Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites Redirecting When I Click On Links In Google, svchost.exe and explorer.exe are using an insane amount of memory


  • This topic is locked This topic is locked
4 replies to this topic

#1 dlfootball72

dlfootball72

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 February 2010 - 04:01 PM

Ok i've been battling this nasty trojan/spyware for a week now. When I go onto the internet and click on a link in google I get redirected to another site every time unless I put the address up on top in the address bar other than that every link I click I get redirected. Also in my task manager svchost.exe and explorer.exe are using an insane amount of memory up to like 80,000k for each one. I know it is some type of malware/trojan digusining itself behind the normal processes because explorer and svchost are normal processes but not at this high level of memory usage. I've ran every bit of anti-malware and anti-spyware from superantispyware, windows defender, malwarebytes, etc. and every time I run them I find spyware/malware/trojans and it removes them and then when I reboot they come right back. Even when I go into safe mode the infection follows as svchost and explorer again use an insane amount of memory than they ever have. I researched and came across a tidserv trojan but looked into my device manager and didn't find anything related to it even under hidden ones. So please help me out this trojan is killing me and seems to be coming back reboot after reboot. Here is my highjack log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:15 PM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\31AAPK3K\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - (no file)
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-4220756932-1338666074-280236218-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4220756932-1338666074-280236218-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4220756932-1338666074-280236218-1003\..\Run: [DW6] (User '?')
O4 - HKUS\S-1-5-21-4220756932-1338666074-280236218-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-4220756932-1338666074-280236218-1003\..\Run: [AdobeBridge] (User '?')
O4 - HKUS\S-1-5-21-4220756932-1338666074-280236218-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) - http://weblink82.bc3.edu/ReportServer/Rese...OpType=PrintCab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181198157515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181198125593
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazon...etect_intel.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://weblink82.bc3.edu/ReportServer?rs:C...clientprint.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnnlIBs - opnnlIBs.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca0aedb00579da) (gupdate1ca0aedb00579da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--
End of file - 12664 bytes

Please help and thanks in advance this is killing me trying to get rid of this pos trojan/malware

BC AdBot (Login to Remove)

 


#2 dlfootball72

dlfootball72
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 February 2010 - 05:36 PM

ran combo fix here is the log:

ComboFix 10-02-21.02 - Owner 02/22/2010 16:40:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.323 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users.\documents\settings\rvnzs_a.dat
c:\documents and settings\All Users.\documents\settings\rvnzs_b.dat
c:\documents and settings\All Users.\documents\settings\rvnzs_f.dat
c:\documents and settings\All Users.\documents\settings\rvnzs_v.dat
c:\documents and settings\All Users\Documents\Settings\desktop.ini
c:\documents and settings\All Users\Documents\Settings\rvnzs_a.dat
c:\documents and settings\All Users\Documents\Settings\rvnzs_b.dat
c:\documents and settings\All Users\Documents\Settings\rvnzs_f.dat
c:\documents and settings\All Users\Documents\Settings\rvnzs_v.dat
c:\documents and settings\Default User\Application Data\Install.dat
c:\documents and settings\Default User\Local Settings\Temporary Internet Files\Ssk.log
c:\recycler\S-1-5-21-130471804-2985805104-150896340-1003
c:\recycler\S-1-5-21-130471804-2985805104-150896340-500
c:\recycler\S-1-5-21-3031374792-1426567938-2404577052-1003
c:\recycler\S-1-5-21-3452334216-2343649083-3616889665-1003
c:\windows\Fonts\acrsec.fon
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003839_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_005953_.tmp.dll
c:\windows\system32\_005954_.tmp.dll
c:\windows\system32\_005955_.tmp.dll
c:\windows\system32\_005956_.tmp.dll
c:\windows\system32\_005963_.tmp.dll
c:\windows\system32\_005964_.tmp.dll
c:\windows\system32\_005965_.tmp.dll
c:\windows\system32\_005966_.tmp.dll
c:\windows\system32\_005968_.tmp.dll
c:\windows\system32\_005969_.tmp.dll
c:\windows\system32\_005972_.tmp.dll
c:\windows\system32\_005973_.tmp.dll
c:\windows\system32\_005975_.tmp.dll
c:\windows\system32\_005976_.tmp.dll
c:\windows\system32\_005977_.tmp.dll
c:\windows\system32\_005978_.tmp.dll
c:\windows\system32\_005979_.tmp.dll
c:\windows\system32\_005982_.tmp.dll
c:\windows\system32\_005983_.tmp.dll
c:\windows\system32\_005987_.tmp.dll
c:\windows\system32\_005988_.tmp.dll
c:\windows\system32\_005990_.tmp.dll
c:\windows\system32\_005993_.tmp.dll
c:\windows\system32\_005995_.tmp.dll
c:\windows\system32\_005996_.tmp.dll
c:\windows\system32\_005997_.tmp.dll
c:\windows\system32\_005998_.tmp.dll
c:\windows\system32\_005999_.tmp.dll
c:\windows\system32\_006002_.tmp.dll
c:\windows\system32\_006003_.tmp.dll
c:\windows\system32\_006004_.tmp.dll
c:\windows\system32\_006005_.tmp.dll
c:\windows\system32\_006006_.tmp.dll
c:\windows\system32\_006011_.tmp.dll
c:\windows\system32\_006013_.tmp.dll
c:\windows\system32\_006014_.tmp.dll
c:\windows\system32\ak
c:\windows\system32\config\system~1\applic~1\install.dat
c:\windows\system32\ps2.bat
c:\windows\system32\reboot.txt
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDNET1


