking Cookies - Removed, Cookies, Cookie:noah@serving-sys.com/, 7-1515

Tracking Cookies - Removed, Cookies, Cookie:noah@atdmt.com/, 7-1541

Trojan.Generic - Quarantined, File, C:\Documents and Settings\Noah\Local Settings\Application Data\Xenocode\Sandbox\Digital Media Converter\3.1.7.0\2011.01.13T10.39\Virtual\STUBEXE\8.0.1135\@PROGRAMFILES@\Deskshare\Digital Media Converter 3\DSConverter\DSDMCConverter.exe, 11-11285

nhaynesbrooks · April 9, 2011

Here's the attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/7/2010 9:51:23 PM

System Uptime: 4/9/2011 1:48:28 PM (0 hours ago)

.

Motherboard: Dell Inc. | |

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 147 GiB total, 10.925 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP191: 4/4/2011 4:06:26 PM - System Checkpoint

RP192: 4/5/2011 5:33:05 PM - System Checkpoint

RP193: 4/6/2011 5:40:49 PM - System Checkpoint

RP194: 4/7/2011 9:38:59 PM - System Checkpoint

RP195: 4/8/2011 2:42:09 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ares 2.1.7

Ask Toolbar

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

avast! Free Antivirus

Bonjour

Broadcom 440x 10/100 Integrated Controller

Conexant HDA D110 MDC V.92 Modem

CopyTrans Suite Remove Only

Dell Wireless WLAN Card

Digital Media Converter 3.1

Final Draft

Free Music Zilla

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

iTunes

Java Auto Updater

Java 6 Update 20

Java 6 Update 22

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

McAfee SiteAdvisor

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.16)

MP3 Rocket

OpenOffice.org 3.2

Orbit Downloader

Otto

PeerBlock 1.1 (r518)

Picasa 3

Prism Video File Converter

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

SigmaTel Audio

Sonic Encoders

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VLC media player 1.1.5

WebFldrs XP

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

4/9/2011 1:45:19 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

4/9/2011 1:45:18 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

4/9/2011 1:45:18 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

4/9/2011 1:45:17 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

4/9/2011 1:45:17 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/9/2011 1:45:14 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

4/9/2011 1:45:14 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

4/8/2011 2:59:34 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2290031 (2.0.657.0).

4/7/2011 2:08:23 PM, error: Microsoft Antimalware [2001] -

.

==== End Of File ===========================

nhaynesbrooks · April 9, 2011

And finally here's the DDS log. Any help will be greatly appreciated!

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Noah at 13:57:01.10 on Sat 04/09/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.927 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\OpenOffice.org 3\program\swriter.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Noah\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291942126359

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\noah\applic~1\mozilla\firefox\profiles\ossdb0pj.default\

FF - prefs.js: browser.startup.homepage - http://www.rottentomatoes.com

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-10 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-10 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-10 40384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-27 88176]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-12-13 19056]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-04-08 21:43:11 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{165881ab-32fe-4598-9a6a-2e6783bc990d}\mpengine.dll

2011-04-08 20:44:38 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-04-08 05:44:29 -------- d-----w- c:\docume~1\noah\applic~1\Malwarebytes

2011-04-08 05:44:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-08 05:44:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-08 05:44:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-08 05:44:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-14 08:26:17 -------- d-----w- c:\program files\iPod

2011-03-13 20:34:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games

.

==================== Find3M ====================

.

2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-05 00:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-05 00:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

.

============= FINISH: 13:57:59.48 ===============

Superdave · April 9, 2011

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*******************************************

The DDS log shows that you only have 10.92 Gb of free space on the hardrive while you should have 22 Gb or more (15%) in order for Windows to function properly. This will no doubt add to your problem of slowness. You will need to find some way to free up some space. You can do this by removing/uninstalling any programs you don't use. You can transfer important files, videos, pictures and music to DVD's or an external hard drive. Please try to do this right away.

