BleepingComputer.com: Rootkit & Google Redirecting

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Rootkit & Google Redirecting Not sure which rootkit it is.

#1 User is offline   Chevelle1258 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 16-March 10

Posted 13 July 2011 - 01:19 PM

Original Thread


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by S at 10:00:52 on 2011-07-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2513 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\S\Local Settings\Apps\F.lux\flux.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com/
uSearch Page =
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{1F6E6BA1-7D46-4244-8B09-2608ABCCF999}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} - c:\program files\facesmoochtb\facesmoochDx.dll
BHO: Updater For FaceSmooch Toolbar: {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - c:\program files\facesmoochtb\auxi\facesmoochAu.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: Mp3Rocket Toolbar: {4c350b19-6ca1-4569-b14c-296d8d65300b} - "c:\program files\mp3 rocket toolbar\mp3rockettb.dll"
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} - c:\program files\facesmoochtb\facesmoochDx.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [F.lux] "c:\documents and settings\s\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Google Update] "c:\documents and settings\s\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SRSHDAudioLab] "c:\program files\srs labs\srs hd audio lab\HDAL.exe" auto
uRun: [YDZ1QVAGOJ_6_14_11] c:\docume~1\s\locals~1\temp\Bhx.exe
uRun: [Chrome] "c:\program files\google\chrome\application\chrome.exe"
uRun: [Fraps] c:\program files\misc\fraps\FRAPS.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Chrome] c:\documents and settings\s\local settings\application data\google\chrome\application\chrome.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\1.bin\MWSBAR.DLL,S
StartupFolder: c:\docume~1\s\startm~1\programs\startup\skype.lnk - c:\windows\installer\{5335dadb-34ba-4ae8-a519-648d78498846}\SkypeIcon.exe
StartupFolder: c:\docume~1\s\startm~1\programs\startup\startu~1.lnk - c:\documents and settings\s\application data\fah\cpu\StartupCPU.exe
StartupFolder: c:\docume~1\s\startm~1\programs\startup\startu~2.lnk - c:\documents and settings\s\application data\fah\gpu\StartupGPU.exe
StartupFolder: c:\docume~1\s\startm~1\programs\startup\versio~1.lnk - c:\documents and settings\s\application data\fah\VersionCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFAFA691-318D-410E-9682-F1C88150917E} - hxxp://www.sephiroth.co.kr/sephiroth/images/activex/sephiroth.cab
TCP: Interfaces\{6B859E5C-0C45-4101-A771-9DFB678EB9C7} : NameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Rocket
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3rocketsearch.com/?prt=mp3rockettb02ff&clid=1e08fb42357c4a8e853b7b6b4aeeb7dd&Keywords=
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{896642e4-c556-4ed3-85d1-9ac431603e7d}\components\Engine.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\s\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\s\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\s\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\s\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-12 309848]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-4-12 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2010-4-12 8192]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-12 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-12 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2009-7-30 20328]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-11 47640]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-9-16 44432]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-10-28 384752]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-5-30 27136]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [2010-9-13 12592]
S3 cpuz132;cpuz132;\??\c:\docume~1\s\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\s\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-4 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-4 8456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-11-24 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-1 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-1 39984]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-2-23 69632]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 133104]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MBAMService;MBAMService;h:\misc\malwarebytes' anti-malware\mbamservice.exe [2011-5-1 366640]
S4 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files\mp3 rocket toolbar\Mp3RocketSvc.exe [2011-3-10 221696]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-28 2253688]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-10-17 718072]
.
=============== Created Last 30 ================
.
2011-07-13 00:13:59 -------- d-----w- c:\program files\Terraria
2011-07-13 00:01:30 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-07-11 19:46:32 -------- d-----w- c:\documents and settings\s\application data\SUPERAntiSpyware.com
2011-07-11 19:46:32 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-11 19:46:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-06 20:37:26 388096 ----a-r- c:\documents and settings\s\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-06 20:37:26 -------- d-----w- c:\program files\Trend Micro
2011-07-04 20:59:50 -------- d-----w- c:\documents and settings\s\local settings\application data\uTorrent
2011-07-03 13:17:06 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-03 13:17:06 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-02 20:36:39 -------- d-----w- c:\program files\VlcPlus
2011-07-02 02:41:02 -------- d-----w- c:\documents and settings\s\application data\bearsharemediabartb
2011-07-02 02:40:18 -------- d-----w- c:\documents and settings\all users\application data\12213
2011-07-02 02:40:01 -------- d-----w- c:\documents and settings\s\local settings\application data\BearShare
2011-07-02 02:39:42 -------- dc-h--w- c:\documents and settings\all users\application data\{F06A52F3-AA90-4454-899C-C7C40B1AC5DB}
2011-07-02 02:39:23 -------- d-----w- c:\program files\BearShare Applications
2011-07-02 02:39:23 -------- d-----w- c:\documents and settings\all users\application data\BearShare
2011-07-02 02:38:51 -------- d-----w- c:\documents and settings\s\local settings\application data\PackageAware
2011-07-02 02:36:02 -------- d-----w- c:\documents and settings\s\local settings\application data\Ares
2011-07-02 02:35:10 -------- d-----w- c:\program files\Ares
2011-07-02 02:20:53 -------- d-----w- c:\documents and settings\s\local settings\application data\antiphishing-wejangotb-1_0-dn
2011-07-02 02:20:51 -------- d-----w- c:\documents and settings\all users\application data\FaceSmooch Toolbar Antiphishing
2011-07-02 02:20:44 -------- d-----w- c:\documents and settings\s\application data\facesmoochtb
2011-07-01 01:24:12 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-01 01:24:06 -------- d-----w- c:\documents and settings\s\local settings\application data\PunkBuster
2011-07-01 01:14:59 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-01 01:14:58 138056 ----a-w- c:\documents and settings\s\application data\PnkBstrK.sys
2011-07-01 01:14:28 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 01:14:28 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-01 01:14:24 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-01 01:11:23 -------- d-----w- c:\documents and settings\s\application data\Xilisoft
2011-07-01 00:17:42 -------- d-----w- c:\program files\APB Reloaded
2011-07-01 00:12:21 -------- d-----w- c:\program files\Audio Converter 6
2011-07-01 00:12:21 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2011-06-30 23:11:37 -------- d-----w- c:\documents and settings\s\local settings\application data\GamersFirst LIVE!
2011-06-30 23:10:25 -------- d-----w- c:\program files\GamersFirst
2011-06-29 23:00:18 -------- d-----w- c:\documents and settings\s\local settings\application data\Darksiders
2011-06-28 19:51:43 -------- d-----w- c:\documents and settings\s\application data\Xfire
2011-06-28 19:46:08 -------- d-----w- c:\documents and settings\s\application data\DDMSettings
2011-06-25 05:36:24 -------- d-----w- c:\documents and settings\s\local settings\application data\Western Digital
2011-06-24 19:43:02 -------- d-----w- c:\program files\Amazon
2011-06-14 19:27:18 723294 ----a-w- c:\windows\unins000.exe
2011-06-14 19:26:53 -------- d-----w- c:\program files\Quick Web Player
2011-06-14 15:17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-13 22:41:20 136704 --sha-r- c:\windows\system32\mswstr10D.dll
2011-06-13 21:48:09 -------- d-----w- c:\documents and settings\s\application data\Smart PDF Converter Pro
2011-06-13 18:20:34 -------- d-----w- c:\documents and settings\s\local settings\application data\ALI213
2011-06-13 14:28:30 -------- d-----w- c:\program files\Red Faction Armageddon
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-03 13:12:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-17 19:57:54 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
============= FINISH: 10:02:44.57 ===============

