Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Viruses (monder/renos/zlob)


  • This topic is locked This topic is locked
3 replies to this topic

#1 xyerx121pl

xyerx121pl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 10 May 2008 - 06:32 PM

Hi BleepingForums!,

I realized I might have a problem when Spybot kept popping up a window on start-up. It went as follows:

~~~~
Spybot - Search & Destroy has detected an important registry entry that has been changed.

Category: System Startup global entry
Change: Value changed

Entry: MSServer

Old data: rundll32.exe C:\Windows\system32\ddcDSLDV.dll,#1
New data: rundll32.exe C:\Windows\system32\efcYQJcY.dll,#1
~~~~

Message kept popping up everyday with different values in the .dll part .

So I ran Kaspersky Online Scanner. Tried saving log and Firefox closed on me. Ran second time but stopped it when it hit 4 viruses which was what it got last time. Was able to save log. Log is below.

Viruses Identified:

Trojan.Win32.Monder.gen
not-virus:Hoax.win32.Renos.bkl
Trojan-Downloader.win32.Zlob.kyg
Trojan.Win32.Monder.dg

Would appreciate any advice on how to remove these. Also ran Deckard's System Scanner. Logs below. Extra.txt is attached.

~~~~

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 10, 2008 7:01:14 PM
Operating System: Microsoft Windows Vista, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/05/2008
Kaspersky Anti-Virus database records: 754681
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
I:\
Scan Statistics
Total number of scanned objects 69754
Number of viruses found 4
Number of infected objects 22
Number of suspicious objects 0
Duration of the scan process 00:49:24

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080510-144807.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01c02cfa62cbe8684176eaba79f3922f_f24d0b38-1e22-42d3-bc19-3347c597b9ba Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.752.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.752.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010029.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010033.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010040.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010041.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2063.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf85E1.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf85E2.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-074131.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\UsrClass.dat{e7cff4af-56a8-11dc-9277-001a92d3f2c8}.TM.blf Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\UsrClass.dat{e7cff4af-56a8-11dc-9277-001a92d3f2c8}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows\UsrClass.dat{e7cff4af-56a8-11dc-9277-001a92d3f2c8}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\PatG\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\PatG\AppData\Local\Mozilla\Firefox\Profiles\tt8fv8u5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\PatG\AppData\Local\Mozilla\Firefox\Profiles\tt8fv8u5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\PatG\AppData\Local\Mozilla\Firefox\Profiles\tt8fv8u5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\PatG\AppData\Local\Mozilla\Firefox\Profiles\tt8fv8u5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\PatG\AppData\Local\Mozilla\Firefox\Profiles\tt8fv8u5.default\XUL.mfl Object is locked skipped
C:\Users\PatG\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\PatG\AppData\Local\Temp\tmp000117d3 Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp000133bc Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp00013774 Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp00013793 Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp000177cd Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp00019471 Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp00020415 Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp000cfab3 Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\tmp001e1d7f Infected: Trojan.Win32.Monder.gen skipped
C:\Users\PatG\AppData\Local\Temp\zfe1.exe Infected: not-virus:Hoax.Win32.Renos.bkl skipped
C:\Users\PatG\AppData\Local\Temp\zfe2.exe Infected: Trojan-Downloader.Win32.Zlob.kyg skipped
C:\Users\PatG\AppData\Local\Temp\zfe4.exe Infected: Trojan-Downloader.Win32.Zlob.kyg skipped
C:\Users\PatG\AppData\Local\Temp\zfe5.exe Infected: not-virus:Hoax.Win32.Renos.bkl skipped
C:\Users\PatG\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\PatG\AppData\Roaming\Mozilla\Firefox\Profiles\tt8fv8u5.default\cert8.db Object is locked skipped
C:\Users\PatG\AppData\Roaming\Mozilla\Firefox\Profiles\tt8fv8u5.default\history.dat Object is locked skipped
C:\Users\PatG\AppData\Roaming\Mozilla\Firefox\Profiles\tt8fv8u5.default\key3.db Object is locked skipped
C:\Users\PatG\AppData\Roaming\Mozilla\Firefox\Profiles\tt8fv8u5.default\parent.lock Object is locked skipped
C:\Users\PatG\AppData\Roaming\Mozilla\Firefox\Profiles\tt8fv8u5.default\search.sqlite Object is locked skipped
C:\Users\PatG\AppData\Roaming\Mozilla\Firefox\Profiles\tt8fv8u5.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\PatG\ntuser.dat Object is locked skipped
C:\Users\PatG\ntuser.dat.LOG1 Object is locked skipped
C:\Users\PatG\ntuser.dat.LOG2 Object is locked skipped
C:\Users\PatG\ntuser.dat{f24fecd2-abb5-11dc-bdaf-98ae95c4fce8}.TM.blf Object is locked skipped
C:\Users\PatG\ntuser.dat{f24fecd2-abb5-11dc-bdaf-98ae95c4fce8}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\PatG\ntuser.dat{f24fecd2-abb5-11dc-bdaf-98ae95c4fce8}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Public\Videos\Sample Videos\desktop.ini Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{a7bdf3e5-6a85-11db-b5ae-f1534be43d84}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{a7bdf3e5-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{a7bdf3e5-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f24fecce-abb5-11dc-bdaf-98ae95c4fce8}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f24fecce-abb5-11dc-bdaf-98ae95c4fce8}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f24fecce-abb5-11dc-bdaf-98ae95c4fce8}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{4952E466-3BED-4521-9207-2D36D69EA427}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\aWOGASlJ.dll Infected: Trojan.Win32.Monder.dg skipped
C:\Windows\System32\awTnmnOF.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\awtqnkhe.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\byXPJYop.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\cbXRHxYR.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\ddcDuTLC.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\ddCusrqq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\efcDVmmN.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\efcYQJcY.dll Infected: Trojan.Win32.Monder.gen skipped
Scan was interrupted by user!

