Blue Screen of Death,need help :(

[iMosh]

Hi

I recently had a blue screen of death,not good as you know.... anyways i found out the problem was a common virus i deleted it and stopped it from my startup using msconfig.

im usually a dab hand at computers to be honest,i tried logging back in as normal after this and i enter my password an hit enter and it starts to load up,but it just stays on that screen constantly.

Now my laptops 3weeks old i could send it back to dell,but id rather not because they take the **** with repairs an maitenence so i think id like to fix this myself

i have my OS disk (btw am using vista home premium) so im thinking a system restore is the best option for me,is it wise and can any1 give me some advice on the process?

so if you can help me thanks!

imosh

 

[KSoD]

Spyware Asylum

First things first. Go through that to make sure the virus is gone. Disabling it does nothing. After you are clean we will try to fix the problem.

 

[iMosh]

ok thank you i'l get back to you as soon as i have done this,gald theres people out there that can give a noob help lol

 

[KSoD]

We are here to help. We just have to make sure that the root cause of why you got the BSoD is gone so we can continue and fix the system. No need to send it back just yet.

 

[iMosh]

I dont think i can upload the information as a file,so here the whole text unfortunately.

ComboFix 10-01-21.01 - xDanx 21/01/2010 21:15:17.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.984.270 [GMT 0:00]
Running from: c:\users\xDanx\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-586721028-2137426681-1291643209-500
c:\users\xDanx\AppData\Roaming\dwm.exe
c:\users\xDanx\AppData\Roaming\Microsoft\svchost.exe
c:\users\xDanx\AppData\Roaming\services.exe
c:\windows\msa.exe
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\oem6.inf
c:\windows\system32\poyluc.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 21:24 . 2010-01-21 21:28 -------- d-----w- c:\users\xDanx\AppData\Local\temp
2010-01-21 21:24 . 2010-01-21 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 23:43 . 2010-01-21 03:00 680 ----a-w- c:\users\xDanx\AppData\Local\d3d9caps.dat
2010-01-19 02:55 . 2010-01-19 02:55 -------- d-----w- c:\program files\Alarm
2010-01-17 20:41 . 2010-01-14 11:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-17 00:18 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-17 00:18 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-17 00:18 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-17 00:18 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-17 00:18 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswfsblk.sys
2010-01-17 00:18 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-17 00:18 . 2008-11-26 17:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-17 00:18 . 2010-01-17 00:18 -------- d-----w- c:\program files\Alwil Software
2010-01-12 21:38 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:38 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 06:50 . 2010-01-10 06:50 -------- d-----w- c:\program files\AC3Filter
2010-01-10 06:45 . 2010-01-14 19:42 -------- d-----w- c:\users\xDanx\AppData\Roaming\DivX
2010-01-10 06:43 . 2010-01-10 06:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-10 06:43 . 2010-01-10 06:44 -------- d-----w- c:\program files\DivX
2010-01-09 19:44 . 2010-01-18 23:54 -------- d-----w- c:\users\xDanx\AppData\Local\Google
2010-01-09 03:39 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-09 03:23 . 2010-01-09 03:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-01-08 19:01 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-08 19:01 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-01-08 19:01 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-01-08 19:01 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-01-08 19:01 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-01-08 19:01 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-01-08 19:01 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-01-08 19:01 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-01-08 19:01 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-01-08 19:01 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-01-08 18:57 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-08 18:57 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-08 18:57 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-08 18:57 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-08 18:57 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-08 18:57 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-08 18:57 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-08 18:56 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-08 18:56 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-08 18:56 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-08 18:56 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-08 18:56 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-08 18:25 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-08 18:25 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-08 18:25 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-08 18:25 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-08 18:24 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-01-08 18:24 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-01-08 18:24 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-08 18:24 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-08 18:24 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-08 16:37 . 2010-01-08 16:37 -------- d-----w- c:\program files\uTorrent