Thanks in advance.

Attached File(s)

  • Attached File  attach.txt (14.16K)
    Number of downloads: 0
  • Attached File  ark.txt (229.57K)
    Number of downloads: 0

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 July 2011 - 07:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   Chevelle1258 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 16-March 10

Posted 18 July 2011 - 08:25 PM

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by S at 21:18:47 on 2011-07-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2523 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\S\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE
C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com/
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{1F6E6BA1-7D46-4244-8B09-2608ABCCF999}
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} -
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} -
BHO: Updater For FaceSmooch Toolbar: {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} -
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - c:\program files\nch\prxtbNC0.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -
TB: Mp3Rocket Toolbar: {4C350B19-6CA1-4569-B14C-296D8D65300B} -
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} -
TB: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: &Discuss: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [F.lux] "c:\documents and settings\s\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Google Update] "c:\documents and settings\s\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SRSHDAudioLab] "c:\program files\srs labs\srs hd audio lab\HDAL.exe" auto
uRun: [YDZ1QVAGOJ_6_14_11] c:\docume~1\s\locals~1\temp\Bhx.exe
uRun: [Chrome] "c:\program files\google\chrome\application\chrome.exe"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Fraps] c:\program files\misc\fraps\FRAPS.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Chrome] c:\documents and settings\s\local settings\application data\google\chrome\application\chrome.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\1.bin\MWSBAR.DLL,S
StartupFolder: c:\docume~1\s\startm~1\programs\startup\skype.lnk - c:\windows\installer\{5335dadb-34ba-4ae8-a519-648d78498846}\SkypeIcon.exe
StartupFolder: c:\docume~1\s\startm~1\programs\startup\startu~1.lnk - c:\documents and settings\s\application data\fah\cpu\StartupCPU.exe
StartupFolder: c:\docume~1\s\startm~1\programs\startup\startu~2.lnk - c:\documents and settings\s\application data\fah\gpu\StartupGPU.exe
StartupFolder: c:\docume~1\s\startm~1\programs\startup\versio~1.lnk - c:\documents and settings\s\application data\fah\VersionCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFAFA691-318D-410E-9682-F1C88150917E} - hxxp://www.sephiroth.co.kr/sephiroth/images/activex/sephiroth.cab
TCP: Interfaces\{6B859E5C-0C45-4101-A771-9DFB678EB9C7} : NameServer = 192.168.1.1
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Rocket
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3rocketsearch.com/?prt=mp3rockettb02ff&clid=1e08fb42357c4a8e853b7b6b4aeeb7dd&Keywords=
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{896642e4-c556-4ed3-85d1-9ac431603e7d}\components\Engine.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\s\application data\mozilla\firefox\profiles\ij23lcph.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\s\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\s\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\s\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\s\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-12 309848]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-4-12 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2010-4-12 8192]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-12 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-12 42184]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2009-7-30 20328]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-11 47640]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-9-16 44432]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-10-28 384752]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-5-30 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [2010-9-13 12592]
S3 cpuz132;cpuz132;\??\c:\docume~1\s\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\s\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-4 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-4 8456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-11-24 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-1 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-1 39984]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-2-23 69632]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 133104]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MBAMService;MBAMService;h:\misc\malwarebytes' anti-malware\mbamservice.exe [2011-5-1 366640]
S4 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files\mp3 rocket toolbar\Mp3RocketSvc.exe [2011-3-10 221696]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-28 2253688]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-10-17 718072]
.
=============== Created Last 30 ================
.
2011-07-19 01:12:33 -------- d-----w- c:\documents and settings\s\.bitrock
2011-07-17 22:14:36 -------- d-----w- c:\program files\Xvid
2011-07-13 00:13:59 -------- d-----w- c:\program files\Terraria
2011-07-13 00:01:30 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-07-11 19:46:32 -------- d-----w- c:\documents and settings\s\application data\SUPERAntiSpyware.com
2011-07-11 19:46:32 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-11 19:46:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-06 20:37:26 388096 ----a-r- c:\documents and settings\s\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-06 20:37:26 -------- d-----w- c:\program files\Trend Micro
2011-07-04 20:59:50 -------- d-----w- c:\documents and settings\s\local settings\application data\uTorrent
2011-07-03 13:17:06 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-03 13:17:06 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-02 20:36:39 -------- d-----w- c:\program files\VlcPlus
2011-07-02 02:41:02 -------- d-----w- c:\documents and settings\s\application data\bearsharemediabartb
2011-07-02 02:40:18 -------- d-----w- c:\documents and settings\all users\application data\12213
2011-07-02 02:40:01 -------- d-----w- c:\documents and settings\s\local settings\application data\BearShare
2011-07-02 02:39:42 -------- dc-h--w- c:\documents and settings\all users\application data\{F06A52F3-AA90-4454-899C-C7C40B1AC5DB}
2011-07-02 02:39:23 -------- d-----w- c:\program files\BearShare Applications
2011-07-02 02:39:23 -------- d-----w- c:\documents and settings\all users\application data\BearShare
2011-07-02 02:38:51 -------- d-----w- c:\documents and settings\s\local settings\application data\PackageAware
2011-07-02 02:36:02 -------- d-----w- c:\documents and settings\s\local settings\application data\Ares
2011-07-02 02:35:10 -------- d-----w- c:\program files\Ares
2011-07-02 02:20:53 -------- d-----w- c:\documents and settings\s\local settings\application data\antiphishing-wejangotb-1_0-dn
2011-07-02 02:20:51 -------- d-----w- c:\documents and settings\all users\application data\FaceSmooch Toolbar Antiphishing
2011-07-02 02:20:44 -------- d-----w- c:\documents and settings\s\application data\facesmoochtb
2011-07-01 01:24:12 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-01 01:24:06 -------- d-----w- c:\documents and settings\s\local settings\application data\PunkBuster
2011-07-01 01:14:59 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-01 01:14:58 138056 ----a-w- c:\documents and settings\s\application data\PnkBstrK.sys
2011-07-01 01:14:28 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 01:14:28 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-01 01:14:24 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-01 01:11:23 -------- d-----w- c:\documents and settings\s\application data\Xilisoft
2011-07-01 00:17:42 -------- d-----w- c:\program files\APB Reloaded
2011-07-01 00:12:21 -------- d-----w- c:\program files\Audio Converter 6