~~~~

Deckard's System Scanner v20071014.68
Run by PatG on 2008-05-10 19:04:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-05-10 17:57:38 UTC - RP350 - Removed Ad-Aware 2007
7: 2008-05-10 16:54:27 UTC - RP348 - Windows Update
6: 2008-05-10 02:36:20 UTC - RP346 - Scheduled Checkpoint
5: 2008-05-06 21:23:49 UTC - RP344 - Scheduled Checkpoint
4: 2008-05-06 04:05:51 UTC - RP342 - Removed Diskeeper 2008 Pro Premier.


-- First Restore Point --
1: 2008-05-06 02:09:58 UTC - RP336 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as PatG.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:55 PM, on 5/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\PatG\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\PatG.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcYQJcY.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\PatG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7535 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
R0 nvstor64 - c:\windows\system32\drivers\nvstor64.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 SI3132 (SiI-3132 SATALink Controller) - c:\windows\system32\drivers\si3132.sys (file missing)
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys (file missing)
R0 SiRemFil (SATALink External Device Filter) - c:\windows\system32\drivers\siremfil.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (Dfs Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
R3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
R3 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys (file missing)
R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvmfdx64.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
R3 PdiPorts (Portrait Displays low level device driver) - c:\windows\system32\drivers\pdiports.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
S1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
S2 22462 - c:\windows\system32\22462.sys (file missing)
S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys (file missing)
S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing)
S3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing)
S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 RT61 (Ralink Wireless Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
S3 rt61x64 (Ralink RT61 Wireless Driver for Windows Vista) - c:\windows\system32\drivers\netr6164.sys (file missing)
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 WinUsb (WinUSB Driver) - c:\windows\system32\drivers\winusb.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 SBSDWSCService (SBSD Security Center Service) - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R2 StarWindServiceAE (StarWind AE Service) - c:\program files (x86)\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
R3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)

S? PerfHost -
S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S4 Apple Mobile Device - "c:\program files (x86)\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Creative ALchemy AL1 Licensing Service - "c:\program files (x86)\common files\creative labs shared\service\al1licensing.exe" <Not Verified; Creative Labs; Creative ALchemy AL1 Licensing Service>
S4 DTSRVC (Portrait Displays Display Tune Service) - c:\program files (x86)\common files\portrait displays\shared\dtsrvc.exe
S4 nHancer (nHancer Support) - "c:\program files\nhancer\nhancerservice.exe" <Not Verified; KSE - Kornd÷rfer Software Engineering; nHancer>
S4 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Ralink RT61 Turbo Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&32C2FC60&0&4070
Manufacturer: Ralink Technology Corp.
Name: Ralink RT61 Turbo Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&32C2FC60&0&4070
Service: rt61x64

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&88
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&88
Service: NVENETFD

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp


-- Scheduled Tasks -------------------------------------------------------------

2008-05-10 00:13:28 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{652FE64E-7FAF-4124-BF13-3DF650549CF3}.job


