Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Dropper/SYS-NV/ Computer 2


  • This topic is locked This topic is locked
20 replies to this topic

#1 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 18 April 2009 - 09:11 AM

Hello-- Thanks in advance for your time and help. SAS keeps detecting "Trojan.Dropper/SYS.NV". After cleaning with SAS and rebooting the trojan just keeps reappearing in the SAS scan. I attached a DDS log as your forum instructions request. Thnaks for any help you can provide.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Chris at 8:52:07.22 on Sat 04/18/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2375 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
FW: Bitdefender Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Launch-n-Go\HotKey.exe
C:\Program Files\Launch-n-Go\HotKey.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\IDrive\IDriveE Service.exe
C:\IDrive\IDriveWebM.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Windows\System32\svchost.exe -kbdx
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\hp\kbd\kbd.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Folder Lock 6\Folder Lock 6.exe
C:\Users\Chris\Desktop\Maintenance\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~1\fvbho140.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Actual Window Minimizer] "c:\program files\actual window minimizer\ActualWindowMinimizerCenter.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2008\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2008\bdagent.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\launch-n-go\HotKey.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\securenet.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/oneclickfix/tgctlsr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\trecl8x0.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-16 64160]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-3-20 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-2-4 971552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2009-3-21 135168]
R2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2009-3-21 106496]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\smith micro\stuffit11\ArcNameService.exe [2007-10-8 157000]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-4 86792]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2008\SecureSrv.exe [2009-3-25 110880]
R3 WmaCAudio;WmaCAudio;c:\windows\system32\drivers\WmaCAudio.sys [2009-4-1 23096]
R3 WmaCVideo;WmaCVideo;c:\windows\system32\drivers\WmaCVideo.sys [2009-4-1 3768]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-4-1 237568]

=============== Created Last 30 ================

2009-04-18 08:48 180,224 a------- c:\windows\system32\WinVd32.sys
2009-04-18 08:48 16,896 a------- c:\windows\system32\WinFl32.sys
2009-04-16 18:05 50,688 a------- c:\program files\ATF-Cleaner.exe
2009-04-15 18:25 13,628,656 a------- c:\program files\launch.exe
2009-04-14 18:08 <DIR> --d----- c:\users\chris\DoctorWeb
2009-04-14 17:50 <DIR> a-dshr-- C:\autorun.inf
2009-04-12 08:30 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-12 08:30 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-12 08:29 <DIR> --d----- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2009-04-12 08:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-12 08:28 6,237,728 a------- c:\program files\SUPERAntiSpyware.exe
2009-04-09 10:32 <DIR> --d----- c:\programdata\WindowsSearch
2009-04-09 09:33 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-09 09:33 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-09 09:32 <DIR> --d----- c:\program files\iPod
2009-04-09 09:32 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 09:32 <DIR> --d----- c:\program files\iTunes
2009-04-09 09:32 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 09:05 <DIR> --d----- c:\users\chris\{49966ae3-288d-4786-a465-f83569feca11}
2009-04-07 11:34 <DIR> --d----- c:\users\chris\appdata\roaming\Printer Info Cache
2009-04-06 11:45 <DIR> --d----- C:\VundoFix Backups
2009-04-05 17:29 318,976 a------- c:\windows\system32\cmd.execf
2009-04-05 10:15 <DIR> --d----- c:\program files\WinMerge
2009-04-05 10:14 3,173,554 a------- c:\program files\WinMerge-2.12.2-Setup.exe
2009-04-04 13:00 1,615,732 a------- c:\program files\ProcessnExplorer.zip
2009-04-03 16:06 <DIR> --d----- c:\program files\Trend Micro
2009-04-03 16:06 812,344 a------- c:\program files\Hijackthis.exe
2009-04-03 16:04 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2009-04-03 16:04 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-03 16:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 16:04 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-03 16:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 16:04 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-03 16:04 2,906,216 a------- c:\program files\Malware Bytes.exe
2009-04-03 15:35 <DIR> --d----- c:\users\chris\appdata\roaming\GetRightToGo
2009-04-03 15:20 0 a------- c:\windows\system32\nfr.gpref
2009-04-03 15:09 3,190,688 a------- c:\program files\CCleaner 2.18.878.exe
2009-04-03 15:08 0 a------- c:\windows\system32\nfr.assembly
2009-04-03 15:07 1 ----h--- c:\windows\f23567.dat
2009-04-02 09:49 <DIR> --d----- C:\~ERAFSWD.TMP
2009-04-02 09:05 <DIR> --d----- c:\program files\Folder Lock 6
2009-04-02 09:05 3,370,824 a------- c:\program files\Folder Lock 6.exe
2009-04-01 17:24 <DIR> --d----- c:\programdata\TechSmith
2009-04-01 17:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-01 17:21 27,902,256 a------- c:\program files\snagit.exe
2009-04-01 16:37 <DIR> --d----- C:\Garmin
2009-04-01 15:26 <DIR> --d----- c:\users\chris\appdata\roaming\GARMIN
2009-04-01 09:01 237,568 a------- c:\windows\system32\snmvtsvc.exe
2009-04-01 09:01 23,096 a------- c:\windows\system32\WmaCAudio.sys
2009-04-01 09:01 23,096 a------- c:\windows\system32\drivers\WmaCAudio.sys
2009-04-01 09:01 19,099 a------- c:\windows\system32\WmaCAudio.inf
2009-04-01 09:01 10,936 a------- c:\windows\system32\WmaCVideo.dll
2009-04-01 09:01 3,768 a------- c:\windows\system32\WmaCVideo.sys
2009-04-01 09:01 3,768 a------- c:\windows\system32\drivers\WmaCVideo.sys
2009-04-01 09:01 2,577 a------- c:\windows\system32\WmaCVideo.inf
2009-04-01 09:01 2,539 a------- c:\windows\system32\WmaCVideo.cat
2009-04-01 09:01 2,100 a------- c:\windows\system32\WmaCAudio.cat
2009-04-01 09:01 <DIR> --d----- c:\program files\WMAConvert
2009-04-01 08:52 16,458,736 a------- c:\program files\WMAConvert_3.8.0-Setup.exe
2009-03-27 11:29 <DIR> --d----- c:\program files\Konvertor
2009-03-27 11:25 21,612,168 a------- c:\program files\install_371beta3.exe
2009-03-27 11:06 <DIR> --d----- c:\program files\E-Book Systems
2009-03-27 11:06 <DIR> --d----- c:\programdata\EBookSys
2009-03-27 11:06 <DIR> --d----- c:\progra~2\EBookSys
2009-03-27 11:05 34,698,776 a------- c:\program files\fastd70.exe
2009-03-27 10:23 <DIR> --d----- c:\users\chris\appdata\roaming\EBookSys
2009-03-25 15:23 1,792,728 a------- c:\program files\VSDuplicateImageFinderFull.exe
2009-03-25 15:11 <DIR> --d----- c:\program files\Visual Similarity Duplicate Image Finder
2009-03-25 15:11 1,943,470 a------- c:\program files\Visual Similarity Duplicate Image Finder.exe
2009-03-25 13:09 <DIR> --d----- c:\users\chris\appdata\roaming\Actual Tools
2009-03-25 13:09 <DIR> --d----- c:\program files\Actual Window Minimizer
2009-03-25 13:07 3,883,316 a------- c:\program files\Actual Window Minimizer.exe
2009-03-25 10:57 <DIR> --d----- c:\program files\Hide My IP 2008
2009-03-25 10:57 1,201,532 a------- c:\program files\Hide My IP 2008.exe
2009-03-25 10:31 151,552 a------- c:\windows\system32\securenet.dll
2009-03-25 10:26 <DIR> --d----- c:\programdata\SMSI
2009-03-25 10:26 <DIR> --d----- c:\progra~2\SMSI
2009-03-25 10:26 <DIR> --d----- c:\program files\Smith Micro
2009-03-25 10:25 15,785,688 a------- c:\program files\StuffIt11.0.2.55.exe
2009-03-25 09:56 <DIR> --d----- C:\Converted
2009-03-21 07:27 225,280 a------- c:\windows\system32\IDrLocale.dll
2009-03-21 07:27 569,368 a------- c:\windows\system32\olelib.tlb
2009-03-21 07:27 22,212 a------- c:\windows\system32\olelib2.tlb
2009-03-21 07:27 3,841 a------- c:\windows\system32\server.pem
2009-03-21 07:27 1,019,904 a------- c:\windows\system32\IDriveEService.dll
2009-03-21 07:27 441,705 a------- c:\windows\system32\sqlite3.dll
2009-03-21 07:27 147,130 a------- c:\windows\system32\CRYPT32.LIB
2009-03-21 07:27 117,982 a------- c:\windows\system32\ADVAPI32.LIB
2009-03-21 07:27 20,480 a------- c:\windows\system32\IDriveEXceedCryReg.exe
2009-03-21 07:27 95 a------- c:\windows\system32\RegisterIDriveEDll.bat
2009-03-21 07:26 9,411,360 a------- c:\program files\IDriveSetup.exe
2009-03-20 17:38 134,272 a------- c:\windows\system32\drivers\snman380.sys
2009-03-20 17:30 92,641,944 a------- c:\program files\TrueImage2009.9709_s_en.exe