2011-07-01 00:12:21 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2011-06-30 23:11:37 -------- d-----w- c:\documents and settings\s\local settings\application data\GamersFirst LIVE!
2011-06-30 23:10:25 -------- d-----w- c:\program files\GamersFirst
2011-06-29 23:00:18 -------- d-----w- c:\documents and settings\s\local settings\application data\Darksiders
2011-06-28 19:51:43 -------- d-----w- c:\documents and settings\s\application data\Xfire
2011-06-28 19:46:08 -------- d-----w- c:\documents and settings\s\application data\DDMSettings
2011-06-25 05:36:24 -------- d-----w- c:\documents and settings\s\local settings\application data\Western Digital
2011-06-24 19:43:02 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-03 13:12:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 19:26:51 723294 ----a-w- c:\windows\unins000.exe
2011-06-14 15:17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-13 22:41:20 136704 --sha-r- c:\windows\system32\mswstr10D.dll
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 21:19:29.09 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 11:24:05
System Uptime: 7/18/2011 21:09:09 (0 hours ago)
.
Motherboard: BIOSTAR Group | | TA790GXB3
Processor: AMD Phenom™ II X2 555 Processor | CPU 1 | 3680/200mhz
Processor: AMD Phenom™ II X2 555 Processor | CPU 1 | 3680/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 127.275 GiB free.
D: is CDROM ()
H: is FIXED (NTFS) - 224 GiB total, 68.147 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_23091565&REV_03\4&2BA546C5&0&0038
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_23091565&REV_03\4&2BA546C5&0&0038
Service: RTLE8023xp
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet Pro L7700
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: L7700,192.168.1.2
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7700
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7700
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1: 6/14/2011 07:34:32 - System Checkpoint
RP2: 6/16/2011 10:11:02 - Software Distribution Service 3.0
RP3: 6/17/2011 13:00:21 - System Checkpoint
RP4: 6/25/2011 01:33:33 - System Checkpoint
RP5: 6/26/2011 13:28:26 - System Checkpoint
RP6: 6/30/2011 11:37:40 - System Checkpoint
RP7: 6/30/2011 21:13:55 - Installed DirectX
RP8: 7/2/2011 16:23:07 - System Checkpoint
RP9: 7/4/2011 11:02:06 - System Checkpoint
RP10: 6/29/2011 17:18:10 - System Checkpoint
RP11: 6/30/2011 20:01:35 - System Checkpoint
RP12: 7/2/2011 12:23:36 - System Checkpoint
RP13: 7/2/2011 16:30:44 - Removed Skype?5.3
RP14: 7/3/2011 17:19:50 - System Checkpoint
RP15: 7/5/2011 11:02:38 - System Checkpoint
RP16: 7/6/2011 14:05:18 - System Checkpoint
RP17: 7/6/2011 16:37:23 - Installed HiJackThis
RP18: 7/6/2011 16:49:28 - Installed Microsoft Fix it 50267
RP19: 7/11/2011 19:52:36 - System Checkpoint
RP20: 7/11/2011 21:44:07 - Removed Google Talk Plugin
RP21: 7/12/2011 20:01:20 - Installed LogMeIn Hamachi
RP22: 7/12/2011 22:43:26 - Installed Advanced IP Scanner
RP23: 7/17/2011 20:22:39 - System Checkpoint
.
==== Installed Programs ======================
.
Heroes of Might and Magic™ III Armageddon's Blade
µTorrent
32 Bit HP CIO Components Installer
7500_7600_7700_Help1
AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
AC3Filter (remove only)
Acoustica Effects Pack
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced IP Scanner
Advanced IP Scanner v1.5
Age of Mythology
Age of Mythology - The Titans Expansion
AIM 7
Amazon MP3 Downloader 1.0.12
AMD OverDrive
AMD Processor Driver
AnalogX NetStat Live
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
Aspell English Dictionary-0.50-2
ATI - Software Uninstall Utility
Audacity 1.2.6
avast! Free Antivirus
AviSynth 2.5
BearShare
Between IGF Demo
Bing Bar Platform
Bonjour
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BS.Player FREE
BufferChm
BulletStorm
Bz Enhanced 1.3
Bz Enhanced 1.3 Expansion Pack
CCleaner
Conduit Engine
Connect
CPUID CPU-Z 1.55
Creeper World
Creeper World DEMO
Dead Rising 2
Destinations
DeviceDiscovery
DFX for Windows Media Player
DivX Setup
DocProc
Dogpile Bundle Toolbar
Download Manager 2.3.10
Dropbox
Dual-Core Optimizer
Dungeons and Dragons Daggerdale
EASEUS Partition Master 6.5.2 Home Edition
F.lux
Fallout 3
Fallout New Vegas
Fax
FoxTab MP3 Converter (remove only)
Fraps
Free Convert AAC to MP3 AMR OGG M4A Converter 5.8
Free M4a to MP3 Converter 6.2
Gamer HUD Lite
GamersFirst LIVE!
GNU Aspell 0.50-3
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Update Helper
GPBaseService2
GTK+ Runtime 2.14.7 rev a (remove only)
Guild Wars
Hero Fighter
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
Heroes of Might and Magic® III
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP OfficeJet L7300/L7500/7600/7700
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
HW Monitor
ijji REACTOR
iTunes
Java Auto Updater
Java™ 6 Update 26
JDownloader
K-Lite Mega Codec Pack 6.6.6
kuler
L7700
Last.fm 1.5.4.27091
Little Fighter 2 version 2.0a
Little Fighter 2.5 - v2.0
LogMeIn
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Media Player Classic - Home Cinema v1.4.2499.0
MediaBar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 8.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ Run Time Lib Setup
Microsoft Windows Application Compatibility Database
Mozilla Firefox 5.0 (x86 en-US)
MP3 Rocket
MP3 Rocket Toolbar
MP3Rocket FileBulldog Toolbar
Mp3tag v2.48
MPM
MSI Afterburner 1.6.1
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
NCH Toolbar
Network
Nexon Game Manager
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Update
Oblivion
Oblivion - BTmod 2.20
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - The Fighter's Stronghold
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OCR Software by I.R.I.S. 14.0
OGPlanet Game Launcher
oZone3D.Net FurMark v1.8.2
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
PhotoStage Slideshow Producer
Pidgin
Pixel Bender Toolkit
Portal 2
Postal 2 Apocalypse Weekend Expansion Pack
Postal 2 Share The Pain
PowerISO
ProductContext
Project64 1.6
Project64 1.7.0.55
Prototype™
PSP ISO Compressor
PSP Video 9 6
PunkBuster Services
Quake III Arena
Quake III Arena Point Release 1.32
Quick Web Player
QuickTime
RadarSync PC Updater 2010
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Red Faction Guerrilla
Rumble Fighter
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shop for HP Supplies
Skype Toolbars
Skype?5.3
SmartWebPrinting
SolutionCenter
SopCast 3.2.9
SpaceChem Demo
Spacewar
SpeedFan (remove only)
SPORE™
Spybot - Search & Destroy
SRS HD Audio Lab
Status
Steam
STREET FIGHTER IV
Sudoku Wizards 1.0
Suite Shared Configuration CS4
SUPERAntiSpyware
SWAT 4
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 6
Temperature Converter
The Witcher 2
Tom Clancy's Splinter Cell Conviction
Toolbox
TrayApp
Tunngle beta
TVUPlayer 2.5.3.1
TweakWindow
Ubisoft Game Launcher
Unofficial Oblivion Patch v3.2.0
Unreal Tournament 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Uplink
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
VideoPad Video Editor
Virtual City .
VLC media player 1.1.10
VLC Player
WBFS Manager 2.5
WebFldrs XP
WebReg
Windows Imaging Component
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Worms Reloaded
Xfire (remove only)
Xilisoft Audio Converter 6
Xvid Video Codec
YouTube Downloader 2.7.2
ZENcast Organizer
.
==== Event Viewer Messages From Past Week ========
.
7/15/2011 10:50:14, error: Print [6161] - The document TimingBelt_conponen.pdf owned by S failed to print on printer HP Officejet Pro L7700 Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 4453460. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\SHAWN_KELLY. Win32 error code returned by the print processor: 6 (0x6).
7/13/2011 16:13:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/12/2011 23:01:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
7/12/2011 20:01:35, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi 2.0 Tunneling Engine service to connect.