2010-01-08 16:37 . 2010-01-20 23:18 -------- d-----w- c:\users\xDanx\AppData\Roaming\uTorrent
2009-12-29 04:27 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-29 03:30 . 2009-12-29 03:30 -------- d-----w- c:\programdata\McAfee Security Scan
2009-12-25 21:05 . 2009-12-25 21:05 -------- d-----w- c:\users\xDanx\AppData\Local\Mozilla
2009-12-25 18:04 . 2006-10-26 19:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-25 18:04 . 2006-10-26 19:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-25 17:57 . 2009-12-25 17:57 -------- d-----w- c:\program files\Microsoft.NET
2009-12-25 17:52 . 2009-12-25 17:52 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-25 17:50 . 2009-12-25 17:59 -------- d-----w- c:\windows\SHELLNEW
2009-12-25 17:50 . 2009-12-25 17:50 -------- d-----w- c:\users\xDanx\AppData\Local\Microsoft Help
2009-12-25 17:50 . 2010-01-14 03:03 -------- d-----w- c:\programdata\Microsoft Help
2009-12-25 17:49 . 2009-12-25 17:49 -------- d-----r- C:\MSOCache
2009-12-25 12:33 . 2010-01-19 18:58 -------- d-----w- c:\users\xDanx\Tracing
2009-12-25 12:19 . 2009-12-25 12:19 -------- d-----w- c:\users\xDanx\AppData\Roaming\Program Files
2009-12-25 12:19 . 2010-01-08 13:13 -------- d-----w- c:\windows\system32\SupportAppCB
2009-12-25 12:18 . 2009-12-25 23:28 -------- d-----w- c:\users\xDanx\AppData\Local\Adobe
2009-12-25 12:11 . 2009-12-25 12:14 -------- d-----w- c:\users\xDanx\AppData\Local\Microsoft Games
2009-12-25 12:09 . 2009-12-25 12:09 -------- d-----w- c:\users\xDanx\AppData\Local\PowerDVD DX
2009-12-25 12:09 . 2009-12-25 12:09 -------- d--h--w- c:\users\xDanx\AppData\Roaming\GTek
2009-12-25 12:07 . 2009-12-25 12:27 -------- d-----w- c:\users\xDanx\AppData\Local\VirtualStore
2009-12-25 12:07 . 2009-12-25 12:07 -------- d-----w- c:\users\xDanx\AppData\Roaming\Dell
2009-12-25 12:07 . 2009-12-25 23:04 101856 ----a-w- c:\users\xDanx\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 12:07 . 2009-12-25 12:07 -------- d-----w- c:\users\xDanx\AppData\Local\Stardock_Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 21:27 . 2009-10-07 12:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 00:14 . 2009-10-07 12:20 -------- d-----w- c:\programdata\McAfee
2010-01-17 00:02 . 2009-10-07 12:18 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-17 00:02 . 2009-10-07 12:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 06:44 . 2009-10-07 12:25 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-08 13:16 . 2009-10-07 12:24 -------- d-----w- c:\program files\Microsoft Works
2009-12-29 04:29 . 2009-10-07 12:32 -------- d-----w- c:\program files\Windows Live
2009-12-25 18:00 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Templates
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Start Menu
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Favorites
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Documents
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Desktop
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-27 13:20 . 2010-01-08 18:58 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2010-01-08 18:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2010-01-08 18:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 20:36 . 2009-04-11 19:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-08 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-07 12:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/01/2010 00:18 111184]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [07/10/2009 20:45 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswfsblk.sys [17/01/2010 00:18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/01/2010 00:18 51792]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [18/12/2008 13:05 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\xDanx\AppData\Roaming\Mozilla\Firefox\Profiles\qjxogdjd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{C4BF49A2-94F1-42BD-F034-3604811C807D} - c:\windows\system32\poyluc.dll
HKCU-Run-Services - c:\users\xDanx\AppData\Roaming\services.exe
HKCU-Run-dwm - c:\users\xDanx\AppData\Roaming\dwm.exe
SharedTaskScheduler-{C4BF49A2-94F1-42BD-F034-3604811C807D} - c:\windows\system32\poyluc.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-21 21:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\twsnnqcvxrcvslt]
"imagepath"="\??\c:\windows\TEMP\51B7.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-21 21:36:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 21:36

