Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32Backdoor.TDSS


  • This topic is locked This topic is locked
5 replies to this topic

#1 Scoundrel

Scoundrel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:London, England
  • Local time:11:13 AM

Posted 30 March 2009 - 05:08 AM

Hi,

I have Ad-Aware 2009AE installed and have suffered recent infections from malware. The latest resulting in an inability to install the HJT installer and most anti-malware software.

I managed to get it to a state where I could install Ad-Aware 2009 and ran it. AA cleaned a couple of Vundo variants and then reported a Win32Backdoor.TDSS infection. I selected for AA to first try quarantining the infected files, then to try deleting it. Neither worked and it still reports an infection.

There is no evidence of the files existing in the location that AA reports, as either hidden, system files or visible files. Because of this, I'm not sure that there actually is an infection.

Anyway, I've attached the DDS.txt log file, below, as requested.

Hope you can help.

Regards,

Mark

**** Begin dds.txt Log ****

DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark S Hurst at 15:39:43.37 on 27/03/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1425 [GMT 0:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Mark S Hurst\Application Data\Transcend\JFSW2\JFSW2Launch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\Security\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uWindow Title =
mWindow Title =
uInternet Settings,ProxyServer = wtd.hpg.ime.reuters.com:80
uInternet Settings,ProxyOverride = utn*;132.5.*;*.reuters.com;*.thomsonreuters.com;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Steam] "c:\program files - games\steam\Steam.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [igndlm.exe] c:\program files - games\ign\download manager\dlm.exe /windowsstart /startifwork
uRun: [PlayNC Launcher] c:\program files - games\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [JFSW2Launch] c:\documents and settings\mark s hurst\application data\transcend\jfsw2\JFSW2Launch.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] "c:\program files\realtek\installshield\AzMixerSel.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe"
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [Acer ePower Management] "c:\acer\empowering technology\epower\Acer ePower Management.exe" boot
mRun: [LManager] "c:\program files\launch manager\LManager.exe"
mRun: [eRecoveryService] "c:\acer\empowering technology\erecovery\Monitor.exe"
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Omnipage] "c:\program files\scansoft\omnipagepro11.0\opware32.exe"
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Maplom] c:\program files - games\maplom\GameJackal.exe /silent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\marksh~1\startm~1\programs\startup\gameja~1.lnk - c:\program files - games\maplom\GameJackal.exe
StartupFolder: c:\docume~1\marksh~1\startm~1\programs\startup\INTERN~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remap.lnk - c:\windows\pserve.cmd
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! widget engine\YahooWidgetEngine.exe
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
DPF: iLO Remote Console Applet - hxxps://utn000502/dvc.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} - hxxps://commandcenter/CommandCenterWeb/getApplication.do?ApplicationId=1&ccsessionid=
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1227708965546
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39054.6589699074
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - hxxp://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
TCP: {77D0610E-D06F-41D2-85C5-73AA442A7699} = 192.168.2.1
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-27 64160]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 tffsport;M-Systems PCMCIA Flash Card;c:\windows\system32\drivers\tffsport.sys [2007-4-18 149376]
R1 CARDFONE;CARDFONE;c:\windows\system32\drivers\CARDFONE.sys [2005-11-23 11162]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-11-23 12106]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\microsoft virtual cd control panel\VCdRom.sys [2001-12-19 8576]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-11-23 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-11-23 78208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-24 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-11-23 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-11-23 4010]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\metaboli player\X4HSX32Ex.sys [2008-5-24 29856]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [1980-1-1 678144]
R3 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-6 1314816]
R3 CCSERMU;CCSERMU;c:\windows\system32\drivers\ccsermu.sys [2005-12-19 82560]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-10-26 40072]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-24 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-24 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-24 168776]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-11-23 4392]
S2 asc3550p;asc3550p; [x]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [2005-7-29 480512]
S3 CA500AI;D-Link, WDM Still Image Capture, Version 1.00;c:\windows\system32\drivers\minbulk.sys [2006-10-25 10810]
S3 CA500AV;D-Link, WDM Video Capture;c:\windows\system32\drivers\CA500AV.SYS [2006-10-25 148385]
S3 DNADownloader;DNADownloader;c:\program files\gamespot\DownloadManager_Win32.exe [2007-7-10 708608]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 Freeloader Subscription Service;Freeloader Subscription Service;c:\program files\common files\freeloader shared\service\Freeloader Subscription Service File.exe [2006-5-11 68096]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [2004-9-20 71272]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2007-4-18 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\drivers\TPPFX.SYS [2006-3-25 32256]
S3 VLAN;Virtual Lan Kernel Driver;c:\windows\system32\drivers\vlan.sys [2003-12-12 25824]
S3 wzdftpd;wzdftpd;c:\program files\wzdftpd\wzdftpd.exe -f "c:\program files\wzdftpd\wzd.cfg" -service --> c:\program files\wzdftpd\wzdftpd.exe -f c:\program files\wzdftpd\wzd.cfg [?]
S4 Audsuc;Audsuc; [x]
S4 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-9 33752]

