Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rsit log file


  • This topic is locked This topic is locked
30 replies to this topic

#1 uzair

uzair

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 18 March 2010 - 05:27 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/303156/browser-redirecting/ ~ OB

I tried to follow the Prep Guide but were unable to get DDS to run.
----Redirecting problem with browser

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-03-18 22:21:45
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2
System drive C: has 148 GB (65%) free of 229 GB
Total RAM: 3068 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:56, on 18/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11447 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{2B9BE40A-3FD1-4E5D-9F7E-6D4D55062560}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-12 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-12-23 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-12-23 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-01-21 217088]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-02 554288]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-03-13 699456]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-24 468264]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-18 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-06-03 450652]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-14 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-14 92704]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-12 2059544]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-27 2012912]
"WordWeb"=C:\Program Files\WordWeb\wweb32.exe [2009-11-08 65216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-18 22:21:45 ----D---- C:\rsit
2010-03-18 19:16:43 ----D---- C:\Program Files\ERUNT
2010-03-18 17:55:16 ----A---- C:\Windows\system32\tmp.txt
2010-03-18 17:55:09 ----A---- C:\rapport.txt
2010-03-14 20:19:49 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-14 20:13:38 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-14 20:13:37 ----A---- C:\Windows\system32\httpapi.dll
2010-03-14 19:02:43 ----A---- C:\Windows\Replay Converter 3 Uninstall Log.txt
2010-03-12 17:39:52 ----A---- C:\Windows\system32\avgrsstx.dll
2010-03-06 01:07:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-06 01:07:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-02 21:30:42 ----D---- C:\Users\user\AppData\Roaming\WordWeb
2010-02-28 01:34:05 ----D---- C:\Program Files\TryMedia
2010-02-28 01:32:54 ----D---- C:\Program Files\Team17
2010-02-24 20:25:21 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 20:25:14 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 20:24:21 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 20:24:20 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 20:24:16 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 20:24:15 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 20:24:15 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 20:24:15 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:24:15 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 20:24:15 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 20:24:15 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 20:24:12 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 20:24:12 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 20:24:11 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-22 22:40:00 ----D---- C:\Windows\Applian Director
2010-02-22 22:37:58 ----D---- C:\Windows\Replay Converter 3
2010-02-22 22:37:48 ----A---- C:\Windows\Replay Converter Setup Log.txt
2010-02-22 22:07:35 ----D---- C:\Users\user\AppData\Roaming\NCH Software
2010-02-22 22:06:58 ----D---- C:\ProgramData\NCH Swift Sound
2010-02-22 22:06:08 ----D---- C:\Users\user\AppData\Roaming\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2010-03-18 22:21:56 ----D---- C:\Windows\Prefetch
2010-03-18 22:21:56 ----D---- C:\Program Files\Trend Micro
2010-03-18 22:21:37 ----D---- C:\Windows\temp
2010-03-18 22:05:19 ----D---- C:\Users\user\AppData\Roaming\LimeWire
2010-03-18 21:39:20 ----SHD---- C:\System Volume Information
2010-03-18 19:17:58 ----D---- C:\Windows\ERDNT
2010-03-18 19:16:43 ----D---- C:\Program Files
2010-03-18 17:56:35 ----D---- C:\Windows\System32
2010-03-16 19:53:17 ----D---- C:\Windows\inf
2010-03-16 19:53:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-15 23:05:01 ----D---- C:\Windows\Minidump
2010-03-15 23:04:24 ----AD---- C:\WINDOWS
2010-03-14 21:18:28 ----D---- C:\Windows\rescache
2010-03-14 21:16:03 ----D---- C:\Windows\winsxs
2010-03-14 21:05:43 ----D---- C:\Windows\system32\catroot
2010-03-14 21:05:35 ----D---- C:\Windows\system32\catroot2
2010-03-14 20:59:50 ----D---- C:\Windows\system32\migration
2010-03-14 20:59:50 ----D---- C:\Windows\system32\en-US
2010-03-14 20:59:50 ----D---- C:\Windows\system32\drivers
2010-03-14 20:59:50 ----D---- C:\Program Files\Windows Mail
2010-03-14 20:59:50 ----D---- C:\Program Files\Movie Maker
2010-03-14 20:59:50 ----D---- C:\Program Files\Internet Explorer
2010-03-14 20:59:49 ----RSD---- C:\Windows\Fonts
2010-03-14 20:59:49 ----D---- C:\Windows\AppPatch
2010-03-06 23:55:09 ----A---- C:\Windows\system32\ezsvc7x.dll
2010-03-06 00:55:21 ----SHD---- C:\Windows\Installer
2010-03-05 19:26:28 ----D---- C:\Windows\system32\migwiz
2010-03-05 19:22:45 ----D---- C:\Users\user\AppData\Roaming\SoundSpectrum
2010-03-05 19:22:45 ----D---- C:\Program Files\SoundSpectrum
2010-03-01 21:30:14 ----A---- C:\Windows\system32\mrt.exe
2010-02-28 13:46:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-28 00:52:06 ----D---- C:\ProgramData
2010-02-27 13:21:45 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-20 19:07:43 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-02-20 19:07:29 ----D---- C:\Program Files\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-11-14 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-03-12 29512]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-03-12 242696]
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [2010-02-17 58984]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2010-02-17 108904]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-27 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-27 66632]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-01-31 166448]
R3 AVGIDSDrivervtx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-12 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-12 30216]
R3 AVGIDSShimvtx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-12 27144]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-06-09 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-06-09 81960]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-09 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-07-17 97936]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-14 7443872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-27 12872]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-06-03 407040]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-11 31616]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-09-02 176128]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-28 40752]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-03-12 2325816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-03-13 302144]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-23 93320]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-14 118784]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-24 292232]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-24 112008]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-02-17 779496]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-25 361808]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe [2009-06-03 217170]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2009-03-26 599344]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-09 148832]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-03-12 5888008]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Edited by Orange Blossom, 18 March 2010 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:59 PM