7/12/2011 20:01:35, error: Service Control Manager [7000] - The LogMeIn Hamachi 2.0 Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/11/2011 19:34:44, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SRS HDAudio Lab Service service to connect.
7/11/2011 19:34:44, error: Service Control Manager [7000] - The SRS HDAudio Lab Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/11/2011 15:53:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB23EE000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0xAFC4A000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5128192 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1839104 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7E23000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAF7B8000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAF8F1000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xAF9D3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB22E3000 C:\WINDOWS\system32\drivers\SRS_HDAL_i386.sys 442368 bytes (-, SRS Premium Sound driver)
0xAFB73000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAE67D000 C:\WINDOWS\system32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver)
0xAF989000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAEA6A000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xAD7E6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB2256000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB228A000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAED02000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7DF6000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAFA42000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAE6F8000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB234F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAFB02000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAFC26000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB2377000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB239A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAFAE0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAFA6E000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xAFB52000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7EEC000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAD319000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 118784 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB7DCA000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAF7A0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAF1C9000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7EC3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB22CC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAEF34000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB23DA000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAFBCB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7EB0000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7EDA000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xAEAD5000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB22BB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB7DE5000 sfdrv01.sys 69632 bytes (Protection Technology, StarForce Protection Environment Driver)
0xB8148000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8218000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xB8258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB32EE000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAF891000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8228000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB82A8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xB8318000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xB331E000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xB32FE000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB32DE000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB32CE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB32AE000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB330E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB32BE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB81F8000 C:\WINDOWS\system32\DRIVERS\tap0901t.sys 45056 bytes (Tunngle.net, TAP-Win32 Virtual Network Driver)
0xB8308000 C:\WINDOWS\system32\DRIVERS\dc3d.sys 40960 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0xAE912000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB8238000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB80F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB8208000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB8278000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xAD69E000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB82C8000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB80A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8288000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB83D8000 C:\WINDOWS\system32\drivers\BS_I2cIo.sys 32768 bytes (BIOSTAR Group, I/O Interface driver file)
0xB83A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8498000 C:\WINDOWS\system32\DRIVERS\nvoclock.sys 32768 bytes (NVIDIA Corp., NVIDIA System Utility Driver)
0xB8340000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0xB8458000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8400000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB84A0000 C:\DOCUME~1\S\LOCALS~1\Temp\mbr.sys 28672 bytes
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB83E8000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB8448000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8450000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8490000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB83C8000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB8338000 sfsync02.sys 24576 bytes (Protection Technology, StarForce Protection Synchronization Driver)
0xB8398000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB83B8000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xB8388000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB8488000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xAF768000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xB83A0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8478000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8480000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8470000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8438000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8428000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8590000 C:\WINDOWS\system32\drivers\BIOS.sys 16384 bytes (BIOSTAR Group, I/O Interface driver file)
0xAEA5E000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xB8554000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAF364000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAFADC000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAFA90000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAFAB4000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAFAB0000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB3D86000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB859C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xADC47000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 12288 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB3D8A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB8624000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8668000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB8622000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8626000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB861E000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xB8628000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB8644000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xB85AE000 speedfan.sys 8192 bytes
0xB85CA000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xB860A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB860E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0xB86F4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB868C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8672000 giveio.sys 4096 bytes
0xB86F3000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xB878B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing else to report.