((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 05:35 . 2010-02-22 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-22 05:35 . 2010-02-22 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\documents and settings\Owner\Application Data\NVIDIA
2010-02-18 06:18 . 2010-02-18 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-02-17 21:27 . 2010-02-18 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-02-17 18:57 . 2010-02-17 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-02-17 03:51 . 2010-02-17 03:51 -------- d-----w- c:\documents and settings\Owner\Application Data\teamspeak2
2010-02-17 03:37 . 2010-02-17 03:37 -------- d-----w- c:\documents and settings\Owner\Application Data\TS3Client
2010-02-11 07:35 . 2010-02-11 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 22:14 . 2010-01-15 22:28 -------- d-----w- c:\program files\Common Files\Akamai
2010-02-22 20:45 . 2008-08-30 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2010-02-22 05:35 . 2010-02-22 05:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-22 05:29 . 2002-10-28 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-22 05:06 . 2009-10-07 21:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:16 . 2010-02-22 04:16 -------- d-----w- c:\program files\Realtek AC97
2010-02-22 04:05 . 2010-02-22 04:05 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-22 02:47 . 2010-02-22 02:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-21 19:18 . 2010-02-21 19:18 -------- d-----w- c:\program files\TrendMicro
2010-02-20 06:04 . 2008-03-07 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-02-20 05:02 . 2008-03-07 04:07 -------- d-----w- c:\program files\LimeWire
2010-02-20 01:40 . 2010-02-20 01:40 50376 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-20 01:40 . 2010-02-20 01:40 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-18 06:09 . 2010-02-17 18:48 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-18 05:56 . 2010-02-18 05:56 -------- d-----w- c:\program files\Realtek
2010-02-18 05:56 . 2002-10-28 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-17 21:34 . 2010-02-17 06:26 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-17 21:34 . 2010-02-17 06:26 138056 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-02-17 21:34 . 2010-02-17 06:26 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-17 21:34 . 2010-02-17 06:26 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-17 19:56 . 2010-02-16 22:46 -------- d-----w- c:\program files\Electronic Arts
2010-02-17 06:26 . 2010-02-17 06:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-17 05:05 . 2009-10-09 19:44 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-02-17 03:51 . 2010-02-17 03:50 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-02-17 03:49 . 2010-02-17 03:24 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-16 22:51 . 2010-02-16 22:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-15 09:25 . 2008-03-04 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-15 09:19 . 2010-02-14 02:35 -------- d-----w- c:\program files\Microsoft Works
2010-02-14 02:50 . 2009-08-31 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2010-02-14 02:48 . 2005-04-26 14:18 126776 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-14 02:30 . 2010-02-14 02:30 -------- d-----w- c:\program files\Microsoft.NET
2010-02-14 01:12 . 2010-02-14 01:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-11 07:19 . 2010-02-11 07:19 -------- d-----w- c:\program files\Adobe Media Player
2010-02-11 06:13 . 2006-09-15 22:39 -------- d-----w- c:\program files\Google
2010-02-08 06:45 . 2010-02-08 04:59 -------- d-----w- c:\program files\Hide My IP
2010-02-04 15:01 . 2010-02-17 22:18 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 15:01 . 2010-02-17 22:18 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 15:01 . 2010-02-17 22:18 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 15:01 . 2010-02-17 22:18 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 22:28 . 2010-01-20 04:23 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-01-30 15:48 . 2010-02-03 22:37 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-01-27 18:02 . 2007-06-14 01:29 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 18:01 . 2010-01-27 17:57 23110 ----a-w- c:\windows\hpqins15.dat
2010-01-27 17:47 . 2007-06-14 01:31 -------- d-----w- c:\program files\Java
2010-01-24 02:08 . 2009-11-17 22:46 -------- d-----w- c:\program files\TVersity Codec Pack
2010-01-24 02:08 . 2009-10-07 23:00 -------- d-----w- c:\program files\ffdshow