==================== Find3M ====================

2009-04-18 08:52 81,984 a------- c:\windows\system32\bdod.bin
2009-04-09 09:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-09 09:44 86,016 a------- c:\windows\inf\infstor.dat
2009-04-09 09:44 51,200 a------- c:\windows\inf\infpub.dat
2009-04-09 09:31 74,302,760 a------- c:\program files\iTunesSetup.exe
2009-03-26 18:48 452 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2009-03-20 17:39 971,552 a------- c:\windows\system32\drivers\tdrpm174.sys
2009-03-20 17:38 540,000 a------- c:\windows\system32\drivers\timntr.sys
2009-03-16 08:32 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-16 08:31 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-15 08:54 6,692,753 a------- c:\program files\Setup_FreeConverter.exe
2009-03-15 08:03 52,673,608 a------- c:\program files\AVS Video Conveter.exe
2009-03-11 09:09 3,371,536 a------- c:\program files\folder-lock-dn.exe
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-04 17:26 1,345,024 a------- c:\program files\Irfanview.exe
2009-03-04 12:56 8,562,411 a------- c:\program files\PDF Editor Setup.exe
2009-03-04 10:26 251,494,031 a------- c:\program files\Paperport 11 By Nuance.zip
2009-03-03 09:15 2,577,336 a------- c:\program files\FxFotoSetup.exe
2009-03-02 17:08 819,712 a------- c:\program files\FreeISOBurner.exe
2009-03-02 16:54 789,504 a------- c:\program files\ISORecorder31x86.msi
2009-03-02 10:34 554,899 a------- c:\program files\ResHack.zip
2009-03-02 09:23 34,543,112 a------- c:\program files\Ad Ware Anniversary Edition 8.0.exe
2009-03-02 09:13 3,184,816 a------- c:\program files\CCleaner 2.17.853.exe
2009-02-21 10:17 453,824 a------- c:\program files\biosagentplus_28.exe
2009-02-21 10:17 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-02-19 15:46 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-02-19 14:40 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-16 15:50 34,031,720 a------- c:\program files\Google Sketch Up Setup.exe
2009-02-15 21:32 1,769,689 a------- c:\program files\We Print for iPhone Vista 2.0 Setup.exe
2009-02-14 18:15 1,109,580 a------- c:\program files\Effective File Search Setup.zip
2009-02-13 08:34 7,521,112 a------- c:\program files\Firefox Setup 3.0.6.exe
2009-02-13 07:30 131,072 a------- c:\program files\Boot Timer Setup.exe
2009-02-13 06:34 1,418,282 a------- c:\program files\Quick StartUp.exe
2009-02-13 06:19 21,806,256 a------- c:\program files\AdbeRdr813_en_US.exe
2009-02-13 05:44 543,704 a------- c:\program files\Secunia PSI Setup.exe
2009-02-11 09:15 2,713,574 a------- c:\program files\Launch-n-Go-setup250.exe
2009-02-09 11:18 4,865,408 a------- c:\program files\Silverlight(Netflix Media Player).2.0.exe
2009-02-09 00:36 174 a--sh--- c:\program files\desktop.ini
2009-02-09 00:26 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-09 00:13 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-02-09 00:13 82,432 a------- c:\windows\system32\axaltocm.dll
2009-02-08 22:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 13:07 2,995,357 a------- c:\program files\PC Wizard.exe
2009-02-06 00:57 7,068,856 a------- c:\program files\Eraser586_setup.exe
2009-02-05 19:41 1,945,608 a------- c:\program files\Belarc Advisor.exe
2009-02-04 15:28 130,861 a------- c:\windows\hpoins18.dat
2009-02-04 14:55 1,431,504 a------- c:\program files\RegCureSetup_RW.exe
2009-02-04 13:52 286,104 a------- c:\program files\MySpaceIM_Setup.exe
2009-02-04 13:21 77,824 a------- c:\windows\system32\xcomm.dll
2009-02-04 13:07 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-04 13:07 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-04 13:07 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-04 13:07 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-04 13:07 83,968 a------- c:\windows\system32\mscories.dll
2009-02-04 13:03 43,051,888 a------- C:\Bit Defender Internet Security 2008.exe
2009-02-04 12:47 269,312 a------- c:\windows\system32\es.dll
2009-02-04 12:36 5,639,464 a------- c:\program files\Glary Utilities Setup.exe
2009-02-04 12:18 156,000 a------- c:\program files\bitdefender_isecurity.exe
2009-02-04 12:13 948,077 a------- c:\program files\Eusing Registry Cleaner.exe
2009-02-04 12:11 3,171,208 a------- c:\program files\ccsetup216.exe
2009-02-04 12:05 1,656,933 a------- c:\program files\pc-decrapifier-2.0.0.exe
2009-02-04 12:04 1,053,744 a------- c:\program files\Revo Uninstaller Setup.exe
2009-02-02 06:27 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-02-02 06:27 272,896 a------- c:\windows\system32\polstore.dll
2009-02-02 06:27 61,440 a------- c:\windows\system32\winipsec.dll
2009-02-02 06:27 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-02-02 06:25 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-02-02 06:25 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-02-02 06:25 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-02-02 06:21 296,960 a------- c:\windows\system32\gdi32.dll
2009-02-02 06:18 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-02-02 06:18 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-02-02 06:18 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-02-02 06:18 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-02-02 06:18 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-02-02 06:18 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-02-02 06:18 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-02-02 06:18 1,695,744 a------- c:\windows\system32\gameux.dll
2009-02-02 06:18 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-02-02 06:18 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-02-02 06:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-02-02 06:17 2,048 a------- c:\windows\system32\msxml3r.dll
2009-02-02 06:15 2,048 a------- c:\windows\system32\tzres.dll
2009-02-02 06:12 2,927,104 a------- c:\windows\explorer.exe
2009-02-02 06:07 9,847,296 a------- c:\windows\system32\NlsData000a.dll
2009-02-02 06:06 6,656 a------- c:\windows\system32\kbd106n.dll
2009-02-02 06:06 988,216 a------- c:\windows\system32\winload.exe
2009-02-02 06:06 927,288 a------- c:\windows\system32\winresume.exe
2009-02-02 06:06 615,992 a------- c:\windows\system32\ci.dll
2009-02-02 06:06 378,368 a------- c:\windows\system32\srcore.dll
2009-02-02 06:06 318,464 a------- c:\windows\system32\rstrui.exe
2009-02-02 06:06 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-02-02 06:06 40,960 a------- c:\windows\system32\srclient.dll
2009-02-02 06:06 19,000 a------- c:\windows\system32\kd1394.dll
2009-02-02 06:06 14,848 a------- c:\windows\system32\srdelayed.exe
2009-02-02 06:05 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-02-02 06:05 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-02-02 06:05 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-02-02 06:04:04 A------- 443,392 c:\windows\system32\win32spl.dll

============= FINISH: 8:52:55.37 ===============

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 03 May 2009 - 12:52 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Thanks again and we apologzie for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 04 May 2009 - 07:38 AM

Hello EB-- Thank you for your response to my request for help. It is much appreciated. Here is my situation. I have a main desktop computer that I use with 3 external hard drives. I had bad infections on my desktop computer and 2 of the 3 external hard drives I use. I ended up just doing a full restore on my desktop computer(without the external drives plugged in). After doing so my desktop computer came up clean on SAS, MBAM, and Bit Defender scans. I continued to use my desktop computer for the last weeek or so(never plugging in any of the external drives) regularly running scans which all came up clean. Also, it should be noted that I use Folder Lock to encrypt files on these 2 external drives and it appears that the infected files are within the encrypted files. I am really hoping we can get these 2 external drives clean as they hold valuable backups for me. I wanted to check with you before posting the DDS logs as to weather you wanted me to run the scan on just the desktop computer or if you want me to plug in both my dirty external drives to my desktop computer and then run the scan. Thanks again in advance for your time and help EB :thumbup2: :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 04 May 2009 - 02:37 PM

Hello again.