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 July 2011 - 08:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   Chevelle1258 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 16-March 10

Posted 18 July 2011 - 09:37 PM

ComboFix 11-07-18.05 - S 07/18/2011 22:05:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2662 [GMT -4:00]
Running from: c:\documents and settings\S\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\S\Application Data\.#
c:\documents and settings\S\WINDOWS
c:\program files\codec
c:\program files\codec\history.txt
c:\program files\codec\readme.txt
c:\program files\codec\Uninstall\unins000.dat
c:\program files\driver
c:\program files\MP3 Rocket Toolbar\mp3Rockettb.dll
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 01:51 . 2011-07-19 02:01 -------- d-----w- C:\32788R22FWJFW
2011-07-19 01:12 . 2011-07-19 01:12 -------- d-----w- c:\documents and settings\S\.bitrock
2011-07-17 22:14 . 2011-07-17 22:14 -------- d-----w- c:\program files\Xvid
2011-07-13 00:13 . 2011-07-13 00:14 -------- d-----w- c:\program files\Terraria
2011-07-13 00:01 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-07-12 23:54 . 2011-07-12 23:54 -------- d-----w- c:\documents and settings\S\Application Data\dvdcss
2011-07-11 19:46 . 2011-07-11 19:46 -------- d-----w- c:\documents and settings\S\Application Data\SUPERAntiSpyware.com
2011-07-11 19:46 . 2011-07-11 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-11 19:46 . 2011-07-11 19:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-06 20:37 . 2011-07-06 20:37 388096 ----a-r- c:\documents and settings\S\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 20:37 . 2011-07-06 20:37 -------- d-----w- c:\program files\Trend Micro
2011-07-04 20:59 . 2011-07-04 20:59 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\uTorrent
2011-07-03 13:17 . 2011-07-03 13:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 13:17 . 2011-07-03 13:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-02 20:36 . 2011-07-02 20:36 -------- d-----w- c:\program files\VlcPlus
2011-07-02 02:41 . 2011-07-02 02:45 -------- d-----w- c:\documents and settings\S\Application Data\bearsharemediabartb
2011-07-02 02:40 . 2011-07-02 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\12213
2011-07-02 02:40 . 2011-07-02 02:40 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\BearShare
2011-07-02 02:39 . 2011-07-02 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{F06A52F3-AA90-4454-899C-C7C40B1AC5DB}
2011-07-02 02:39 . 2011-07-02 02:40 -------- d-----w- c:\program files\BearShare Applications
2011-07-02 02:39 . 2011-07-02 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BearShare
2011-07-02 02:38 . 2011-07-02 02:38 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\PackageAware
2011-07-02 02:36 . 2011-07-02 02:36 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\Ares
2011-07-02 02:35 . 2011-07-02 02:37 -------- d-----w- c:\program files\Ares
2011-07-02 02:20 . 2011-07-02 02:20 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\antiphishing-wejangotb-1_0-dn
2011-07-02 02:20 . 2011-07-02 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FaceSmooch Toolbar Antiphishing
2011-07-02 02:20 . 2011-07-02 02:31 -------- d-----w- c:\documents and settings\S\Application Data\facesmoochtb
2011-07-01 01:24 . 2011-07-02 17:45 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-01 01:24 . 2011-07-01 01:24 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\PunkBuster
2011-07-01 01:14 . 2011-07-02 17:46 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-01 01:14 . 2011-07-01 01:14 138056 ----a-w- c:\documents and settings\S\Application Data\PnkBstrK.sys
2011-07-01 01:14 . 2011-07-02 17:45 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 01:14 . 2011-07-01 01:31 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-01 01:14 . 2011-07-01 01:14 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-01 01:11 . 2011-07-01 01:11 -------- d-----w- c:\documents and settings\S\Application Data\Xilisoft
2011-07-01 00:17 . 2011-07-02 17:44 -------- d-----w- c:\program files\APB Reloaded
2011-07-01 00:12 . 2011-07-01 01:19 -------- d-----w- c:\program files\Audio Converter 6
2011-07-01 00:12 . 2011-07-01 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Xilisoft
2011-06-30 23:11 . 2011-06-30 23:11 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\GamersFirst LIVE!
2011-06-30 23:10 . 2011-06-30 23:10 -------- d-----w- c:\program files\GamersFirst
2011-06-29 23:00 . 2011-06-29 23:16 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\Darksiders
2011-06-28 19:51 . 2011-07-19 01:17 -------- d-----w- c:\documents and settings\S\Application Data\Xfire
2011-06-28 19:46 . 2011-06-28 19:46 -------- d-----w- c:\documents and settings\S\Application Data\DDMSettings
2011-06-25 05:36 . 2011-06-25 05:36 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\Western Digital
2011-06-24 19:48 . 2011-06-24 19:48 -------- d-----w- c:\documents and settings\S\Application Data\Amazon
2011-06-24 19:43 . 2011-06-24 19:43 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-08-19 23:51 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-04-12 07:24 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-01 23:15 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-04-12 07:24 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-04-12 07:24 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-04-12 07:24 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-04-12 07:24 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-04-12 07:24 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-04-12 07:24 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-04-12 07:24 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-03 13:12 . 2011-05-23 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 19:26 . 2011-06-14 19:27 723294 ----a-w- c:\windows\unins000.exe
2011-06-14 15:17 . 2011-06-14 15:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-29 13:11 . 2011-05-02 01:08 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-05-02 01:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 08:52 . 2010-04-25 06:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2010-04-12 07:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-03 13:17 . 2011-05-09 11:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-11-24 15:16 . 2010-11-24 15:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2011-01-17 14:54 175912 ----a-w- c:\program files\NCH\prxtbNC0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\S\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\S\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\S\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\S\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"F.lux"="c:\documents and settings\S\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Fraps"="c:\program files\MISC\FRAPS\FRAPS.EXE" [2010-06-15 2176944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Chrome"="c:\documents and settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011-07-09 1012792]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\documents and settings\S\Start Menu\Programs\Startup\
Skype.lnk - c:\windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe [N/A]
StartupCPU.lnk - c:\documents and settings\S\Application Data\FAH\CPU\StartupCPU.exe [2011-5-12 35944]
StartupGPU.lnk - c:\documents and settings\S\Application Data\FAH\GPU\StartupGPU.exe [2011-5-12 35944]
VersionCheck.lnk - c:\documents and settings\S\Application Data\FAH\VersionCheck.exe [2011-5-1 45010]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-27 18:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"SCardSvr"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"TunngleService"=2 (0x2)