Pre-Run: 102,241,763,328 bytes free
Post-Run: 102,166,507,520 bytes free

- - End Of File - - 56BA027A9BEFCB53BB02D1C6081802D2

I was in safe mode with networking origninally,but ever since that program you told me to use i can now log back in my account as normal,sorted my problem tbh. but if you can just double check everythings good,i'd really appreciate it thanks

 

[iMosh]

here we go

ComboFix 10-01-21.01 - xDanx 21/01/2010 21:15:17.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.984.270 [GMT 0:00]
Running from: c:\users\xDanx\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-586721028-2137426681-1291643209-500
c:\users\xDanx\AppData\Roaming\dwm.exe
c:\users\xDanx\AppData\Roaming\Microsoft\svchost.exe
c:\users\xDanx\AppData\Roaming\services.exe
c:\windows\msa.exe
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\oem6.inf
c:\windows\system32\poyluc.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 21:24 . 2010-01-21 21:28 -------- d-----w- c:\users\xDanx\AppData\Local\temp
2010-01-21 21:24 . 2010-01-21 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 23:43 . 2010-01-21 03:00 680 ----a-w- c:\users\xDanx\AppData\Local\d3d9caps.dat
2010-01-19 02:55 . 2010-01-19 02:55 -------- d-----w- c:\program files\Alarm
2010-01-17 20:41 . 2010-01-14 11:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-17 00:18 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-17 00:18 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-17 00:18 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-17 00:18 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-17 00:18 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswfsblk.sys
2010-01-17 00:18 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-17 00:18 . 2008-11-26 17:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-17 00:18 . 2010-01-17 00:18 -------- d-----w- c:\program files\Alwil Software
2010-01-12 21:38 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:38 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 06:50 . 2010-01-10 06:50 -------- d-----w- c:\program files\AC3Filter
2010-01-10 06:45 . 2010-01-14 19:42 -------- d-----w- c:\users\xDanx\AppData\Roaming\DivX
2010-01-10 06:43 . 2010-01-10 06:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-10 06:43 . 2010-01-10 06:44 -------- d-----w- c:\program files\DivX
2010-01-09 19:44 . 2010-01-18 23:54 -------- d-----w- c:\users\xDanx\AppData\Local\Google
2010-01-09 03:39 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-09 03:23 . 2010-01-09 03:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-01-08 19:01 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-08 19:01 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-01-08 19:01 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-01-08 19:01 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-01-08 19:01 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-01-08 19:01 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-01-08 19:01 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-01-08 19:01 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-01-08 19:01 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-01-08 19:01 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-01-08 18:57 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-08 18:57 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-08 18:57 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-08 18:57 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-08 18:57 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-08 18:57 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-08 18:57 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-08 18:56 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-08 18:56 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-08 18:56 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-08 18:56 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-08 18:56 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-08 18:25 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-08 18:25 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-08 18:25 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-08 18:25 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-08 18:24 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-01-08 18:24 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-01-08 18:24 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-08 18:24 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-08 18:24 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-08 16:37 . 2010-01-08 16:37 -------- d-----w- c:\program files\uTorrent
