[RESOLVED] Hotmail sending out spam from my puter?

**drhugh** · September 1st, 2010, 11:04 PM

I am getting "Delivery Statue Notification Failure" for everyone in my address book. I did not send any one this email. Could I have been hacked for my address book and now the hacker is sending out spam or is it just the "New and Improved" hotmail that is doing this because of a bug? How do I stop it? I copied one of the emails that were sent back to me as "Delivery Statue Notification failure" so you can see what was "sent?". Everything below this line is a copy from my hotmail page.

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

tgdunham*aol.com

--Forwarded Message Attachment--
From: tjkrest*hotmail.com
To: tgdunham*aol.com; tomsellscolorado*comcast.net; wsct*live.com
Subject:
Date: Wed, 1 Sep 2010 17:51:13 -0600

://www.rgc1.medxdrugx.com

email addresses and link edited- mod fink

**fink** · September 2nd, 2010, 04:47 AM

More likely a worm has used your address book and sent the spam from your computer. I will move this thread to the intensive care forum and you can follow the instructions in the sticky thread here..

http://discussions.virtualdr.com/sho...d.php?t=167915

I edited the email addresses so they won't get even more spam and made the link to the online drug store unclickable.

**drhugh** · September 4th, 2010, 12:31 AM

I have completed STEP 2 and here it the post of the results. Am going to STEP 3.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-03 22:45:30
Windows 5.1.2600 Service Pack 3
Running: qshkyw1m.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwtdypod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEED2CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEED2B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEEED3142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEED306C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEED2764]
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwFsControlFile [0xF7514650]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEED2C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEED26A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEED2708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEED2D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEEED3210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEED2D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEED2EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEEEDFB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEEEDF9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEEEDFAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP EEEDCF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP EEEDF9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP EEEDFBA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP EEEDB5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP EEEDFAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe[2244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugin-container.exe[2496] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040098F C:\Program Files\Mozilla Firefox 3.6 Beta 5\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[408] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[408] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk1\DR1 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+3 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DR4 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

**Broni** · September 4th, 2010, 12:35 AM

What about step 1?

**drhugh** · September 4th, 2010, 12:50 AM

STEP 3 complete, here is logs.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2003 6:30:35 PM
System Uptime: 9/3/2010 10:48:39 PM (1 hours ago)

Motherboard: Intel Corporation | | D845GEBV2
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | J2E1 | 2400/133mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 28 GiB total, 0.265 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is CDROM ()
G: is FIXED (NTFS) - 233 GiB total, 227.092 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP271: 8/13/2010 8:02:02 AM - Software Distribution Service 3.0
RP272: 8/18/2010 9:04:29 PM - Software Distribution Service 3.0

==== Installed Programs ======================

5600
5600_Help
5600Trb
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0
Adobe Reader 9.3.4
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan
AiOSoftware
Alohabob PC Relocator
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AudibleManager
AutoUpdate
avast! Free Antivirus
BufferChm
Business Card Maker
CA Pest Patrol Realtime Protection
CCleaner
Coby Media Manager
Comcast User Setup
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
DFX for RealNetworks
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DVDXCopy Xpress 3.2.1
EasyCleaner
ENLASO Rainbow 4
eSupportQFolder
Fax
FLV Player 2.0, build 23
From the Ground Up Lite
GdiplusUpgrade
getPlus(R)_dll
GoBack Personal Edition
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HSP56 Modem Drivers
IBM ViaVoice Pro USB 9.1 - US English
ieSpell 2.0.1 (build 325)
Intel Application Accelerator
Intel(R) Active Monitor
InterActual Player
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Malwarebytes' Anti-Malware
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ASP.NET Web Matrix
Microsoft Automap Streets Plus (Requires CD-ROM)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Excel 97
Microsoft IntelliPoint 5.0
Microsoft Office PowerPoint Viewer 2003
Microsoft Publisher 97
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Script 5.7
Microsoft Word 97
MobileMe Control Panel
Mozilla Firefox (3.6)
Mozilla Firefox (3.6.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NetLibrary Media Center
NewCopy
nLite 1.4.9.1
NTI CD-Maker 2000 Plus
One-touch Multimedia Keyboard
OverDrive Media Console
overland
ProductContext
Quicken 2008
QuickTime
Readme
Real Alternative 1.7.5
Roxio DVDMAX Player
SA60xx Device Manager
Safari
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SolutionCenter
SoundMAX
Status
TrayApp
Tweak UI
TweakNow RegCleaner
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WebReg
Where Am I Dataset
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinZip

