This topic is locked
HELLO, ANY AND ALL HELP GREATLY APPRECIATED. OKAY COMPUTER STARTED WITH THE GOOGLE REDIRECT ON CHRISTMAS EVE, THE WIFE THOUGHT WAS LEGITIMATE "WEB SURVEY", FILLED IT OUT- BOOM! GETTING MULTIPLE REDIRECTS, PORN SITES POPPING UP, N SAFEHAVE ROXIO 2010 THAT WILL NOT IN START UP NOW. I AM AN IT STUDENT CURRENTLY AND AM EMBARRASSED BUT REALIZE THAT THE TRUE STUDENT OF TECHNOLOGY KNOWS WHEN TO ASK FOR HELP. I HAVE RUN ALL THE LATEST SCANS AND WILL BE INCLUDING THEM IN THIS POST. ONCE AGAIN, THANK YOU IN ADVANCE AND ANY AND ALL HELP IS GREATLY APPRECIATED.
NOTE: ALL SCANS RUN IN SAFE MODE:
DDS:
DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 22:51:32.35 on Thu 01/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.388 [GMT -5:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
K:\Documents\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255822779625
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255822771062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-17 12552]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-10-17 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-10-17 15856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-17 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-17 27784]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-17 108552]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-10-17 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-18 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-18 297752]
S2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
=============== Created Last 30 ================
2010-01-08 00:15:30 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-01-04 05:44:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-30 04:00:11 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-30 01:01:44 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 01:01:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-29 22:15:52 0 d-----w- c:\windows\pss
2009-12-19 03:12:14 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-19 03:12:12 0 d-----w- c:\program files\AoA Audio Extractor
2009-12-10 10:23:44 0 d-----w- c:\windows\SxsCaPendDel
==================== Find3M ====================
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 04:48:30 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-27 08:12:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 23:35:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-18 12:08:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-17 23:10:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
============= FINISH: 22:53:18.10 ===============
ROOT PEAL:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/07 23:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF7C4C000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\stdole.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\stdole.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!
==EOF==
RSIT LOGFILE:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-07 23:23:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (16%) free of 100 GB
Total RAM: 511 MB (64% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-03 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-13 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-03 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [2009-07-24 240112]
"CPMonitor"=C:\Program Files\Roxio 2010\5.0\CPMonitor.exe [2009-07-21 84464]
"Desktop Disc Tool"=C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [2009-06-23 494064]
"DLCDCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16 []
"dlcdmon.exe"=C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe [2005-07-22 430080]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 944\memcard.exe [2005-08-10 286720]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-18 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Roxio 2010\Venue\Venue.exe"="C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue"
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-01-07 23:23:09 ----D---- C:\rsit
2010-01-07 23:23:09 ----D---- C:\Program Files\trend micro
2010-01-07 23:19:21 ----A---- C:\RootRepeal report 01-07-10 (23-19-21).txt
2010-01-07 22:44:30 ----D---- C:\Qoobox
2010-01-07 22:43:32 ----D---- C:\32788R22FWJFW
2010-01-07 20:21:11 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2010-01-07 19:15:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-01-07 19:15:04 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-01-07 19:15:04 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2010-01-07 19:14:15 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 16:58:43 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-29 20:01:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-29 20:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 17:15:52 ----D---- C:\WINDOWS\pss
2009-12-18 22:12:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-18 22:12:14 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-12-18 22:12:12 ----D---- C:\Program Files\AoA Audio Extractor
2009-12-16 15:03:14 ----D---- C:\Program Files\ImgBurn
2009-12-10 05:23:44 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-09 03:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
======List of files/folders modified in the last 1 months======
2010-01-07 23:23:09 ----RD---- C:\Program Files
2010-01-07 23:02:18 ----D---- C:\WINDOWS\system32\drivers
2010-01-07 22:54:52 ----D---- C:\WINDOWS\Temp
2010-01-07 19:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-07 19:20:13 ----D---- C:\WINDOWS\system32
2010-01-07 19:17:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 19:15:03 ----D---- C:\Documents and Settings
2010-01-07 19:14:15 ----D---- C:\WINDOWS
2010-01-07 18:16:02 ----D---- C:\WINDOWS\Prefetch
2010-01-07 17:01:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-07 10:25:41 ----D---- C:\Program Files\Dl_cats
2010-01-07 08:54:00 ----HD---- C:\$AVG8.VAULT$
2010-01-05 23:48:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-05 23:48:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-29 23:18:03 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-12-29 23:00:28 ----D---- C:\WINDOWS\system32\config
2009-12-29 23:00:11 ----D---- C:\WINDOWS\system32\wbem
2009-12-29 23:00:11 ----D---- C:\WINDOWS\Registration
2009-12-29 17:23:15 ----A---- C:\WINDOWS\win.ini
2009-12-29 17:23:15 ----A---- C:\WINDOWS\system.ini
2009-12-25 21:30:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-24 15:01:50 ----D---- C:\WINDOWS\network diagnostic
2009-12-20 03:09:54 ----SHD---- C:\WINDOWS\Installer
2009-12-20 03:09:52 ----D---- C:\Config.Msi
2009-12-12 20:45:43 ----HD---- C:\WINDOWS\inf
2009-12-12 15:39:48 ----D---- C:\Program Files\Punch! Super Home
2009-12-10 05:23:10 ----D---- C:\Program Files\Google
2009-12-10 05:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-12-09 04:21:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:05:26 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 03:04:25 ----D---- C:\Program Files\Internet Explorer
2009-12-09 03:04:08 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-18 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-18 27784]
S1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-18 108552]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 SaibVd32;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVd32.sys [2009-06-02 25584]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-03-05 60949]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-27 47360]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-10-18 908056]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-18 297752]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 CinemaNow Service;CinemaNow Service; C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-23 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
S2 RoxWatch12;Roxio Hard Drive Watcher 12; C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlcd_device;dlcd_device; C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 491520]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-17 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB12;RoxMediaDB12; C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
GMER REPORT:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-07 22:42:57
Windows 5.1.2600 Service Pack 3
Running: 9ov0flus.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ufxdqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
? xffwuqyc.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[452] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DA000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
MBAM REPORT:
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/7/2010 7:54:52 PM
mbam-log-2010-01-07 (19-54-52).txt
Scan type: Quick Scan
Objects scanned: 115708
Time elapsed: 9 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eqhxotnh (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\ucVE.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
ROOT REPEAL REPORT:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/07 23:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF7C4C000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\stdole.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\stdole.manifest
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Moyo\Local Settings\Apps\2.0\4A8EZGZP.CEL\X3AK2GAB.9JO\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!
==EOF==
I AM RUNNING A SMALL NETWORK MY LAPTOP DOESNT SEEM TO HAVE THE SAME ISSUES AS MY DESKTOP WHICH IS A DELL DIMENSION , WINDOWS XP SP3. ANY AND ALL HELP IS GREATLY APPRECIATED.
Back to top