2010-01-08 16:37 . 2010-01-20 23:18 -------- d-----w- c:\users\xDanx\AppData\Roaming\uTorrent
2009-12-29 04:27 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-29 03:30 . 2009-12-29 03:30 -------- d-----w- c:\programdata\McAfee Security Scan
2009-12-25 21:05 . 2009-12-25 21:05 -------- d-----w- c:\users\xDanx\AppData\Local\Mozilla
2009-12-25 18:04 . 2006-10-26 19:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-25 18:04 . 2006-10-26 19:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-25 17:57 . 2009-12-25 17:57 -------- d-----w- c:\program files\Microsoft.NET
2009-12-25 17:52 . 2009-12-25 17:52 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-25 17:50 . 2009-12-25 17:59 -------- d-----w- c:\windows\SHELLNEW
2009-12-25 17:50 . 2009-12-25 17:50 -------- d-----w- c:\users\xDanx\AppData\Local\Microsoft Help
2009-12-25 17:50 . 2010-01-14 03:03 -------- d-----w- c:\programdata\Microsoft Help
2009-12-25 17:49 . 2009-12-25 17:49 -------- d-----r- C:\MSOCache
2009-12-25 12:33 . 2010-01-19 18:58 -------- d-----w- c:\users\xDanx\Tracing
2009-12-25 12:19 . 2009-12-25 12:19 -------- d-----w- c:\users\xDanx\AppData\Roaming\Program Files
2009-12-25 12:19 . 2010-01-08 13:13 -------- d-----w- c:\windows\system32\SupportAppCB
2009-12-25 12:18 . 2009-12-25 23:28 -------- d-----w- c:\users\xDanx\AppData\Local\Adobe
2009-12-25 12:11 . 2009-12-25 12:14 -------- d-----w- c:\users\xDanx\AppData\Local\Microsoft Games
2009-12-25 12:09 . 2009-12-25 12:09 -------- d-----w- c:\users\xDanx\AppData\Local\PowerDVD DX
2009-12-25 12:09 . 2009-12-25 12:09 -------- d--h--w- c:\users\xDanx\AppData\Roaming\GTek
2009-12-25 12:07 . 2009-12-25 12:27 -------- d-----w- c:\users\xDanx\AppData\Local\VirtualStore
2009-12-25 12:07 . 2009-12-25 12:07 -------- d-----w- c:\users\xDanx\AppData\Roaming\Dell
2009-12-25 12:07 . 2009-12-25 23:04 101856 ----a-w- c:\users\xDanx\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 12:07 . 2009-12-25 12:07 -------- d-----w- c:\users\xDanx\AppData\Local\Stardock_Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 21:27 . 2009-10-07 12:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 00:14 . 2009-10-07 12:20 -------- d-----w- c:\programdata\McAfee
2010-01-17 00:02 . 2009-10-07 12:18 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-17 00:02 . 2009-10-07 12:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 06:44 . 2009-10-07 12:25 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-08 13:16 . 2009-10-07 12:24 -------- d-----w- c:\program files\Microsoft Works
2009-12-29 04:29 . 2009-10-07 12:32 -------- d-----w- c:\program files\Windows Live
2009-12-25 18:00 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Templates
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Start Menu
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Favorites
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Documents
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-sh--we c:\programdata\Desktop
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-27 13:20 . 2010-01-08 18:58 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2010-01-08 18:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2010-01-08 18:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 20:36 . 2009-04-11 19:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-08 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-07 12:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/01/2010 00:18 111184]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [07/10/2009 20:45 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswfsblk.sys [17/01/2010 00:18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/01/2010 00:18 51792]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [18/12/2008 13:05 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\xDanx\AppData\Roaming\Mozilla\Firefox\Profiles\qjxogdjd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{C4BF49A2-94F1-42BD-F034-3604811C807D} - c:\windows\system32\poyluc.dll
HKCU-Run-Services - c:\users\xDanx\AppData\Roaming\services.exe
HKCU-Run-dwm - c:\users\xDanx\AppData\Roaming\dwm.exe
SharedTaskScheduler-{C4BF49A2-94F1-42BD-F034-3604811C807D} - c:\windows\system32\poyluc.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-21 21:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\twsnnqcvxrcvslt]
"imagepath"="\??\c:\windows\TEMP\51B7.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-21 21:36:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 21:36

Pre-Run: 102,241,763,328 bytes free
Post-Run: 102,166,507,520 bytes free

- - End Of File - - 56BA027A9BEFCB53BB02D1C6081802D2