Thanks for the detailed feedback.

Do not plug in your external hard-drives yet.

I changed my mind after your description and would like you to run this tool instead of DDS for right now.

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 04 May 2009 - 03:53 PM

Hello Again EB-- Bleeping Computer kept giving me an error message saying that my post was to long so I attached the 2 files you requested here. Let me know how you want to proceed. Thanks again for your time and help EB....It is much appreciated. :thumbup2: :)

Attached Files


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 04 May 2009 - 05:04 PM

Hello.

First run this tool.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. If you are using Vista, please right-click and choose run as administrator...
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

I am really hoping we can get these 2 external drives clean as they hold valuable backups for me.

Hmmm... Are you saying that you think or you know these external hard-drives are infected or not?

Run Malwarebytes Anti-Malware for me, just to make sure. I'm sure it's cleaned right now since you did a full recovery.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Let me know if Flash-drive disinfector ran successfully and then post back with the MBAM as well as to the answers to my question.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 04 May 2009 - 05:37 PM

Hello Again EB-- Thanks for the fast reply. I just want to make sure I understand your instructions correctly before proceeding.


First, in regards to your query about the externals being infected here is what I can tell you. I am pretty darn sure the 2 drives are infected. MBAM and SAS both kept coming up with infections. After using the same tools to clean the infections the drives would appear ok for a day or 2 and then show infections again. I was also able to get the desktop clean but as soon as I would plug the externals in the desktop would show up dirty again(Antivirus 2009 was showing up on the desktop andTrojan.Dropper/SYS.NV was showing up on both the externals as well as some other infections). I could not get either of the 2 externals or the desktop to stay clean.

2.) You asked me to run flash disinfector first. So you want me to plug both the infected drives into my uninfected desktop and then run Flash disinfector??

3.) Should I run Malwarebytes before or after the flash disinfector?? Should I run Malwarebytes with the externals plugged in or unplugged.

Just wanting to make sure I am doing this in the correctly as I know the order in which we proceed is important. Thanks again for your time and help EB.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 05 May 2009 - 02:52 PM

Hello.

Sorry for the short delay, we probably live in different time zones and I had some work that I needed to finish up so couldn't reply earlier.

Okay.

2.) You asked me to run flash disinfector first. So you want me to plug both the infected drives into my uninfected desktop and then run Flash disinfector??

No. Run Flash-drive disinfector and when it tells you to plug them in then you do so.

3.) Should I run Malwarebytes before or after the flash disinfector?? Should I run Malwarebytes with the externals plugged in or unplugged.

After. Remember to follow my instructions from TOP to bottom as that makes more sense. Run MBAM with your external plugged in.

If you have any problems, stop and let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 05 May 2009 - 07:26 PM

Hello EB-- My apologies for all the confusion with the multiple posts. I have responded to all your questions about all the posts. This should be the only one open now. I did as you instructed with Flash Disinfector and MBAM(Log Below). Please note I ran the MBAM scan with the external drives plugged in but with the encrypted folders still encrypted. The reason I did this was because the encryption program I use I had not yet re installed since I wiped the computer. I need the program on the computer to open the encrypted files but you told me not to change anything yet. I believe the infections are in the encrypted files. Let me know if you want me to download my encryption program and rerun MBAM. As always thanks for the help EB....I appreciate your time and help. :thumbup2: :)

Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 6.0.6001 Service Pack 1

5/5/2009 7:14:06 PM
mbam-log-2009-05-05 (19-14-06).txt

Scan type: Quick Scan
Objects scanned: 67821
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 07 May 2009 - 02:50 PM

Hello.

I have a suggestion. Why not backup all your important data files etc.. to your desktop and then format your external hard-drives once that's done you can re-copy those files etc.. back and then they should be clean.

Let me know and give me a new DDS log.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 09 May 2009 - 09:56 AM

Hi EB-- Thanks again for your help. I would be happy to try your suggestion but if I copy infected files from my external drive to my desktop, then reformat the external drive and copy the files back to the freshly formatted external drive won't that just A.) Infect my desktop and B.) If the files I copied to the desktop from the external are infected and I recopy them to the freshly formatted external drive won't that just be putting infected files back on the freshly formatted external drive?? I'll wait for your response before I proceed. Thanks again for your time and help EB....It is muc appreciated.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 09 May 2009 - 12:54 PM

Hello.

I'm a bit confused here. Do not back up the infected files/folders but just your data information or do you have other things on your external hard-drive?

MBAM and SAS both kept coming up with infections. After using the same tools to clean the infections the drives would appear ok for a day or 2 and then show infections again. I was also able to get the desktop clean but as soon as I would plug the externals in the desktop would show up dirty again(Antivirus 2009 was showing up on the desktop andTrojan.Dropper/SYS.NV was showing up on both the externals as well as some other infections). I could not get either of the 2 externals or the desktop to stay clean.

I would like to see at least one or two of those logs where they found that your external hard-drives are infected.