"hkmsvc"=3 (0x3)
"DAUpdaterSvc"=3 (0x3)
"dmadmin"=2 (0x2)
"dmserver"=2 (0x2)
"LMIMaint"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"LogMeIn"=2 (0x2)
"McComponentHostService"=3 (0x3)
"LMIGuardianSvc"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"wlidsvc"=2 (0x2)
"AODService"=2 (0x2)
"TeamViewer6"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Mp3Rocket Toolbar Helper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\S\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Documents and Settings\\S\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Daggerdale\\Binaries\\Win32\\DnDGame.exe"=
"h:\\Games and Emulators\\Battlezone\\BzE1.3.exe"=
"h:\\Games and Emulators\\Oblivion\\Data\\Cinnamon crunch.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\APB Reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\APB Reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\between - demo\\Between.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spacewar\\SteamWorksExample.exe"=
"c:\\Program Files\\Steam\\steamapps\\chevelle1258\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56308:TCP"= 56308:TCP:Pando Media Booster
"56308:UDP"= 56308:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58136:TCP"= 58136:TCP:Pando Media Booster
"58136:UDP"= 58136:UDP:Pando Media Booster
"57019:TCP"= 57019:TCP:Pando Media Booster
"57019:UDP"= 57019:UDP:Pando Media Booster
"57762:TCP"= 57762:TCP:Pando Media Booster
"57762:UDP"= 57762:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/1/2011 19:15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/12/2010 03:24 309848]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [4/12/2010 02:49 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [4/12/2010 02:58 8192]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 14:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 14:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/12/2010 03:24 19544]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [7/30/2009 00:08 20328]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [5/25/2011 17:29 1336712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 11:31 12856]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [9/16/2010 15:38 44432]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 14:59 38248]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [10/28/2010 16:50 384752]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [5/30/2010 22:37 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [9/13/2010 16:26 12592]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/4/2010 19:35 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/4/2010 19:35 8456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/24/2010 11:16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2010 03:24 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/1/2011 21:08 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/1/2011 21:08 39984]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2/23/2009 03:21 69632]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2010 03:24 133104]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 14:47 374152]
S4 MBAMService;MBAMService;h:\misc\Malwarebytes' Anti-Malware\mbamservice.exe [5/1/2011 21:08 366640]
S4 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files\MP3 Rocket Toolbar\Mp3RocketSvc.exe [3/10/2011 01:30 221696]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2010 06:18 691696]
S4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2/28/2011 20:58 2253688]
S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [10/17/2010 16:48 718072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 07:24]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 07:24]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-813497703-839522115-1003Core.job
- c:\documents and settings\S\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 07:48]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-813497703-839522115-1003UA.job
- c:\documents and settings\S\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 07:48]
.
2011-07-18 c:\windows\Tasks\Shutdown.job
- c:\windows\system32\shutdown.exe [2004-08-04 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{1F6E6BA1-7D46-4244-8B09-2608ABCCF999}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{6B859E5C-0C45-4101-A771-9DFB678EB9C7}: NameServer = 192.168.1.1
DPF: {EFAFA691-318D-410E-9682-F1C88150917E} - hxxp://www.sephiroth.co.kr/sephiroth/images/activex/sephiroth.cab
FF - ProfilePath - c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\ij23lcph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Rocket
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3rocketsearch.com/?prt=mp3rockettb02ff&clid=1e08fb42357c4a8e853b7b6b4aeeb7dd&Keywords=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\Dogpile Bundle Toolbar\Helper.dll
BHO-{3c490bf5-4244-4310-b4a7-3361f288dac5} - c:\program files\facesmoochtb\facesmoochDx.dll
BHO-{41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - c:\program files\facesmoochtb\auxi\facesmoochAu.dll
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
BHO-{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
Toolbar-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
Toolbar-{3c490bf5-4244-4310-b4a7-3361f288dac5} - c:\program files\facesmoochtb\facesmoochDx.dll
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
HKCU-Run-SRSHDAudioLab - c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe
HKCU-Run-Chrome - c:\program files\Google\Chrome\Application\chrome.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
AddRemove-AIM_7 - c:\program files\AIM\uninst.exe
AddRemove-AnalogX NetStat Live - j:\misc\Netstat\nslu.exe
AddRemove-BSPlayerf - c:\program files\BSplayer\uninstall.exe
AddRemove-CPUID CPU-Z_is1 - c:\program files\CPU-Z\unins000.exe
AddRemove-Dogpile Bundle Toolbar - c:\program files\Dogpile Bundle Toolbar\Uninst.exe
AddRemove-Dungeons and Dragons Daggerdale_is1 - c:\program files\Dungeons and Dragons Daggerdale\unins000.exe
AddRemove-Fraps - c:\program files\MIsc\uninstall.exe
AddRemove-Hero Fighter - j:\games and emulators\Little Fighters\Hero Fighter\Uninstal.exe
AddRemove-Little Fighter 2 version 2.0a - j:\games and emulators\Little Fighters\Little Fighters 2\Uninstal.exe
AddRemove-Little Fighter 2.5 - v2.0 - j:\games and emulators\Little Fighters\Uninstal.exe
AddRemove-MP3Rocket FileBulldog Toolbar - c:\program files\MP3Rocket FileBulldog Toolbar\UninstallToolbar.exe
AddRemove-Mp3tag - j:\misc\MP3 Tag Editor\Mp3tag\Mp3tagUninstall.EXE
AddRemove-Notepad++ - j:\misc\Notepad++\uninstall.exe
AddRemove-Sudoku Wizards - c:\program files\Sudoku Wizards\uninst.exe
AddRemove-Virtual City - c:\program files\Virtual City\Uninstall.exe
AddRemove-Worms Reloaded_is1 - j:\games and emulators\Worms Reloaded\unins000.exe
AddRemove-{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1 - c:\program files\oZone3D\Benchmarks\FurMark_v1.8.2\unins000.exe
AddRemove-{300D824F-DA86-4F08-B38C-3B204291AFE9}_is1 - c:\program files\SpaceChem Demo\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-18 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3072)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\documents and settings\S\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2011-07-18 22:35:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 02:35
.
Pre-Run: 140,704,231,424 bytes free
Post-Run: 142,192,627,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
[spybotsd]
timeout.old=30
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5294396B9250AC4DE44F22EE25E3A1AF