-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 18:53:51 277504 --a------ C:\Windows\system32\qoMdEULF.dll
2008-05-10 17:53:50 277504 --a------ C:\Windows\system32\byXRhIAT.dll
2008-05-10 16:53:49 277504 --a------ C:\Windows\system32\geBrqomk.dll
2008-05-10 15:53:48 277504 --a------ C:\Windows\system32\qoMcbxXR.dll
2008-05-10 15:16:24 0 d-------- C:\Windows\nvtmpinst
2008-05-10 14:57:13 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-10 14:53:46 277504 --a------ C:\Windows\system32\iifeeFWo.dll
2008-05-10 14:48:11 45568 --a------ C:\Windows\system32\efcYQJcY.dll
2008-05-10 14:23:57 0 d-------- C:\Program Files (x86)\Trend Micro
2008-05-10 13:52:57 277504 --a------ C:\Windows\system32\xxYOecaW.dll
2008-05-10 12:52:54 277504 --a------ C:\Windows\system32\opnKEWqP.dll
2008-05-10 00:16:24 275968 --a------ C:\Windows\system32\wvUoOFUO.dll
2008-05-09 23:16:23 275968 --a------ C:\Windows\system32\tuvUNghg.dll
2008-05-09 22:16:27 275968 --a------ C:\Windows\system32\urQgGXqr.dll
2008-05-09 21:16:21 275968 --a------ C:\Windows\system32\vTLcYopQ.dll
2008-05-09 20:16:20 275968 --a------ C:\Windows\system32\fcCusTLE.dll
2008-05-09 19:16:19 275968 --a------ C:\Windows\system32\aWOGASlJ.dll
2008-05-09 18:16:18 275968 --a------ C:\Windows\system32\wvUnMfgH.dll
2008-05-09 17:16:17 275968 --a------ C:\Windows\system32\vTLeFuTm.dll
2008-05-08 23:34:24 274944 --a------ C:\Windows\system32\yayxxyVM.dll
2008-05-08 02:10:24 281088 --a------ C:\Windows\system32\xxyvutTn.dll
2008-05-08 01:10:22 281088 --a------ C:\Windows\system32\ljJYOhIB.dll
2008-05-08 00:10:21 281088 --a------ C:\Windows\system32\nnnnLbCs.dll
2008-05-07 23:10:20 281088 --a------ C:\Windows\system32\ddcDuTLC.dll
2008-05-07 22:10:18 281088 --a------ C:\Windows\system32\cbXRHxYR.dll
2008-05-07 21:10:20 281088 --a------ C:\Windows\system32\awtqnkhe.dll
2008-05-07 20:10:17 281088 --a------ C:\Windows\system32\ljJBsQhe.dll
2008-05-07 00:56:58 281600 --a------ C:\Windows\system32\yaywwVLe.dll
2008-05-06 23:56:57 281600 --a------ C:\Windows\system32\lJaxXpNd.dll
2008-05-06 22:56:56 281600 --a------ C:\Windows\system32\awTnmnOF.dll
2008-05-06 21:56:55 281600 --a------ C:\Windows\system32\iiFyvtTj.dll
2008-05-06 20:21:40 281600 --a------ C:\Windows\system32\xxyxXRlJ.dll
2008-05-06 19:21:39 281600 --a------ C:\Windows\system32\byXPJYop.dll
2008-05-06 16:52:51 281600 --a------ C:\Windows\system32\ddCusrqq.dll
2008-05-06 15:52:51 281600 --a------ C:\Windows\system32\ssqNFuvs.dll
2008-05-05 23:49:11 45568 --a------ C:\Windows\system32\efcDVmmN.dll
2008-05-05 22:08:45 28560 --ahs---- C:\Windows\system32\OWDgPqru.ini2
2008-05-05 12:44:47 0 d-------- C:\Windows\system32\Shell128SDK
2008-04-25 15:49:52 56832 --a------ C:\Windows\system32\Iyvu9_32.dll
2008-04-25 15:49:52 144384 --a------ C:\Windows\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo« audio software>
2008-04-25 15:49:51 0 d-------- C:\Program Files (x86)\Intel
2008-04-25 15:37:34 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield« unInstaller>
2008-04-25 15:08:49 0 d-------- C:\Program Files (x86)\CAPCOM
2008-04-15 23:41:24 0 d-------- C:\Program Files (x86)\Avernum Demo