==== Event Viewer Messages From Past Week ========

9/3/2010 10:28:16 PM, error: Service Control Manager [7000] - The WinDriver service failed to start due to the following error: The system cannot find the file specified.
9/3/2010 10:28:16 PM, error: Service Control Manager [7000] - The hpdj00 service failed to start due to the following error: The system cannot find the file specified.
8/27/2010 8:49:43 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

DDS (Ver_10-03-17.01) - FAT32x86
Run by Owner at 23:01:51.21 on Fri 09/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.618 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\providerComcast\bin\tgsrvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZRxdm429YYUS&ptb=xADBamRAJn.dr96yaGB8nw
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {7754C418-F62E-44AA-B169-E719E718BCFD} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://d:\content\include\XPPatchInstaller.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204412927703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226205095781
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://d:\content\include\msSecUcd.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6809e580-a3a7-11d1-9a00-00a0c945b006} - No File

**drhugh** · September 4th, 2010, 12:51 AM

Balance of log

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qozio26y.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\mozilla firefox 3.6 beta 5\plugins\npnul32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-28 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe [2008-5-2 148768]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
S2 hpdj00;hpdj00;c:\docume~1\owner\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp officejet 5600 series -product=aio --> c:\docume~1\owner\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio [?]
S2 WinDriver;WinDriver;c:\windows\system32\drivers\windrvr.sys --> c:\windows\system32\drivers\WINDRVR.SYS [?]
S3 PCIDATA;PCIDATA;\??\d:\pcidata.sys --> d:\PCIDATA.sys [?]
S3 wdpnp;Eisenworld Generic USB Bridge Cable Service;c:\windows\system32\drivers\wdpnp.sys [2003-6-22 25932]
S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [2003-6-22 4112]

=============== Created Last 30 ================

2010-09-04 04:08:19 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-09-04 04:08:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 04:08:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-04 04:08:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 04:08:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 18:39:52 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2010-08-15 18:39:39 0 d-----w- c:\program files\Uniblue

==================== Find3M ====================

2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-28 20:57:34 38848 ----a-w- c:\windows\avastSS.scr
2010-06-24 23:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:04 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:02 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:00 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:22:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:56 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:10 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:12 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 23:02:04.92 ===============

**Broni** · September 4th, 2010, 12:53 AM

What about step 1?

.

**drhugh** · September 4th, 2010, 11:40 AM

I am sorry I thought I sent this out. STEP 1 below

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4540

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/3/2010 10:19:27 PM
mbam-log-2010-09-03 (22-19-27).txt

Scan type: Quick scan
Objects scanned: 155148
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Broni** · September 4th, 2010, 12:01 PM

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**drhugh** · September 4th, 2010, 12:18 PM