And still no dice, i'm still getting redirected.

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 July 2011 - 10:06 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   Chevelle1258 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 16-March 10

Posted 18 July 2011 - 10:17 PM

2011/07/18 23:16:31.0578 2172 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/18 23:16:31.0921 2172 ================================================================================
2011/07/18 23:16:31.0921 2172 SystemInfo:
2011/07/18 23:16:31.0921 2172
2011/07/18 23:16:31.0921 2172 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/18 23:16:31.0921 2172 Product type: Workstation
2011/07/18 23:16:31.0921 2172 ComputerName: SHAWN_KELLY
2011/07/18 23:16:31.0921 2172 UserName: S
2011/07/18 23:16:31.0921 2172 Windows directory: C:\WINDOWS
2011/07/18 23:16:31.0921 2172 System windows directory: C:\WINDOWS
2011/07/18 23:16:31.0921 2172 Processor architecture: Intel x86
2011/07/18 23:16:31.0921 2172 Number of processors: 2
2011/07/18 23:16:31.0921 2172 Page size: 0x1000
2011/07/18 23:16:31.0921 2172 Boot type: Normal boot
2011/07/18 23:16:31.0921 2172 ================================================================================
2011/07/18 23:16:33.0265 2172 Initialize success
2011/07/18 23:16:34.0781 3048 ================================================================================
2011/07/18 23:16:34.0781 3048 Scan started
2011/07/18 23:16:34.0781 3048 Mode: Manual;
2011/07/18 23:16:34.0781 3048 ================================================================================
2011/07/18 23:16:35.0828 3048 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/18 23:16:35.0937 3048 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/18 23:16:36.0000 3048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/18 23:16:36.0046 3048 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
2011/07/18 23:16:36.0093 3048 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/07/18 23:16:36.0109 3048 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/07/18 23:16:36.0187 3048 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2011/07/18 23:16:36.0265 3048 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/07/18 23:16:36.0328 3048 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/07/18 23:16:36.0421 3048 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/18 23:16:36.0468 3048 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/18 23:16:36.0484 3048 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/18 23:16:36.0531 3048 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/18 23:16:36.0562 3048 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/18 23:16:36.0593 3048 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/18 23:16:36.0625 3048 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/18 23:16:36.0640 3048 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/18 23:16:36.0750 3048 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/07/18 23:16:36.0906 3048 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/18 23:16:37.0000 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/18 23:16:37.0078 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/18 23:16:37.0109 3048 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
2011/07/18 23:16:37.0140 3048 BS_I2cIo (9383ffa2aad55f6ca4831addd0edf230) C:\WINDOWS\system32\drivers\BS_I2cIo.sys
2011/07/18 23:16:37.0203 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/18 23:16:37.0281 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/18 23:16:37.0328 3048 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/18 23:16:37.0390 3048 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/18 23:16:37.0656 3048 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2011/07/18 23:16:37.0828 3048 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\WINDOWS\system32\DRIVERS\dc3d.sys
2011/07/18 23:16:37.0843 3048 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/18 23:16:37.0890 3048 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/18 23:16:37.0906 3048 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/18 23:16:37.0921 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/18 23:16:38.0000 3048 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/18 23:16:38.0015 3048 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/18 23:16:38.0125 3048 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/07/18 23:16:38.0156 3048 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/07/18 23:16:38.0203 3048 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/18 23:16:38.0250 3048 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/18 23:16:38.0281 3048 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/18 23:16:38.0328 3048 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/18 23:16:38.0406 3048 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/18 23:16:38.0437 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/18 23:16:38.0453 3048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/18 23:16:38.0484 3048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/18 23:16:38.0500 3048 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/07/18 23:16:38.0546 3048 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/18 23:16:38.0593 3048 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/07/18 23:16:38.0609 3048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/18 23:16:38.0640 3048 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/18 23:16:38.0703 3048 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/18 23:16:38.0703 3048 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/18 23:16:38.0718 3048 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/18 23:16:38.0796 3048 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/18 23:16:38.0843 3048 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/18 23:16:38.0890 3048 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/18 23:16:39.0062 3048 IntcAzAudAddService (1508153784633e16dc3dfce3cd7a9b18) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/18 23:16:39.0109 3048 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/18 23:16:39.0140 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/18 23:16:39.0140 3048 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/18 23:16:39.0171 3048 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/18 23:16:39.0203 3048 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/18 23:16:39.0250 3048 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/18 23:16:39.0296 3048 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/18 23:16:39.0328 3048 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/18 23:16:39.0375 3048 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/18 23:16:39.0406 3048 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/18 23:16:39.0468 3048 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/07/18 23:16:39.0671 3048 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/07/18 23:16:39.0687 3048 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/07/18 23:16:39.0734 3048 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/07/18 23:16:39.0781 3048 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/18 23:16:39.0828 3048 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/18 23:16:39.0875 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/18 23:16:39.0906 3048 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/18 23:16:39.0937 3048 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/18 23:16:39.0984 3048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/18 23:16:40.0000 3048 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/18 23:16:40.0015 3048 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/18 23:16:40.0046 3048 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/18 23:16:40.0062 3048 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/18 23:16:40.0125 3048 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/18 23:16:40.0125 3048 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/18 23:16:40.0140 3048 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/18 23:16:40.0140 3048 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/18 23:16:40.0156 3048 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/18 23:16:40.0203 3048 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/18 23:16:40.0234 3048 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/18 23:16:40.0265 3048 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/18 23:16:40.0265 3048 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/18 23:16:40.0328 3048 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/18 23:16:40.0343 3048 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/18 23:16:40.0390 3048 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/18 23:16:40.0437 3048 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/18 23:16:40.0484 3048 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/18 23:16:40.0546 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/18 23:16:40.0843 3048 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/18 23:16:41.0125 3048 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
2011/07/18 23:16:41.0156 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/18 23:16:41.0171 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/18 23:16:41.0203 3048 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/18 23:16:41.0250 3048 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/18 23:16:41.0265 3048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/18 23:16:41.0281 3048 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/18 23:16:41.0343 3048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/18 23:16:41.0375 3048 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/18 23:16:41.0562 3048 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/07/18 23:16:41.0578 3048 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/18 23:16:41.0609 3048 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/18 23:16:41.0625 3048 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/18 23:16:41.0656 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/18 23:16:41.0687 3048 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/18 23:16:41.0781 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/18 23:16:41.0812 3048 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/18 23:16:41.0812 3048 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/18 23:16:41.0828 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/18 23:16:41.0859 3048 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/18 23:16:41.0906 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/18 23:16:41.0921 3048 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/18 23:16:41.0953 3048 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/18 23:16:41.0968 3048 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/18 23:16:42.0031 3048 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/07/18 23:16:42.0156 3048 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/18 23:16:42.0156 3048 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/18 23:16:42.0203 3048 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/07/18 23:16:42.0296 3048 Secdrv (314a998b1732c1acd6b6459ec9961ad8) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/18 23:16:42.0328 3048 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/18 23:16:42.0421 3048 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/07/18 23:16:42.0453 3048 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/07/18 23:16:42.0500 3048 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/18 23:16:42.0531 3048 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/07/18 23:16:42.0578 3048 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/07/18 23:16:42.0609 3048 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/18 23:16:42.0687 3048 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
2011/07/18 23:16:42.0734 3048 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/18 23:16:42.0796 3048 SRS_HDAL_Service (55426fed504356125080d1085024564c) C:\WINDOWS\system32\drivers\SRS_HDAL_i386.sys
2011/07/18 23:16:42.0812 3048 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/18 23:16:42.0875 3048 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/18 23:16:42.0890 3048 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/18 23:16:42.0953 3048 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/18 23:16:43.0078 3048 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/18 23:16:43.0156 3048 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
2011/07/18 23:16:43.0171 3048 Tcpip (6a603809f598332dbedd535bdbce313e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/18 23:16:43.0203 3048 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/18 23:16:43.0234 3048 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/18 23:16:43.0250 3048 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/18 23:16:43.0296 3048 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/18 23:16:43.0359 3048 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/18 23:16:43.0437 3048 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/18 23:16:43.0453 3048 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/18 23:16:43.0515 3048 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/18 23:16:43.0546 3048 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/18 23:16:43.0593 3048 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/18 23:16:43.0625 3048 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/18 23:16:43.0656 3048 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/18 23:16:43.0671 3048 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/18 23:16:43.0687 3048 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/18 23:16:43.0781 3048 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/18 23:16:43.0796 3048 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/18 23:16:43.0875 3048 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/18 23:16:43.0906 3048 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/18 23:16:43.0984 3048 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/18 23:16:44.0046 3048 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/18 23:16:44.0109 3048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/18 23:16:44.0125 3048 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/18 23:16:44.0156 3048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/18 23:16:44.0375 3048 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
2011/07/18 23:16:44.0375 3048 Boot (0x1200) (d41462815e5458130a85934036e61c53) \Device\Harddisk0\DR0\Partition0
2011/07/18 23:16:44.0390 3048 Boot (0x1200) (85fed13ed7e3185d30ab3bd1d685ee71) \Device\Harddisk1\DR2\Partition0
2011/07/18 23:16:44.0390 3048 Boot (0x1200) (c591b02578954f9e4204533542816a23) \Device\Harddisk1\DR2\Partition1
2011/07/18 23:16:44.0406 3048 ================================================================================
2011/07/18 23:16:44.0406 3048 Scan finished
2011/07/18 23:16:44.0406 3048 ================================================================================
2011/07/18 23:16:44.0500 1680 Detected object count: 0
2011/07/18 23:16:44.0500 1680 Actual detected object count: 0