Then, I'll see what to proceed with.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 12 May 2009 - 08:27 AM

Hello EB-- OK-- I scanned my desktop computer with the 2 external drives plugged in with SAS andMBAM and everything came up clean(Logs attached). However, this is what was happening before. I would run scans, infections would be found, I would clean the infections with SAS and MBAM and rescan and everything would come up clean. Everything would stay clean for a few days and then the infections would reappear. I fhtese logs look clean to you can we leave this topic open for a little while as I will keep running scans everyday and see if the infections reappear?? I also attached a DDS log which I ran after the SAS and MBAM scans. As always thanks in advance for your time and help EB


DDS (Ver_09-03-16.01) - NTFSx86
Run by Chris at 7:59:32.46 on Tue 05/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2682 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Eraser\Eraser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\IDrive\IDriveE Service.exe
C:\IDrive\IDriveWebM.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\IDrive\IDriveETray.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\IDrive\IDriveEBackground.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Folder Lock 6\Folder Lock 6.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Eraser] c:\program files\eraser\eraser.exe -hide
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [IDriveE Startup] "c:\idrive\IDrvieEStartup.exe" Hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idrive\IDriveEReg2ini.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-11 108289]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2009-4-30 143360]
R2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2009-4-30 106496]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-5-10 10752]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]