P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

**********************************************

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):

C:\Program Files\AskBarDis. or anything related to Ask.

*************************************************

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*******************************************

The logs also show that you have two AV programs; avast! Antivirus and Microsoft Security Essentials. Please make sure that only one of them are enabled at any time.If you're not using one of these, you could uninstall it to gain some more space.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

************************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

nhaynesbrooks · April 12, 2011

Hey so I did pretty much everything you suggested: Uninstalled Windows Messenger, got rid of the Ask Toolbar, updated Java and removed older versions with JavaRa, scanned with Super AntiSpyware and MalwareBytes, and the slow internet problem persists.

The last time I turned on my computer, it said jsched encountered an error and had to close. Not sure if that means there are still problems with my Java or what...

Here is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

Database version: 6308

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/8/2011 8:58:26 AM

mbam-log-2011-04-08 (08-58-26).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 225802

Time elapsed: 1 hour(s), 49 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\� (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Noah\local settings\Temp\wanoxrmecs.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

And here is the SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/11/2011 at 10:01 PM

Application Version : 4.50.1002

Core Rules Database Version : 6809

Trace Rules Database Version: 4621

Scan type : Complete Scan

Total Scan Time : 09:46:09

Memory items scanned : 533

Memory threats detected : 0

Registry items scanned : 5194

Registry threats detected : 0

File items scanned : 64857

File threats detected : 0

So if you have any other thought on what I should do now, please let me know. I really appreciate all the help!

Superdave · April 13, 2011

Not sure if that means there are still problems with my Java or what...

I had that same problem a few weeks ago. It's the update scheduler. You can disable it. It only updates once a month but runs all the time taking up valuable resources. Just go to Control panel, Java and disable it there.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

nhaynesbrooks · April 13, 2011

Here's the TDDSKiller log, no threats found:

2011/04/13 16:58:36.0468 5236 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/13 16:58:36.0734 5236 ================================================================================

2011/04/13 16:58:36.0734 5236 SystemInfo:

2011/04/13 16:58:36.0734 5236

2011/04/13 16:58:36.0734 5236 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/13 16:58:36.0734 5236 Product type: Workstation

2011/04/13 16:58:36.0734 5236 ComputerName: NOAH-1A9BC05F59

2011/04/13 16:58:36.0734 5236 UserName: Noah

2011/04/13 16:58:36.0734 5236 Windows directory: C:\WINDOWS

2011/04/13 16:58:36.0734 5236 System windows directory: C:\WINDOWS

2011/04/13 16:58:36.0734 5236 Processor architecture: Intel x86

2011/04/13 16:58:36.0734 5236 Number of processors: 2

2011/04/13 16:58:36.0734 5236 Page size: 0x1000

2011/04/13 16:58:36.0734 5236 Boot type: Normal boot

2011/04/13 16:58:36.0734 5236 ================================================================================

2011/04/13 16:58:37.0187 5236 Initialize success

2011/04/13 16:58:46.0109 2880 ================================================================================

2011/04/13 16:58:46.0109 2880 Scan started

2011/04/13 16:58:46.0109 2880 Mode: Manual;

2011/04/13 16:58:46.0109 2880 ================================================================================