=============== Created Last 30 ================

2009-03-27 10:44 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-27 02:37 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-27 02:37 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-27 02:37 <DIR> --d----- c:\program files\Lavasoft
2009-03-26 15:54 <DIR> --d----- C:\Lop SD
2009-03-26 14:00 <DIR> --d----- c:\docume~1\marksh~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-19 03:56 30,880 a------- c:\windows\system32\drivers\lgmqfcye.sys
2009-03-14 03:38 <DIR> -cd----- c:\temp\scummvm-wince
2009-03-12 03:19 <DIR> --d----- c:\program files\Visual Assist 6.0
2009-03-12 02:50 <DIR> --d----- c:\program files\MUSICMATCH
2009-03-03 16:27 <DIR> --d----- c:\docume~1\marksh~1\applic~1\Unity
2009-03-03 15:14 <DIR> --d----- c:\program files\Unity
2009-03-03 15:12 <DIR> --d----- c:\program files\OneGlobalConnect

==================== Find3M ====================

2009-02-12 03:51 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-12 03:51 22,328 a------- c:\docume~1\marksh~1\applic~1\PnkBstrK.sys
2009-02-12 03:51 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-02-12 03:51 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-15 02:17 636,264 a------- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 02:17 392,040 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 02:13 5,888,512 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 02:12 10,963,968 a------- c:\windows\system32\dllcache\ieframe.dll
2009-01-15 02:06 1,182,720 a------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 02:06 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 02:06 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 02:05 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-01-15 02:05 109,056 a------- c:\windows\system32\dllcache\occache.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 02:04 755,200 a------- c:\windows\system32\dllcache\VGX.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-01-15 02:04 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 02:02 1,975,296 a------- c:\windows\system32\dllcache\iertutil.dll
2009-01-15 02:02 593,920 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 02:02 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-01-15 02:01 183,808 a------- c:\windows\system32\dllcache\iepeers.dll
2009-01-15 02:01 59,904 a------- c:\windows\system32\dllcache\icardie.dll
2009-01-15 02:01 54,272 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 02:01 348,160 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 02:01 46,592 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 02:01 216,064 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 02:01 66,560 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:00 45,568 a------- c:\windows\system32\dllcache\mshta.exe
2009-01-15 01:53 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-01-15 01:35 445,440 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-15 00:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-14 05:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-14 04:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-14 04:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-14 04:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-14 04:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-14 04:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-14 04:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-14 03:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-14 03:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-14 03:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-14 03:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-14 03:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-14 02:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-13 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-11-12 11:06 66,360 a------- c:\documents and settings\mark s hurst\g2ax_customer_downloadhelper_win32_x86.exe
2008-04-28 08:29 3,902,784 a------- c:\documents and settings\mark s hurst\gosetup.exe
2007-09-18 16:29 92,064 a------- c:\documents and settings\mark s hurst\mqdmmdm.sys
2007-09-18 16:29 79,328 a------- c:\documents and settings\mark s hurst\mqdmserd.sys
2007-09-18 16:29 66,656 a------- c:\documents and settings\mark s hurst\mqdmbus.sys
2007-09-18 16:29 25,600 a------- c:\documents and settings\mark s hurst\usbsermptxp.sys
2007-09-18 16:29 22,768 a------- c:\documents and settings\mark s hurst\usbsermpt.sys
2007-09-18 16:29 9,232 a------- c:\documents and settings\mark s hurst\mqdmmdfl.sys
2007-09-18 16:29 6,208 a------- c:\documents and settings\mark s hurst\mqdmcmnt.sys
2007-09-18 16:29 5,936 a------- c:\documents and settings\mark s hurst\mqdmwhnt.sys
2007-09-18 16:29 4,048 a------- c:\documents and settings\mark s hurst\mqdmcr.sys
2007-06-27 15:07 774,144 a------- c:\program files\RngInterstitial.dll
2007-04-04 09:38 722,176 a------- c:\documents and settings\mark s hurst\gotomypc_428.exe
2007-03-31 03:01 87,608 a------- c:\docume~1\marksh~1\applic~1\ezpinst.exe
2007-03-31 03:01 47,360 a------- c:\docume~1\marksh~1\applic~1\pcouffin.sys
2006-03-13 17:47 212 a------- c:\documents and settings\mark s hurst\TNSIPINFO.cmd
2005-07-14 19:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll
2008-09-09 02:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 15:40:45.00 ===============
Mark S Hurst
"The Scoundrel"

http://www.linkedin.com/in/markshurst

BC AdBot (Login to Remove)

 


#2 Scoundrel

Scoundrel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:London, England
  • Local time:11:13 AM

Posted 30 March 2009 - 06:14 PM

Oops! Wrong attachment.