=============== Created Last 30 ================

2009-05-12 07:59 360,021 a------- c:\program files\dds.scr
2009-05-11 19:07 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-11 19:07 <DIR> --d----- c:\programdata\Avira
2009-05-11 19:07 <DIR> --d----- c:\program files\Avira
2009-05-11 19:07 <DIR> --d----- c:\progra~2\Avira
2009-05-11 19:06 30,075,904 a------- c:\program files\avira_antivir_personal_en.exe
2009-05-10 09:06 180,224 a------- c:\windows\system32\WinVd32.sys
2009-05-10 09:06 10,752 a------- c:\windows\system32\WinFLdrv.sys
2009-05-10 09:06 7,680 a------- c:\windows\system32\WinFLsrv.exe
2009-05-10 09:06 <DIR> --dsh--- c:\users\chris\appdata\roaming\.#
2009-05-10 09:06 33,982 a------- c:\windows\system32\flk-icon.ico
2009-05-10 09:06 <DIR> --d----- c:\program files\Folder Lock 6
2009-05-10 09:06 2,984,384 a------- c:\program files\folder-lock.exe
2009-05-05 19:03 <DIR> a-dshr-- C:\autorun.inf
2009-05-05 18:52 <DIR> --d----- c:\programdata\HP Product Assistant
2009-05-03 20:45 <DIR> --d----- c:\users\chris\appdata\roaming\OpenOffice.org
2009-05-03 20:39 <DIR> --d----- c:\program files\JRE
2009-05-03 20:39 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-05-03 20:35 <DIR> --d----- c:\program files\OpenOffice.org 3.0 (en-US) Installation Files
2009-05-03 20:35 149,353,184 a------- c:\program files\Open Office Install.exe
2009-05-03 20:31 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-03 20:27 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-05-03 20:27 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-03 20:27 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-05-03 20:27 15,360 a------- c:\windows\system32\pacerprf.dll
2009-05-03 20:27 147,456 a------- c:\windows\system32\Faultrep.dll
2009-05-03 20:27 125,952 a------- c:\windows\system32\wersvc.dll
2009-05-03 20:26 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-05-03 20:26 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-05-03 20:26 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-03 20:26 45,056 a------- c:\windows\system32\dataclen.dll
2009-05-03 20:26 36,864 a------- c:\windows\system32\cdd.dll
2009-05-03 20:26 180,224 a------- c:\windows\system32\scrobj.dll
2009-05-03 20:26 172,032 a------- c:\windows\system32\scrrun.dll
2009-05-03 20:26 155,648 a------- c:\windows\system32\wscript.exe
2009-05-03 20:26 135,168 a------- c:\windows\system32\wshom.ocx
2009-05-03 20:26 135,168 a------- c:\windows\system32\cscript.exe
2009-05-03 20:26 90,112 a------- c:\windows\system32\wshext.dll
2009-05-02 21:59 <DIR> --d----- C:\PerfLogs
2009-05-02 21:49 415,167,638 a------- c:\windows\MEMORY.DMP
2009-05-01 20:17 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-01 20:17 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-01 20:17 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-01 20:17 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-01 20:17 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-01 20:17 11,264 a------- c:\windows\system32\icardres.dll
2009-05-01 20:17 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-01 20:17 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-01 20:15 34,799,616 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-05-01 20:15 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-05-01 20:15 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-05-01 20:11 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-01 20:11 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-01 20:11 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-01 20:11 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-01 20:11 83,968 a------- c:\windows\system32\mscories.dll
2009-05-01 19:57 2,623,488 a------- c:\windows\system32\SLsvc.exe
2009-05-01 19:57 1,541,120 a------- c:\windows\system32\onex.dll
2009-05-01 19:54 305,152 a------- c:\windows\system32\msdelta.dll
2009-05-01 19:54 258,560 a------- c:\windows\system32\dpx.dll
2009-05-01 19:54 246,784 a------- c:\windows\system32\drvstore.dll
2009-05-01 19:54 35,328 a------- c:\windows\system32\mspatcha.dll
2009-04-30 08:05 <DIR> --d----- c:\programdata\WEBREG
2009-04-30 08:05 <DIR> --d----- c:\progra~2\WEBREG
2009-04-30 07:59 9,519,368 a------- c:\program files\IDriveSetup.exe
2009-04-30 07:59 <DIR> --d----- c:\programdata\HPSSUPPLY
2009-04-30 07:57 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-30 07:53 163,840 a------- c:\windows\system32\HPJCMN2U.DLL
2009-04-30 07:53 117,760 a------- c:\windows\system32\hpz3l4v2.dll
2009-04-30 07:53 94,208 a------- c:\windows\system32\HPJIPX1U.DLL
2009-04-30 07:53 241,721 a------- c:\windows\system32\HPBMINI.DLL
2009-04-30 07:53 49,152 a------- c:\windows\system32\HPBNRAC2.DLL
2009-04-30 07:53 18,747 a------- c:\windows\system32\HPCEAC06.HPI
2009-04-30 07:52 130,835 a------- c:\windows\hpoins18.dat
2009-04-30 07:51 258,048 a------- c:\windows\system32\hpzids01.dll
2009-04-30 07:51 897,024 a------- c:\windows\system32\hpotiop1.dll
2009-04-30 07:51 675,840 a------- c:\windows\system32\hpowiav1.dll
2009-04-30 07:51 303,104 a------- c:\windows\system32\hpovst01.dll
2009-04-30 07:51 6,600 a------- c:\windows\hpomdl18.dat
2009-04-30 07:49 <DIR> --d----- c:\users\chris\Roaming
2009-04-30 07:49 <DIR> --d----- c:\users\chris\appdata\roaming\MySpace
2009-04-30 07:49 <DIR> --d----- c:\program files\MySpace
2009-04-30 07:48 300,800 a------- c:\program files\MySpaceIM_Setup.exe
2009-04-28 17:16 268 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2009-04-28 03:03 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-28 03:03 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-28 03:03 272,896 a------- c:\windows\system32\polstore.dll
2009-04-28 03:03 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-28 03:02 1,820 a------- c:\windows\system32\rasctrnm.h
2009-04-28 03:02 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-04-28 03:02 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-04-28 03:02 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-28 03:01 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-28 03:01 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-28 03:01 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-28 03:01 269,312 a------- c:\windows\system32\es.dll