2011/04/13 16:58:46.0671 2880 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/04/13 16:58:46.0890 2880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/13 16:58:46.0968 2880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/13 16:58:47.0078 2880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/13 16:58:47.0203 2880 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/04/13 16:58:47.0531 2880 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/13 16:58:47.0796 2880 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/04/13 16:58:47.0906 2880 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/04/13 16:58:47.0953 2880 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/04/13 16:58:48.0031 2880 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/04/13 16:58:48.0093 2880 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/04/13 16:58:48.0203 2880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/13 16:58:48.0281 2880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/13 16:58:48.0500 2880 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/04/13 16:58:48.0656 2880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/13 16:58:48.0796 2880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/13 16:58:48.0937 2880 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/04/13 16:58:49.0062 2880 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/04/13 16:58:49.0140 2880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/13 16:58:49.0250 2880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/13 16:58:49.0375 2880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/13 16:58:49.0500 2880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/13 16:58:49.0593 2880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/13 16:58:49.0703 2880 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/04/13 16:58:49.0890 2880 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/04/13 16:58:50.0015 2880 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/04/13 16:58:50.0250 2880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/13 16:58:50.0359 2880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/13 16:58:50.0468 2880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/13 16:58:50.0515 2880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/13 16:58:50.0593 2880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/13 16:58:50.0703 2880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/13 16:58:50.0843 2880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/13 16:58:50.0921 2880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/04/13 16:58:50.0984 2880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/13 16:58:51.0031 2880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/04/13 16:58:51.0078 2880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/13 16:58:51.0187 2880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/13 16:58:51.0250 2880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/13 16:58:51.0343 2880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/13 16:58:51.0406 2880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/13 16:58:51.0484 2880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/13 16:58:51.0593 2880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/13 16:58:51.0781 2880 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/04/13 16:58:51.0890 2880 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/04/13 16:58:52.0109 2880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/13 16:58:52.0328 2880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/13 16:58:52.0390 2880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/13 16:58:52.0609 2880 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/13 16:58:52.0687 2880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/13 16:58:52.0796 2880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/13 16:58:52.0937 2880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/13 16:58:53.0015 2880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/13 16:58:53.0062 2880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/13 16:58:53.0140 2880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/13 16:58:53.0218 2880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/13 16:58:53.0281 2880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/13 16:58:53.0359 2880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/13 16:58:53.0484 2880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/13 16:58:53.0671 2880 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/04/13 16:58:53.0781 2880 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/04/13 16:58:53.0906 2880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/13 16:58:54.0062 2880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/13 16:58:54.0125 2880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/13 16:58:54.0187 2880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/13 16:58:54.0296 2880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/13 16:58:54.0421 2880 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/13 16:58:54.0578 2880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/13 16:58:54.0671 2880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/13 16:58:54.0765 2880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/13 16:58:54.0843 2880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/13 16:58:54.0968 2880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/13 16:58:55.0015 2880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/13 16:58:55.0125 2880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/13 16:58:55.0156 2880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/13 16:58:55.0187 2880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/13 16:58:55.0218 2880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/13 16:58:55.0265 2880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/13 16:58:55.0296 2880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/13 16:58:55.0343 2880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/13 16:58:55.0406 2880 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/13 16:58:55.0437 2880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/13 16:58:55.0468 2880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/13 16:58:55.0531 2880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/13 16:58:55.0593 2880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/13 16:58:55.0625 2880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/13 16:58:55.0640 2880 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/13 16:58:55.0734 2880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/04/13 16:58:55.0765 2880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/13 16:58:55.0828 2880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/13 16:58:55.0937 2880 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys

2011/04/13 16:58:56.0000 2880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/13 16:58:56.0062 2880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/13 16:58:56.0093 2880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/13 16:58:56.0296 2880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/13 16:58:56.0328 2880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/13 16:58:56.0343 2880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/13 16:58:56.0406 2880 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/13 16:58:56.0562 2880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/13 16:58:56.0593 2880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/13 16:58:56.0609 2880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/13 16:58:56.0640 2880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/13 16:58:56.0671 2880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/13 16:58:56.0703 2880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/13 16:58:56.0734 2880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/13 16:58:56.0796 2880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/13 16:58:56.0843 2880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/13 16:58:56.0937 2880 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/04/13 16:58:57.0000 2880 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/04/13 16:58:57.0046 2880 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/04/13 16:58:57.0187 2880 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/04/13 16:58:57.0218 2880 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/04/13 16:58:57.0312 2880 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/04/13 16:58:57.0359 2880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/13 16:58:57.0421 2880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/04/13 16:58:57.0500 2880 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/04/13 16:58:57.0578 2880 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/04/13 16:58:57.0625 2880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/13 16:58:57.0718 2880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/13 16:58:57.0750 2880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/13 16:58:57.0875 2880 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/13 16:58:58.0015 2880 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