Here's the right one.

Attached Files


Mark S Hurst
"The Scoundrel"

http://www.linkedin.com/in/markshurst

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:13 AM

Posted 07 April 2009 - 05:35 PM

Hello,

I apologize for the delay in response, we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know. As its been a while since you posted your log, I will need an updated one.

Please take a look at the Preparation Guide for a download link to DDS and instructions on how you should ask for help.

Thanks and again sorry for the delay.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#4 Scoundrel

Scoundrel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:London, England
  • Local time:11:13 AM

Posted 08 April 2009 - 07:30 PM

Hi Jat,

The problem is still showing up in Ad-Aware.

I have attached the required file and included the DDS.txt file, below.

Hope you can help.

Regards,

Mark


DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark S Hurst at 1:24:09.12 on 09/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1231 [GMT 1:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Mark S Hurst\Application Data\Transcend\JFSW2\JFSW2Launch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Mark S Hurst\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3424.31\MoeMonitor.exe
C:\Documents and Settings\Mark S Hurst\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark S Hurst\Desktop\Security\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uWindow Title =
mWindow Title =
uInternet Settings,ProxyServer = wtd.hpg.ime.reuters.com:80
uInternet Settings,ProxyOverride = utn*;132.5.*;*.reuters.com;*.thomsonreuters.com;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Steam] "c:\program files - games\steam\Steam.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [igndlm.exe] c:\program files - games\ign\download manager\dlm.exe /windowsstart /startifwork
uRun: [PlayNC Launcher] c:\program files - games\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [JFSW2Launch] c:\documents and settings\mark s hurst\application data\transcend\jfsw2\JFSW2Launch.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MoeMonitor.exe] "c:\documents and settings\mark s hurst\local settings\application data\microsoft\live mesh\bin\servicing\0.9.3424.31\MoeMonitor.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] "c:\program files\realtek\installshield\AzMixerSel.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe"
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [Acer ePower Management] "c:\acer\empowering technology\epower\Acer ePower Management.exe" boot
mRun: [LManager] "c:\program files\launch manager\LManager.exe"
mRun: [eRecoveryService] "c:\acer\empowering technology\erecovery\Monitor.exe"
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Omnipage] "c:\program files\scansoft\omnipagepro11.0\opware32.exe"
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Maplom] c:\program files - games\maplom\GameJackal.exe /silent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\marksh~1\startm~1\programs\startup\gameja~1.lnk - c:\program files - games\maplom\GameJackal.exe
StartupFolder: c:\docume~1\marksh~1\startm~1\programs\startup\INTERN~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remap.lnk - c:\windows\pserve.cmd
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! widget engine\YahooWidgetEngine.exe
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: iLO Remote Console Applet - hxxps://utn000502/dvc.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} - hxxps://commandcenter/CommandCenterWeb/getApplication.do?ApplicationId=1&ccsessionid=
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1227708965546
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39054.6589699074
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - hxxp://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
TCP: {77D0610E-D06F-41D2-85C5-73AA442A7699} = 192.168.2.1
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-27 64160]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 tffsport;M-Systems PCMCIA Flash Card;c:\windows\system32\drivers\tffsport.sys [2007-4-18 149376]
R1 CARDFONE;CARDFONE;c:\windows\system32\drivers\CARDFONE.sys [2005-11-23 11162]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-11-23 12106]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\microsoft virtual cd control panel\VCdRom.sys [2001-12-19 8576]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-11-23 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-11-23 78208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-24 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-11-23 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-11-23 4010]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2009-4-2 42304]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\metaboli player\X4HSX32Ex.sys [2008-5-25 29856]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [1980-1-1 678144]
R3 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-6 1314816]
R3 CCSERMU;CCSERMU;c:\windows\system32\drivers\ccsermu.sys [2005-12-19 82560]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-10-26 40072]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-24 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-24 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-24 168776]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-11-23 4392]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-4-2 9024]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-4-2 19392]
S2 asc3550p;asc3550p; [x]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [2005-7-29 480512]
S3 CA500AI;D-Link, WDM Still Image Capture, Version 1.00;c:\windows\system32\drivers\minbulk.sys [2006-10-25 10810]
S3 CA500AV;D-Link, WDM Video Capture;c:\windows\system32\drivers\CA500AV.SYS [2006-10-25 148385]
S3 DNADownloader;DNADownloader;c:\program files\gamespot\DownloadManager_Win32.exe [2007-7-10 708608]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 Freeloader Subscription Service;Freeloader Subscription Service;c:\program files\common files\freeloader shared\service\Freeloader Subscription Service File.exe [2006-5-11 68096]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [2004-9-20 71272]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2007-4-18 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\drivers\TPPFX.SYS [2006-3-25 32256]
S3 VLAN;Virtual Lan Kernel Driver;c:\windows\system32\drivers\vlan.sys [2003-12-12 25824]
S4 Audsuc;Audsuc; [x]
S4 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-9 33752]