2009-04-28 03:00 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-28 03:00 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-28 03:00 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-27 15:26 <DIR> --d----- c:\programdata\NVIDIA
2009-04-27 15:02 305,688 a------- c:\windows\system32\drivers\iaStor.sys
2009-04-27 07:43 553 a------- c:\windows\USetup.iss
2009-04-27 07:43 98,304 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-04-27 07:43 4,874,240 a------- c:\windows\RtHDVCpl.exe
2009-04-27 07:43 2,156,544 a------- c:\windows\system32\RtkAPO.dll
2009-04-27 07:43 2,047,576 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-04-27 07:43 1,191,936 a------- c:\windows\RtlUpd.exe
2009-04-27 07:43 636,416 a------- c:\windows\system32\RtkPgExt.dll
2009-04-27 07:43 532,480 a------- c:\windows\system32\RTSndMgr.cpl
2009-04-27 07:43 135,168 a------- c:\windows\system32\SRSWOW.dll
2009-04-27 07:43 29,696 a------- c:\windows\system32\RtkCoInst.dll
2009-04-27 07:42 <DIR> --d----- c:\users\chris\appdata\roaming\WinBatch
2009-04-27 03:27 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-27 03:27 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-27 03:26 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-27 03:25 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-27 03:25 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-27 03:23 2,048 a------- c:\windows\system32\tzres.dll
2009-04-27 03:22 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-04-27 03:22 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-27 03:22 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-27 03:22 217,088 a------- c:\windows\system32\psisrndr.ax
2009-04-27 03:22 80,896 a------- c:\windows\system32\MSNP.ax
2009-04-27 03:22 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-04-27 03:22 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-04-27 03:22 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-27 03:22 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-27 03:22 4,096 a------- c:\windows\system32\msdxm.ocx
2009-04-27 03:22 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-27 03:18 2,927,104 a------- c:\windows\explorer.exe
2009-04-27 03:18 15,872 a------- c:\windows\system32\hcrstco.dll
2009-04-27 03:18 8,704 a------- c:\windows\system32\hccoin.dll
2009-04-27 03:14 4,497,408 a------- c:\windows\system32\NlsData0019.dll
2009-04-27 03:12 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-27 03:11 183,296 a------- c:\windows\system32\sdohlp.dll
2009-04-27 03:11 98,304 a------- c:\windows\system32\iasrecst.dll
2009-04-27 03:11 54,784 a------- c:\windows\system32\iasads.dll
2009-04-27 03:11 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-04-27 03:11 17,408 a------- c:\windows\system32\iashost.exe
2009-04-27 03:10 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-04-27 03:10 72,704 a------- c:\windows\system32\secur32.dll
2009-04-27 03:10 9,728 a------- c:\windows\system32\lsass.exe
2009-04-27 03:10 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-27 03:10 24,064 a------- c:\windows\system32\amxread.dll
2009-04-27 03:10 13,824 a------- c:\windows\system32\apilogen.dll
2009-04-27 03:09 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-27 03:09 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-27 03:09 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-04-27 03:08 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-27 03:08 37,888 a------- c:\windows\system32\printcom.dll
2009-04-27 03:07 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-27 03:07 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-27 03:07 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-27 03:06 268,288 a------- c:\windows\system32\schannel.dll
2009-04-27 03:06 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-27 03:06 98,816 a------- c:\windows\system32\mfps.dll
2009-04-27 03:06 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-27 03:06 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-27 03:06 2,048 a------- c:\windows\system32\mferror.dll
2009-04-27 03:06 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-27 03:06 94,720 a------- c:\windows\system32\logagent.exe
2009-04-27 03:05 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-27 03:05 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-27 03:04 1,645,568 a------- c:\windows\system32\connect.dll
2009-04-27 03:04 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-27 03:03 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-27 03:03 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-27 03:02 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-27 03:02 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-26 22:11 525 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-26 20:48 <DIR> --d----- c:\users\chris\appdata\roaming\GlarySoft
2009-04-26 20:28 311,296 a------- c:\windows\system32\Eraser.dll
2009-04-26 20:28 86,016 a------- c:\windows\system32\Erasext.dll
2009-04-26 20:28 77,824 a------- c:\windows\system32\Eraserl.exe
2009-04-26 20:28 <DIR> --d----- c:\program files\Eraser
2009-04-26 20:28 7,068,856 a------- c:\program files\Eraser Setup.exe
2009-04-26 20:27 <DIR> --d----- c:\program files\Glary Utilities
2009-04-26 20:26 5,649,472 a------- c:\program files\Glary Utilities Setup.exe
2009-04-26 20:25 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-04-26 20:25 948,311 a------- c:\program files\Eusing Free Registry Cleaner.exe
2009-04-26 20:23 <DIR> --d----- c:\program files\CCleaner
2009-04-26 20:05 3,190,688 a------- c:\program files\CCleaner Setup.exe
2009-04-26 19:53 <DIR> --d----- c:\program files\VS Revo Group
2009-04-26 19:53 1,053,744 a------- c:\users\chris\Revo Uninstaller Setup.exe
2009-04-26 13:54 81,984 a------- c:\windows\system32\bdod.bin
2009-04-26 13:49 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-26 13:49 385 a------- c:\windows\system32\user_gensett.xml