2011/04/13 16:58:58.0187 2880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/13 16:58:58.0250 2880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/13 16:58:58.0437 2880 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/04/13 16:58:58.0468 2880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/13 16:58:58.0562 2880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/13 16:58:58.0609 2880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/13 16:58:58.0640 2880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/13 16:58:58.0687 2880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/13 16:58:58.0781 2880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/13 16:58:58.0890 2880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/13 16:58:58.0984 2880 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/13 16:58:59.0031 2880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/13 16:58:59.0078 2880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/13 16:58:59.0109 2880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/13 16:58:59.0156 2880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/13 16:58:59.0203 2880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/13 16:58:59.0234 2880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/13 16:58:59.0281 2880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/13 16:58:59.0328 2880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/13 16:58:59.0406 2880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/13 16:58:59.0500 2880 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/04/13 16:58:59.0593 2880 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/04/13 16:58:59.0703 2880 WudfPf (f15feafffbb3644ccc80c5da584e6311==============================================================

2011/04/13 16:58:59.0921 2880 Scan finished

2011/04/13 16:58:59.0921 2880 ================================================================================

And I uninstalled the Java Updater as per your suggestion.

Superdave · April 13, 2011

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

nhaynesbrooks · April 17, 2011

ComboFix 11-04-16.01 - Noah 04/16/2011 22:34:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.808 [GMT -6:00]

Running from: c:\documents and settings\Noah\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK

c:\windows\system32\drivers\DELL_XPS_MP061 .MRK

c:\windows\XSxS

.

((((((((((((((((((((((((( Files Created from 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))))

.

2011-04-17 03:43 . 2011-04-17 03:43 -------- d-----w- c:\windows\LastGood

2011-04-16 18:05 . 2011-02-22 23:06 602112 ----a-w- c:\windows\system32\SET255.tmp

2011-04-16 18:05 . 2011-02-22 23:06 55296 ----a-w- c:\windows\system32\SET254.tmp

2011-04-16 18:05 . 2011-02-22 23:06 916480 ----a-w- c:\windows\system32\SET24E.tmp

2011-04-16 18:04 . 2011-02-22 23:06 1991680 ----a-w- c:\windows\system32\SET259.tmp

2011-04-16 18:04 . 2011-02-22 23:06 5962240 ----a-w- c:\windows\system32\SET253.tmp

2011-04-16 18:04 . 2011-02-22 23:06 1210880 ----a-w- c:\windows\system32\SET24F.tmp

2011-04-16 18:04 . 2011-02-22 23:06 11080704 ----a-w- c:\windows\system32\SET25B.tmp

2011-04-11 18:09 . 2011-04-12 22:34 -------- d-----w- c:\program files\CCleaner

2011-04-11 18:05 . 2011-04-11 18:05 -------- d-----w- c:\documents and settings\Noah\Application Data\SUPERAntiSpyware.com

2011-04-11 18:05 . 2011-04-11 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-11 18:05 . 2011-04-11 18:05 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-10 18:30 . 2011-04-10 18:31 -------- d-----w- c:\documents and settings\Noah\Local Settings\Application Data\AskToolbar

2011-04-09 20:23 . 2011-04-09 20:23 -------- d-----w- c:\documents and settings\Noah\Application Data\IObit

2011-04-09 20:23 . 2011-04-09 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-04-09 20:23 . 2011-04-09 20:23 -------- d-----w- c:\program files\IObit

2011-04-08 21:43 . 2010-11-16 19:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{165881AB-32FE-4598-9A6A-2E6783BC990D}\mpengine.dll