=============== Created Last 30 ================

2009-04-09 00:48 152 a---h--- C:\aaw7boot.cmd
2009-04-08 03:12 <DIR> -cd-h--- c:\windows\ie8
2009-04-02 23:33 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-02 16:36 118,736 a------- c:\windows\system32\rdpdispd.dll
2009-04-02 16:36 19,392 a------- c:\windows\system32\drivers\rdpvmp.sys
2009-04-02 16:36 15,696 a------- c:\windows\system32\rdpvdd.dll
2009-04-02 16:36 9,024 a------- c:\windows\system32\drivers\rdpdispm.sys
2009-04-02 16:35 <DIR> --d----- c:\program files\Live Mesh
2009-03-30 12:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-30 12:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-27 11:44 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-27 03:37 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-27 03:37 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-27 03:37 <DIR> --d----- c:\program files\Lavasoft
2009-03-26 16:54 <DIR> --d----- C:\Lop SD
2009-03-26 15:00 <DIR> --d----- c:\docume~1\marksh~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-19 04:56 30,880 a------- c:\windows\system32\drivers\lgmqfcye.sys
2009-03-14 04:38 <DIR> -cd----- c:\temp\scummvm-wince
2009-03-12 04:19 <DIR> --d----- c:\program files\Visual Assist 6.0
2009-03-12 03:50 <DIR> --d----- c:\program files\MUSICMATCH

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-24 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 20:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-12 04:51 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-12 04:51 22,328 a------- c:\docume~1\marksh~1\applic~1\PnkBstrK.sys
2009-02-12 04:51 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-02-12 04:51 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 12:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-14 06:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-14 05:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-14 05:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-14 05:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-14 05:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-14 05:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-14 05:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-14 05:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-14 05:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-14 05:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-14 05:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-14 05:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-14 05:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-14 05:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-14 05:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-14 05:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-14 04:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-14 04:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-14 04:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-14 04:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-14 04:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-14 04:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-14 03:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-14 03:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-14 03:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-13 22:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-11-12 12:06 66,360 a------- c:\documents and settings\mark s hurst\g2ax_customer_downloadhelper_win32_x86.exe
2008-04-28 09:29 3,902,784 a------- c:\documents and settings\mark s hurst\gosetup.exe
2007-09-18 17:29 92,064 a------- c:\documents and settings\mark s hurst\mqdmmdm.sys
2007-09-18 17:29 79,328 a------- c:\documents and settings\mark s hurst\mqdmserd.sys
2007-09-18 17:29 66,656 a------- c:\documents and settings\mark s hurst\mqdmbus.sys
2007-09-18 17:29 25,600 a------- c:\documents and settings\mark s hurst\usbsermptxp.sys
2007-09-18 17:29 22,768 a------- c:\documents and settings\mark s hurst\usbsermpt.sys
2007-09-18 17:29 9,232 a------- c:\documents and settings\mark s hurst\mqdmmdfl.sys
2007-09-18 17:29 6,208 a------- c:\documents and settings\mark s hurst\mqdmcmnt.sys
2007-09-18 17:29 5,936 a------- c:\documents and settings\mark s hurst\mqdmwhnt.sys
2007-09-18 17:29 4,048 a------- c:\documents and settings\mark s hurst\mqdmcr.sys
2007-06-27 16:07 774,144 a------- c:\program files\RngInterstitial.dll
2007-04-04 10:38 722,176 a------- c:\documents and settings\mark s hurst\gotomypc_428.exe
2007-03-31 04:01 87,608 a------- c:\docume~1\marksh~1\applic~1\ezpinst.exe
2007-03-31 04:01 47,360 a------- c:\docume~1\marksh~1\applic~1\pcouffin.sys
2006-03-13 18:47 212 a------- c:\documents and settings\mark s hurst\TNSIPINFO.cmd
2005-07-14 20:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll
2008-09-09 03:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 1:25:47.57 ===============

Attached Files


Mark S Hurst
"The Scoundrel"

http://www.linkedin.com/in/markshurst

#5 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:13 AM

Posted 09 April 2009 - 06:40 AM

Hello,

If it is indeed TDSS, then we will need to perform a rootkit scan.

Gmer

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:13 AM

Posted 13 April 2009 - 05:32 AM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users