2010-01-21 05:20 . 2010-01-21 05:20 -------- d-----w- c:\program files\Sun
2010-01-20 09:02 . 2008-08-30 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-20 04:34 . 2010-01-20 04:28 77349 ----a-w- c:\windows\hpqins05.dat
2010-01-20 04:32 . 2010-01-20 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-16 04:50 . 2010-01-16 04:31 1228240 ----a-w- c:\program files\ADBEPHSPCS4_LS1.exe
2010-01-16 04:50 . 2010-01-16 04:31 853860607 ----a-w- c:\program files\ADBEPHSPCS4_LS1.7z
2010-01-15 20:43 . 2010-01-15 20:43 -------- d-----w- c:\program files\Windows Defender
2010-01-14 16:12 . 2010-01-15 20:46 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:57 . 2010-01-14 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 02:21 . 2010-01-11 02:21 -------- d-----w- c:\program files\AVG
2010-01-07 21:07 . 2010-01-14 03:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-14 03:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-08-20 15:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2008-12-18 22:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2007-06-05 20:08 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-08-20 15:47 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-08-20 15:46 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-08-20 15:46 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-08-20 15:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2002-01-23 09:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-18 05:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2002-01-23 09:42 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2002-01-23 10:47 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2002-01-23 09:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-18 05:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-17 17:30 . 2009-11-17 17:30 336 ----a-w- c:\program files\temp995.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-15 81920]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-12-01 497376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IPMsg\\ipmsg.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [9/24/2007 10:11 PM 566560]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/23/2002 4:43 AM 14336]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2/18/2010 10:23 PM 72704]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [10/21/2008 3:46 PM 515803]
S2 gupdate1ca0aedb00579da;Google Update Service (gupdate1ca0aedb00579da);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 11:58 AM 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Owner\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Owner\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Owner\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Owner\Application Data\NVIDIA\HWAccess.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-16 16:58]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 16:58]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 16:58]

2010-02-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2007-06-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-06-05 16:04]

2010-02-22 c:\windows\Tasks\User_Feed_Synchronization-{5CCA332A-CD82-48E8-AB7A-8DB31041F9D3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://weblink82.bc3.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ugvj45mylvtlr155chptat45&ControlID=a966252636c5440a867a2f082c535a19&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-DW6 - (no file)
HKCU-Run-AdobeBridge - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
Notify-opnnlIBs - opnnlIBs.dll
AddRemove-HijackThis - c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QXUOM2WZ\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 17:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\windows\LTMSG.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-02-22 17:32:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-22 22:32

Pre-Run: 10,814,013,440 bytes free
Post-Run: 13,138,960,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 61CC7DF3DC29F225E1823A4288E4D544


#3 dlfootball72

dlfootball72
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 February 2010 - 10:25 PM

can anybody help me

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 24 February 2010 - 07:53 PM

Hello and welcome to Bleeping Computer

How is your computer running after you ran Combofix?

Here's some stuff to get us started.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both DDS logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 02 March 2010 - 09:52 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users