MBR data below

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7CA3000 \WINDOWS\system32\KDCOM.DLL
0xF7BB3000 \WINDOWS\system32\BOOTVID.dll
0xF7754000 ACPI.sys
0xF7CA5000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7743000 pci.sys
0xF77A3000 isapnp.sys
0xF7D6B000 pciide.sys
0xF7A23000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7CA7000 intelide.sys
0xF77B3000 MountMgr.sys
0xF7724000 ftdisk.sys
0xF7A2B000 PartMgr.sys
0xF7BB7000 IdeBusDr.sys
0xF77C3000 VolSnap.sys
0xF770C000 atapi.sys
0xF76F6000 IdeChnDr.sys
0xF77D3000 disk.sys
0xF77E3000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF76D6000 fltmgr.sys
0xF76C4000 sr.sys
0xF77F3000 PxHelp20.sys
0xF76A0000 Fastfat.sys
0xF7689000 KSecDD.sys
0xF7676000 WudfPf.sys
0xF7649000 NDIS.sys
0xF7803000 vvoice.sys
0xF75E7000 vpctcom.sys
0xF7553000 vmodem.sys
0xF7539000 Mup.sys
0xF7512000 GoBack2K.sys
0xF7D6C000 GBDevice.sys
0xF7813000 agp440.sys
0xF7843000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF738A000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF7376000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7A43000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7352000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7A73000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7A83000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7305000 \SystemRoot\System32\DRIVERS\ptserial.sys
0xF7B2B000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7853000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7C7B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF72F1000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7863000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B6B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7B7B000 \SystemRoot\System32\DRIVERS\point32.sys
0xF7B8B000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7873000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7C8B000 \??\C:\WINDOWS\System32\drivers\pfc.sys
0xF7883000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7893000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF78A3000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF72CE000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7CB5000 \SystemRoot\System32\DRIVERS\NTIDrvr.sys
0xF7A93000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7AAB000 \SystemRoot\System32\DRIVERS\smb.sys
0xF724D000 \SystemRoot\system32\drivers\smwdm.sys
0xF7229000 \SystemRoot\system32\drivers\portcls.sys
0xF78B3000 \SystemRoot\system32\drivers\drmk.sys
0xF7212000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7D6F000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF78C3000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF74E2000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF71FB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78D3000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF78E3000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7B33000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7B43000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7B53000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF78F3000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7903000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7CBB000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF70D5000 \SystemRoot\System32\DRIVERS\update.sys
0xF74CA000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7913000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7953000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7CC1000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7C67000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7DB7000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7DB8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7CC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DBC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7CC9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7AE3000 \SystemRoot\System32\drivers\vga.sys
0xF7CCD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7CD1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7AF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7B03000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7C77000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF05A000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF7963000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xEF001000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF7973000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEEFDB000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7983000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xEEF13000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEEEF1000 \SystemRoot\System32\drivers\afd.sys
0xF79A3000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEECA000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7A3B000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF7A53000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7A8B000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xEF0AD000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF7AC3000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7AEB000 \SystemRoot\System32\DRIVERS\HPZius12.sys
0xF79C3000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF79D3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF79E3000 \SystemRoot\System32\DRIVERS\HPZid412.sys
0xEF0A5000 \SystemRoot\System32\DRIVERS\HPZipr12.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF0A1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7ADB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7EC1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04F000 \SystemRoot\System32\ati2cqag.dll
0xBF082000 \SystemRoot\System32\atikvmag.dll
0xBF0B6000 \SystemRoot\System32\ati3duag.dll
0xBF2F7000 \SystemRoot\System32\ativvaxx.dll
0xEB1AE000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF0A9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEEE2F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF7CE9000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEEA8B000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xEE942000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE9E7000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7ABB000 \??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS
0xF7D27000 \??\C:\WINDOWS\System32\drivers\SIODRV.SYS
0xF7B0B000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
284 C:\WINDOWS\System32\smss.exe
340 csrss.exe
364 C:\WINDOWS\System32\winlogon.exe
408 C:\WINDOWS\System32\services.exe
420 C:\WINDOWS\System32\lsass.exe
564 C:\WINDOWS\System32\svchost.exe
656 svchost.exe
708 C:\WINDOWS\System32\svchost.exe
792 C:\WINDOWS\System32\svchost.exe
804 svchost.exe
872 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1040 C:\WINDOWS\Explorer.EXE
1212 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
1228 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
1236 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1260 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1268 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
1276 C:\WINDOWS\System32\ctfmon.exe
1316 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1436 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
1544 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
1860 C:\WINDOWS\System32\spoolsv.exe
1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1948 C:\WINDOWS\System32\cisvc.exe
184 C:\Program Files\Maxtor\Sync\SyncServices.exe
316 C:\WINDOWS\System32\svchost.exe
424 C:\Program Files\providerComcast\bin\tgsrvc.exe
736 C:\WINDOWS\System32\MsPMSPSv.exe
1368 alg.exe
2496 C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
2648 C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugin-container.exe
2744 C:\WINDOWS\System32\cidaemon.exe
3876 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST330620A, Rev: 3.05
PhysicalDrive2 Model Number: MaxtorOneTouch, Rev: 0125

Size Device Name MBR Status
--------------------------------------------
27 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**Broni** · September 4th, 2010, 02:55 PM

What is drive G?