-- Find3M Report ---------------------------------------------------------------

2008-05-10 14:28:50 0 d-------- C:\Users\PatG\AppData\Roaming\Azureus
2008-05-10 13:59:26 0 d-------- C:\Program Files (x86)\UnZixWin
2008-05-10 13:58:02 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-05-09 21:20:02 0 d-------- C:\Program Files (x86)\a-squared Free
2008-05-05 21:00:57 0 d-------- C:\Program Files (x86)\Google
2008-04-26 21:20:42 174 --ahs---- C:\Program Files (x86)\desktop.ini
2008-04-26 21:11:23 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-04-26 21:11:23 0 d-------- C:\Program Files (x86)\Windows Photo Gallery
2008-04-26 21:11:23 0 d-------- C:\Program Files (x86)\Windows Mail
2008-04-26 21:11:23 0 d-------- C:\Program Files (x86)\Windows Collaboration
2008-04-26 21:11:23 0 d-------- C:\Program Files (x86)\Windows Calendar
2008-04-26 21:11:22 0 d-------- C:\Program Files (x86)\Windows Defender
2008-04-17 00:05:33 0 d-------- C:\Program Files (x86)\Azureus
2008-04-15 23:41:19 286720 --a------ C:\Windows\iun504.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-04-14 17:23:31 0 d-------- C:\Program Files (x86)\Winamp
2008-04-14 17:21:54 0 d-------- C:\Users\PatG\AppData\Roaming\Winamp
2008-04-07 02:12:41 2535 --a------ C:\Windows\unins000.dat
2008-04-07 02:12:03 691545 --a------ C:\Windows\unins000.exe
2008-04-02 18:31:37 341 --a------ C:\Windows\system32\(null)id
2008-04-02 03:51:42 0 d-------- C:\Program Files (x86)\âuâőü[âÇânâôâhâő
2008-04-02 03:37:02 0 d-------- C:\Program Files (x86)\Alcohol Soft
2008-03-28 19:09:54 0 d-------- C:\Program Files (x86)\Geneforge
2008-03-28 00:55:46 48456 --a------ C:\Windows\system32\UninstallElectricSheep.exe
2008-03-26 20:14:35 0 d-------- C:\Users\PatG\AppData\Roaming\Real
2008-03-26 14:34:19 0 d-------- C:\Program Files (x86)\Common Files
2008-03-26 14:34:19 0 d-------- C:\Program Files (x86)\Common Files\xing shared
2008-03-26 14:34:13 0 d-------- C:\Program Files (x86)\Common Files\Real
2008-03-21 14:03:48 19 --a------ C:\Windows\popcinfo.dat
2008-03-21 11:08:04 0 d-------- C:\Users\PatG\AppData\Roaming\Skype
2008-03-21 09:38:25 0 d-------- C:\Users\PatG\AppData\Roaming\LimeWire
2008-03-21 09:30:02 0 d-------- C:\Users\PatG\AppData\Roaming\skypePM
2008-03-20 10:16:02 0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-03-18 22:03:57 0 d-------- C:\Program Files (x86)\Spiderweb Software
2008-03-18 22:03:16 0 d-------- C:\Users\PatG\AppData\Roaming\Downloaded Installations
2008-03-18 21:58:17 0 d-------- C:\Program Files (x86)\Geneforge 3
2008-03-18 21:55:58 0 d-------- C:\Program Files (x86)\Geneforge 2
2008-03-13 15:45:04 0 d-------- C:\Program Files (x86)\Trillian
2008-03-08 14:14:44 774144 --a------ C:\Program Files (x86)\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8118 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-10 19:10:27 ------------



Thanks in Advance. o um..Extra log ......Attached File  extra.txt   28.51KB   41 downloads

BC AdBot (Login to Remove)

 


#2 xyerx121pl

xyerx121pl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 10 May 2008 - 08:12 PM

Ok anyhow, I've updated spybot, scanned and detected virtumonde.dll about 32 files worth, deleted that. I'll do an avg scan right now, rerun spybot again and restart. I'll let you know if I'm still getting that pop up of MSServer.

here's updated log of DSS after running spybot. Attached File  main.txt   36.98KB   40 downloads

#3 xyerx121pl

xyerx121pl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 10 May 2008 - 10:29 PM

OK.. AVG removed a couple of threats some vondo thing and other misc...spybot ran again and all clear. no more spybot notification.

You guys can close this thread. umm.. thx for the help..hehehe

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 17 May 2008 - 05:40 AM

Since this issue appears to be resolved, this topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users