2009-04-26 13:45 1,786 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_GG753AV-ABA a6150y_YC_0Pavi_QMXG730_E73NAv3PcA2_49_ILeonite2_SASUSTek Computer INC._V6.00_B5.20_T070607_WUH0_L409_M3582_J400_7Intel_8Core2 Duo E4500_92.2_#090426_N168C001B_Z14F12F20_G10DE01D1.MRK
2009-04-26 13:43 <DIR> --d----- c:\users\chris\appdata\roaming\BitDefender
2009-04-26 13:43 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2009-04-26 13:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 13:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 13:43 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-26 13:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-26 13:43 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-26 13:42 <DIR> --d----- c:\programdata\BitDefender
2009-04-26 13:42 <DIR> --d----- c:\program files\BitDefender
2009-04-26 13:42 <DIR> --d----- c:\progra~2\BitDefender
2009-04-26 13:35 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-26 13:34 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-26 13:34 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-26 13:34 <DIR> --d----- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2009-04-26 13:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-26 13:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-26 13:33 6,043,680 a------- c:\program files\SUPERAnti Spyware Setup.exe
2009-04-26 13:31 2,967,800 a------- c:\program files\Malwarebytes Free Edition Setup.exe
2009-04-26 13:30 156,000 a------- c:\program files\Bit Defender Internet Security 2009 Setup.exe
2009-04-26 13:27 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-26 13:26 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-26 13:26 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-26 13:26 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-26 13:23 44 a------- c:\windows\system\hpsysdrv.dat
2009-04-26 13:21 <DIR> --d-h--- C:\hp
2009-04-26 13:21 172,032 a------- c:\windows\system32\UCI32m15.dll
2009-04-26 13:21 94,208 a------- c:\windows\system32\mdmxsdk.dll
2009-04-26 13:21 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-04-26 13:21 686,080 a------- c:\windows\system32\drivers\athr.sys
2009-04-26 13:21 <DIR> --d----- c:\windows\system32\OEM
2009-04-26 13:21 <DIR> --d----- c:\windows\Panther
2009-04-26 13:20 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-04-26 13:20 333,203 a--shr-- C:\bootmgr
2009-04-26 13:20 <DIR> --dsh--- C:\Boot
2009-04-26 13:09 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-04-26 13:07 <DIR> --d----- c:\windows\SMINST
2009-04-26 13:04 <DIR> --d----- c:\programdata\Symantec
2009-04-26 13:04 <DIR> --d----- c:\progra~2\Symantec
2009-04-26 13:04 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-26 13:03 <DIR> --d----- c:\program files\Yahoo!
2009-04-26 13:01 <DIR> --d----- c:\program files\Online Services
2009-04-26 13:01 <DIR> --d----- c:\program files\earthlink totalaccess
2009-04-26 12:59 <DIR> --d----- c:\programdata\PC-Doctor
2009-04-26 12:59 <DIR> --d----- c:\progra~2\PC-Doctor
2009-04-26 12:59 <DIR> --d----- c:\program files\PC-Doctor 5 for Windows
2009-04-26 12:57 32,592 a------- c:\windows\system32\msonpmon.dll
2009-04-26 12:56 <DIR> --d----- c:\programdata\Microsoft Help
2009-04-26 12:54 <DIR> --d----- c:\programdata\Adobe
2009-04-26 12:53 <DIR> --d----- c:\program files\muvee Technologies
2009-04-26 12:53 <DIR> --d----- c:\programdata\muvee Technologies
2009-04-26 12:53 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-04-26 12:53 <DIR> --d----- c:\program files\common files\xing shared
2009-04-26 12:53 <DIR> --d----- c:\program files\common files\Real
2009-04-26 12:52 <DIR> a-d----- c:\program files\common files\LS Getting Started
2009-04-26 12:52 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-26 12:51 <DIR> --d----- c:\programdata\Sonic
2009-04-26 12:51 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-04-26 12:50 <DIR> --d----- c:\programdata\Roxio
2009-04-26 12:50 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-26 12:50 <DIR> --d----- c:\program files\Roxio
2009-04-26 12:45 <DIR> --d----- c:\program files\common files\HP
2009-04-26 12:45 <DIR> --d----- c:\program files\HP
2009-04-26 12:45 103,521 a------- c:\windows\hpqins13.dat
2009-04-26 12:45 <DIR> --d----- c:\programdata\HP
2009-04-26 12:42 <DIR> --d----- c:\program files\HP Games
2009-04-26 12:42 <DIR> --d----- c:\programdata\WildTangent
2009-04-26 12:42 <DIR> --d----- c:\progra~2\WildTangent
2009-04-26 12:39 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-26 12:39 520,192 a------- c:\windows\RtlExUpd.dll
2009-04-26 12:39 315,392 a------- c:\windows\HideWin.exe
2009-04-26 12:39 <DIR> --d----- c:\program files\Realtek
2009-04-26 12:39 <DIR> --d----- c:\windows\system32\RTCOM
2009-04-26 12:39 339,968 a------- c:\windows\system32\SRSTSXT.dll
2009-04-26 12:37 86,016 a------- c:\windows\system32\nvsvc.dll
2009-04-26 12:37 17,254 a------- c:\windows\system32\nvwsapps.xml
2009-04-26 12:37 1,073,152 a------- c:\windows\system32\nvcpluir.dll
2009-04-26 12:37 753,664 a------- c:\windows\system32\nvcplui.exe
2009-04-26 12:37 413,696 a------- c:\windows\system32\nvcpl.cpl
2009-04-26 12:37 307,200 a------- c:\windows\system32\nvexpbar.dll
2009-04-26 12:37 124,376 a------- c:\windows\system32\nvapps.xml
2009-04-26 12:37 36,352 a------- c:\windows\system32\nvcodins.dll
2009-04-26 12:37 521,128 a------- c:\windows\system32\dpinst.exe
2009-04-26 12:37 126,976 a------- c:\windows\system32\Imsmudlg.exe
2009-04-26 12:37 <DIR> --d----- c:\windows\system32\ENU
2009-04-26 12:31 61,440 -------- c:\windows\system32\OsdRemove.exe
2009-04-26 12:31 48,760 a------- c:\windows\system32\RUNCLOSE.OCX
2009-04-26 12:30 253,952 a------- c:\windows\system32\cPC_DMIRD.dll
2009-04-26 12:28 327,680 a------- c:\windows\system32\pythoncom24.dll
2009-04-26 12:28 102,400 a------- c:\windows\system32\pywintypes24.dll
2009-04-26 12:28 <DIR> --dsh--- c:\windows\Installer
2009-04-26 12:24 <DIR> --d----- c:\users\Chris
2009-04-26 12:24 <DIR> --d----- c:\program files\CONEXANT