It appears to have stopped. Tried a couple of links and i get to the right site. Thank you!

This post has been edited by Chevelle1258: 18 July 2011 - 10:40 PM

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 08:04 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.




These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 9
    Conduit Engine

    and click on remove


Update Adobe Reader

    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

      If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.


Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

    I would like you to rerun MBAM

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


"information and logs"

    In your next post I need the following

    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   Chevelle1258 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 16-March 10

Posted 19 July 2011 - 10:10 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7200

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/19/2011 10:53:45
mbam-log-2011-07-19 (10-53-45).txt

Scan type: Quick scan
Objects scanned: 164011
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar (Adware.MyWebSearch) -> Value: My Web Search Bar -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\S\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:11, on 7/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\msiexec.exe
h:\Misc\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
H:\Misc\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\S\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mp3rocket/{1F6E6BA1-7D46-4244-8B09-2608ABCCF999}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC0.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - (no file)
O2 - BHO: (no name) - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - (no file)
O2 - BHO: NCH - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC0.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (file missing)
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC0.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Chrome] C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "h:\Misc\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\S\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE
O4 - Startup: Skype.lnk = ?
O4 - Startup: StartupCPU.lnk = C:\Documents and Settings\S\Application Data\FAH\CPU\StartupCPU.exe
O4 - Startup: StartupGPU.lnk = C:\Documents and Settings\S\Application Data\FAH\GPU\StartupGPU.exe
O4 - Startup: VersionCheck.lnk = C:\Documents and Settings\S\Application Data\FAH\VersionCheck.exe
O4 - Global Startup: avast! Free Antivirus.lnk = C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFAFA691-318D-410E-9682-F1C88150917E} (GameStarter Control) - http://www.sephiroth.co.kr/sephiroth/images/activex/sephiroth.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B859E5C-0C45-4101-A771-9DFB678EB9C7}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - h:\Misc\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 13297 bytes

Everything still seems to work, but it made it so avast doesn't start on start up anymore. I added it to the startup folder under programs though.

What was the rootkit that i had?

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 10:42 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Chrome] C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
      O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
      O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
      O4 - Startup: StartupCPU.lnk = C:\Documents and Settings\S\Application Data\FAH\CPU\StartupCPU.exe
      O4 - Startup: StartupGPU.lnk = C:\Documents and Settings\S\Application Data\FAH\GPU\StartupGPU.exe
      O4 - Startup: VersionCheck.lnk = C:\Documents and Settings\S\Application Data\FAH\VersionCheck.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brakets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   Chevelle1258 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 22
  • Joined: 16-March 10

Posted 19 July 2011 - 03:03 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d37996e76ba9d94f8b8f9b647a77c51f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-19 07:25:14
# local_time=2011-07-19 03:25:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1020046 1020046 0 0
# compatibility_mode=768 16777215 100 0 39108812 39108812 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=275875
# found=17
# cleaned=0
# scan_time=12420
C:\Documents and Settings\S\Application Data\Bad STuff\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\S\Application Data\Bad STuff\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabAudioConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Misc\WBFS\wbfs_inteligent_gui_v6.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Project64\NRage-Language-1034.dll probably a variant of Win32/Agent.NCPYDY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Project64\Project64k.exe probably a variant of Win32/Agent.MKTXMYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP10\A0006844.exe probably a variant of Win32/Spy.Banker.DOZNEMA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP10\A0007706.exe probably a variant of Win32/Agent.MFNJEN trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP10\A0007772.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP15\A0009696.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP23\A0013484.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP5\A0003003.exe probably a variant of Win32/Spy.Agent.EHMQJCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{72DD55D3-25A7-4FA6-A767-A8E6A49C5485}\RP5\A0003004.exe probably a variant of Win32/Agent.MBXJMSI trojan (unable to clean) 00000000000000000000000000000000 I
H:\Games and Emulators\Project64\NRage-Language-1034.dll probably a variant of Win32/Agent.NCPYDY trojan (unable to clean) 00000000000000000000000000000000 I
H:\Games and Emulators\Project64\Project64k.exe probably a variant of Win32/Agent.MKTXMYH trojan (unable to clean) 00000000000000000000000000000000 I

#12 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 03:13 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    Quote

    @echo off
    del /f /s /q "C:\Documents and Settings\S\Application Data\Bad STuff\enemies-names.txt"
    del /f /s /q "C:\Documents and Settings\S\Application Data\Bad STuff\local.ini"
    del /f /s /q "C:\Program Files\FoxTabAudioConverter\Uninstall\Uninstall.exe"
    del /f /s /q "C:\Program Files\Misc\WBFS\wbfs_inteligent_gui_v6.exe"
    del /f /s /q "C:\Program Files\Project64\NRage-Language-1034.dll"
    del /f /s /q "C:\Program Files\Project64\Project64k.exe"
    del /f /s /q "C:\Program Files\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
    del /f /s /q "H:\Games and Emulators\Project64\NRage-Language-1034.dll"
    del /f /s /q "H:\Games and Emulators\Project64\Project64k.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.



The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

    Your Emulation drivers are now re-enabled.



:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image



:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



:Make Firefox more secure:




Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.


Here is some great reading about how to be safer online:




I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 22 July 2011 - 02:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users