**drhugh** · September 5th, 2010, 10:34 PM

Drive G is my Maxtor drive that I have sitting on my desk.

Here is report from COMBO FIX

ComboFix 10-09-04.06 - Owner 09/05/2010 20:25:02.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.715 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Cookies\Adobe Systems_ALB_SHARE.dat
c:\documents and settings\Owner\My Documents\DPE.DUS
C:\ProgramFiles
c:\programfiles\CA\ppctl.reg
c:\windows\BackUp
c:\windows\BackUp\TB040504.DAT
c:\windows\patch.exe
c:\windows\system32\42KJE738.ocx
c:\windows\system32\devmgr32.dll
c:\windows\system32\drivers\RkPavProc.sys
c:\windows\system32\drivers\vynqfgjvirmi.sys
c:\windows\system32\encapi32.dll
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDRIVER
-------\Service_WinDriver
-------\Legacy_RkPavProc
-------\Legacy_vynqfgjvirmi
-------\Service_RkPavProc
-------\Service_vynqfgjvirmi

((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-04 04:08 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 04:08 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 18:31 . 2010-08-19 18:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express
2010-08-15 18:39 . 2010-08-15 18:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-08-15 18:39 . 2010-08-15 18:39 -------- d-----w- c:\program files\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 23:54 . 2010-07-11 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-07 15:16 . 2010-07-07 15:16 50098 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45C5421D-7A5E-4FE9-8F42-D98DF070E783}\controlPanelIcon.exe
2010-07-07 15:16 . 2010-07-07 15:16 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45C5421D-7A5E-4FE9-8F42-D98DF070E783}\SystemFolder_msiexec.exe
2010-06-30 12:31 . 2002-08-29 19:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-11 23:54 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-05-28 22:12 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-05-28 22:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-05-28 22:12 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-05-28 22:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-05-28 22:12 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-05-28 22:12 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-05-28 22:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-05-28 22:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-08-29 19:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 18:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 18:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-06-22 23:26 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
2010-06-14 07:41 . 2006-09-13 04:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-03-19 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
backup=c:\windows\pss\GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Instant Update Reminder.lnk
backup=c:\windows\pss\Instant Update Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
backup=c:\windows\pss\MightyFAX Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 17:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-18 01:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
2003-09-16 03:00 270336 ----a-w- c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
2002-05-03 21:10 32768 ----a-w- c:\program files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 22:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 21:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
2001-08-18 04:36 86016 ----a-w- c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
2003-04-25 01:35 135168 ----a-w- c:\windows\system32\PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 03:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 07:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"VETMSGNT"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"iPodService"=3 (0x3)
"imonNT"=2 (0x2)
"IDriverT"=3 (0x3)
"GBPoll"=2 (0x2)
"CAISafe"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Keyboard Manager"=c:\program files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
"Iomega Startup Options"=c:\program files\Iomega\Common\ImgStart.exe
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqscnvw.exe"=

**Broni** · September 5th, 2010, 10:42 PM

The log is incomplete. Please, repost.
Combofix log can be found in c:\combofix.txt

**drhugh** · September 5th, 2010, 11:01 PM

sorry. Here is complete

ComboFix 10-09-04.06 - Owner 09/05/2010 20:25:02.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.715 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Cookies\Adobe Systems_ALB_SHARE.dat
c:\documents and settings\Owner\My Documents\DPE.DUS
C:\ProgramFiles
c:\programfiles\CA\ppctl.reg
c:\windows\BackUp
c:\windows\BackUp\TB040504.DAT
c:\windows\patch.exe
c:\windows\system32\42KJE738.ocx
c:\windows\system32\devmgr32.dll
c:\windows\system32\drivers\RkPavProc.sys
c:\windows\system32\drivers\vynqfgjvirmi.sys
c:\windows\system32\encapi32.dll
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDRIVER
-------\Service_WinDriver
-------\Legacy_RkPavProc
-------\Legacy_vynqfgjvirmi
-------\Service_RkPavProc
-------\Service_vynqfgjvirmi