==================== Find3M ====================

2009-05-02 22:08 174 a--sh--- c:\program files\desktop.ini
2009-05-02 22:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-02 22:06 86,016 a------- c:\windows\inf\infstor.dat
2009-05-02 22:06 51,200 a------- c:\windows\inf\infpub.dat
2009-05-02 21:59 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-02 21:09 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-05-02 21:09 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-28 03:00 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-28 03:00 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-28 03:00 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-28 03:00 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-28 03:00 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-28 03:00 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-27 03:14 3,466,752 a------- c:\windows\system32\NlsData0013.dll
2009-04-27 03:12 988,216 a------- c:\windows\system32\winload.exe
2009-04-27 03:10 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-04-24 10:05 1,056,768 a------- c:\windows\system32\IDriveEService.dll
2009-04-14 18:02 225,280 a------- c:\windows\system32\IDrLocale.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-02 11:37 20,480 a------- c:\windows\system32\IDriveEXceedCryReg.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:00:43.10 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2009 12:24:53 PM
System Uptime: 5/12/2009 5:10:46 AM (3 hours ago)

Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 364 GiB total, 303.941 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.005 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 233 GiB total, 225.033 GiB free.
K: is FIXED (NTFS) - 932 GiB total, 629.241 GiB free.
Z: is FIXED (NTFS) - 3 GiB total, 2.949 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 9 ActiveX
Adobe Reader 8
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Avira AntiVir Personal - Free Antivirus
BitDefender Internet Security 2009
BufferChm
C5100
c5100_Help
CCleaner (remove only)
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Enhanced Multimedia Keyboard Solution
Eraser 5.86
eSupportQFolder
Eusing Free Registry Cleaner
Fax
Glary Utilities 2.12.0.658
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 8.0
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Picasso Media Center Add-In
HP Product Assistant
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
IDrive version 3.2.6 April 24, 2009
Intel® Matrix Storage Manager
Java™ 6 Update 7
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
MySpaceIM
NVIDIA Drivers
OpenOffice.org 3.0
PSSWCORE
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.80
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
UnloadSupport
WebReg

==== End Of File ===========================



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2009 at 08:14 PM

Application Version : 4.26.1002

Core Rules Database Version : 3887
Trace Rules Database Version: 1835

Scan type : Complete Scan
Total Scan Time : 01:03:16

Memory items scanned : 709
Memory threats detected : 0
Registry items scanned : 6785
Registry threats detected : 0
File items scanned : 24687
File threats detected : 15

Adware.Tracking Cookie
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@serving-sys[1].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@apmebf[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@mediaplex[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@ad.yieldmanager[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@bs.serving-sys[1].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@casalemedia[1].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@a1.interclick[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@atdmt[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@advertising[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@interclick[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@doubleclick[1].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@dmtracker[1].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@revsci[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@doubleclick[2].txt
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@ads.bleepingcomputer[2].txt

Malwarebytes' Anti-Malware 1.36
Database version: 2112
Windows 6.0.6001 Service Pack 1

5/11/2009 9:21:46 PM
mbam-log-2009-05-11 (21-21-46).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|Z:\|)
Objects scanned: 221872
Time elapsed: 1 hour(s), 41 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 PM

Posted 12 May 2009 - 02:56 PM

Hello.

I'll leave it open for another 2-3 days for you to report back if anything is found.

Yes, SAS and MBAM log was clean. SAS only found some tracking cookies.

In the meantime, I would also like you to do the following.

Update Java to Version 6 Update 13

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Johnny Computer

Johnny Computer
  • Topic Starter

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:04:39 PM

Posted 15 May 2009 - 11:31 AM

Hi EB-- I updated my Java as you instructed. I am having trouble getting Kaspersky to "Run as Administrator". When I right click my browser shortcut icon on my desktop I am not given a "Run as administrator" option. If I try to run Kaspersky everything goes fine except the sections settings for viruses, rootkits, etc. is checked but greyed out and won't let me adjust it....So I am not sure if it is running as administrator or not?? I tried launching my browser from it's listing in my start-programs file and that did allow me to run the browser as administrator but once I opened the browser and navigated to the Kaspersky page I got the same results as I described above when trying to check the scan for viruses and rootkits section?? So I guess I am stuck on how to get Kaspersky to run as adminstrator so I can check of the appropriate box. Thanks again for your help EB....It's much appreciated.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users