2011-04-08 20:44 . 2010-11-16 19:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-04-08 05:44 . 2011-04-08 05:44 -------- d-----w- c:\documents and settings\Noah\Application Data\Malwarebytes

2011-04-08 05:44 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-08 05:44 . 2011-04-08 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-04-08 05:44 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-08 05:44 . 2011-04-08 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-08 01:49 . 2011-04-08 01:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2010-12-08 04:44 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-10 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-10 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-18 23:36 . 2010-12-10 23:11 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 23:36 . 2010-12-10 23:11 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 13:18 . 2004-08-10 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-10 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-12-09 10:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-10 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-08 13:33 . 2004-08-10 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-05 00:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-05 00:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 03:40 . 2010-12-09 21:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 07:58 . 2010-12-08 04:38 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-12-08 04:38 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-10 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^New Text Document.exe]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\New Text Document.exe

backup=c:\windows\pss\New Text Document.exeCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Noah^Start Menu^Programs^Startup^Free Music Zilla.lnk]

path=c:\documents and settings\Noah\Start Menu\Programs\Startup\Free Music Zilla.lnk

backup=c:\windows\pss\Free Music Zilla.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Noah^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Noah\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-11-10 19:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-03 00:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]

2010-06-12 00:14 1280344 ----a-w- c:\program files\IObit\IObit Security 360\is360tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 21:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2006-03-25 00:30 282624 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-03-08 19:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/10/2010 4:17 PM 294608]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/10/2010 4:17 PM 17744]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/27/2010 1:42 PM 88176]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/9/2011 2:23 PM 312152]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [12/13/2010 10:59 PM 19056]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 5:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RSVP

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

.

2011-04-13 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2011-01-31 21:23]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

FF - ProfilePath - c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\ossdb0pj.default\

FF - prefs.js: browser.startup.homepage - http://www.rottentomatoes.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-eixdqkia - c:\docume~1\Noah\LOCALS~1\Temp\jjsgsfncr\xjiserqsika.exe

MSConfigStartUp-mcrjtest - c:\docume~1\Noah\LOCALS~1\Temp\hxujalfgo\pxvonjesika.exe

MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe

MSConfigStartUp-rswjkoub - c:\docume~1\Noah\LOCALS~1\Temp\mexncmyul\ejcblqdsika.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

MSConfigStartUp-wjvpqhkh - c:\docume~1\Noah\LOCALS~1\Temp\kqtxtvwyi\khmggpusika.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-16 22:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(896)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-04-16 23:06:28

ComboFix-quarantined-files.txt 2011-04-17 05:06

.

Pre-Run: 9,887,596,544 bytes free

Post-Run: 9,849,217,024 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8AA8A34747379482F350CDF5FAE24694

Superdave · April 17, 2011

The log shows you have two AV programs on your computer; avast! Antivirus and Microsoft Security Essentials. One will have to go. More than one AV on your computer can cause a lot of problems.

SysProt Antirootkit

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
[*]At the bottom of the page
- Hidden Objects Only << Selected
[*]Click on the Create Log button on the bottom right.
[*]After a few seconds a new window should appear.
[*]Select Scan Root Drive. Click on the Start button.
[*]When it is complete a new window will appear to indicate that the scan is finished.
[*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

nhaynesbrooks · April 17, 2011

Hey, so in terms of MSEssentials I deleted the corresponding Program Files folder but as far as I could tell it wasn't running concurrent with Avast in the first place. Not sure if I fully removed it, since it didn't appear under Add/Remove programs, but the files have been deleted...

Here's the SysProt log:

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

No Hidden Processes found

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: B0AD9000

Module End: B0AF1000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: BA60E000

Module End: BA610000

Hidden: Yes

******************************************************************************************

SSDT:

Function Name: ZwAllocateVirtualMemory

Address: B0BC2728

Driver Base: B0BB9000

Driver End: B0C00000