((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-04 04:08 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 04:08 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 18:31 . 2010-08-19 18:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express
2010-08-15 18:39 . 2010-08-15 18:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-08-15 18:39 . 2010-08-15 18:39 -------- d-----w- c:\program files\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 23:54 . 2010-07-11 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-07 15:16 . 2010-07-07 15:16 50098 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45C5421D-7A5E-4FE9-8F42-D98DF070E783}\controlPanelIcon.exe
2010-07-07 15:16 . 2010-07-07 15:16 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45C5421D-7A5E-4FE9-8F42-D98DF070E783}\SystemFolder_msiexec.exe
2010-06-30 12:31 . 2002-08-29 19:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-11 23:54 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-05-28 22:12 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-05-28 22:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-05-28 22:12 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-05-28 22:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-05-28 22:12 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-05-28 22:12 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-05-28 22:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-05-28 22:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-08-29 19:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 18:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 18:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-06-22 23:26 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
2010-06-14 07:41 . 2006-09-13 04:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-03-19 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
backup=c:\windows\pss\GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Instant Update Reminder.lnk
backup=c:\windows\pss\Instant Update Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
backup=c:\windows\pss\MightyFAX Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 17:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-18 01:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
2003-09-16 03:00 270336 ----a-w- c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
2002-05-03 21:10 32768 ----a-w- c:\program files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 22:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 21:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
2001-08-18 04:36 86016 ----a-w- c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
2003-04-25 01:35 135168 ----a-w- c:\windows\system32\PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 03:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 07:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"VETMSGNT"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"iPodService"=3 (0x3)
"imonNT"=2 (0x2)
"IDriverT"=3 (0x3)
"GBPoll"=2 (0x2)
"CAISafe"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Keyboard Manager"=c:\program files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
"Iomega Startup Options"=c:\program files\Iomega\Common\ImgStart.exe
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/28/2009 4:12 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/28/2009 4:12 PM 17744]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 12:40 PM 148768]
S2 hpdj00;hpdj00;c:\docume~1\Owner\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio --> c:\docume~1\Owner\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio [?]
S3 PCIDATA;PCIDATA;\??\d:\pcidata.sys --> d:\PCIDATA.sys [?]
S3 wdpnp;Eisenworld Generic USB Bridge Cable Service;c:\windows\system32\drivers\wdpnp.sys [6/22/2003 2:57 PM 25932]
S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [6/22/2003 2:57 PM 4112]
.
Contents of the 'Scheduled Tasks' folder

2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZRxdm429YYUS&ptb=xADBamRAJn.dr96yaGB8nw
uInternet Connection Wizard,ShellNext = iexplore
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://d:\content\include\XPPatchInstaller.CAB
DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://d:\content\include\msSecUcd.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox 3.6 Beta 5\plugins\npnul32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, .
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{6809e580-a3a7-11d1-9a00-00a0c945b006} - (no file)
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-QOELOADER - c:\program files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
MSConfigStartUp-RoxioAudioCentral - c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
MSConfigStartUp-RoxioEngineUtility - c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\evntsvc.exe
MSConfigStartUp-ymetray - c:\program files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
AddRemove-Microsoft Automap Streets Plus - D:\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 20:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(364)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-09-05 20:41:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 02:41

Pre-Run: 391,512,064 bytes free
Post-Run: 821,133,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B80E4205355CD1B8950D8E568ECD219E

**Broni** · September 5th, 2010, 11:05 PM

Looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Thread: [RESOLVED] Hotmail sending out spam from my puter?

Thread Tools

Search Thread

Display

[RESOLVED] Hotmail sending out spam from my puter?

Thread Information

Users Browsing this Thread

Posting Permissions