Posted 20 March 2010 - 12:30 AM

Hi uzair,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Please keep in mind that I am still in training and so there may be a slight delay between replies. This is so that a resident expert can check my responses to ensure we get your computer fixed as quickly and effectively as possible.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

I'm currently reviewing your logs, I'll get back to you shortly.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:59 PM

Posted 21 March 2010 - 12:53 PM

Hi uzair,

Sorry for the delay, let's get started. smile.gif

STEP 1 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 2 - TDSS Killer

Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

STEP 3 - Reply

Please reply with the following logs:
  • GMER Log
  • TDSS Killer Log



Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#4 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2010 - 02:29 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-21 19:27:57
Windows 6.0.6002 Service Pack 2
Running: zmbvixsh.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x91158D42]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x9115944E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x9115959A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x9115CD28]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x9115CD5A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x911594FE]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwOpenProcess [0x921EF730]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x91159078]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x911591AA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x9115CE2E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x9115CD98]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x9115CDCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x9115CDFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x91158CF0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x911595FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x9115CCC8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x91158C94]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x910FF320]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateThread [0x921EF880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwWriteVirtualMemory [0x921EF920]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 82AFE8F4 4 Bytes [42, 8D, 15, 91]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82AFE93C 4 Bytes [4E, 94, 15, 91]
.text ntkrnlpa.exe!KeSetEvent + 2D1 82AFEA34 8 Bytes [9A, 95, 15, 91, 28, CD, 15, ...] {CALL FAR 0x15cd:0x28911595; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 2E1 82AFEA44 4 Bytes [5A, CD, 15, 91] {POP EDX; INT 0x15; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3D1 82AFEB34 4 Bytes [FE, 94, 15, 91]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FC07340, 0x3D7A87, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1036] ntdll.dll!KiUserApcDispatcher 77735D18 5 Bytes JMP 00412480 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1036] USER32.dll!InSendMessageEx + 3B1 7649E6B0 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1036] WS2_32.dll!getaddrinfo 7653418A 5 Bytes JMP 71640022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1036] WS2_32.dll!gethostbyname 765462D4 5 Bytes JMP 71670022
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1964] kernel32.dll!GetProcAddress 7673903B 5 Bytes JMP 00BDE3B0 c:\PROGRA~1\mcafee\SITEAD~1\saPlugin.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2840] ntdll.dll!KiUserApcDispatcher 77735D18 5 Bytes JMP 004394A0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2840] WS2_32.dll!getaddrinfo 7653418A 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2840] WS2_32.dll!gethostbyname 765462D4 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b5a11f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c05385
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c05385@0016b851a9c9 0xBA 0xF2 0x02 0x7F ...
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\001e37b5a11f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\002186c05385 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\002186c05385@0016b851a9c9 0xBA 0xF2 0x02 0x7F ...

---- EOF - GMER 1.0.15 ----


#5 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2010 - 02:37 PM

ive had no log appear for tdss killer
once pressing any key, it just shut down

http://tinypic.com/r/352hmko/5

#6 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2010 - 03:20 PM

also wanted to know if it was possible to download stuff from internet
like videos from youtube
and also delete files from computer--not windows or program files

#7 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:59 PM

Posted 22 March 2010 - 12:51 PM

Hi uzair,

I'm pretty sure downloading videos from Youtube is illegal, so I can't help you there. What kind of files do you want to delete?

Please download ComboFix and save it to your Desktop.NOTE: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:




  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don''t know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  7. Double click on combo-Fix.exe & follow the prompts.
  8. When finished, it will produce a report for you.
  9. Please post C:\Combo-Fix.txt in your next post.
**Note: Do not click the ComboFix window while it's running. That may cause it to stall**

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#8 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 22 March 2010 - 01:22 PM

oh, never knew it was illegal as firefox have got addon for it but anyways...
deleting things like pictures/music or word documents

also ive downloaded it anyway but got warning from macafee secure for combofix...
can you tell me anything for the logs that ive posted
thanks for help so far

#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:59 PM

Posted 22 March 2010 - 01:28 PM

Maybe I was mistaken, perhaps it is not illegal. Deleting any files of yours should be fine. Can you disable McAfee and run Combofix please.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#10 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 22 March 2010 - 04:01 PM

Firstly about the combofix...first time round it took more than a hour for the scan to be completed and the logs wouldnt even appear. Waited around 30mins before i gave up.
Tried again i got message for update......done it i think it froze at 28.2%.
ill try again tomorrow as i have much work to do.

Secondly... do you why tdss killer never worked?


#11 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:59 PM

Posted 22 March 2010 - 04:35 PM

TDSS Killer seems to have worked, it's just that it didn't want to save a logfile for some reason.

Give ComboFix a shot again whenever you have time.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#12 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 22 March 2010 - 05:07 PM

oops poster_oops.gif
re-read the post annd it said C: drive
log below ..lol
_________________________________________________
19:33:42:879 8100 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
19:33:42:879 8100 ================================================================================
19:33:42:879 8100 SystemInfo:

19:33:42:879 8100 OS Version: 6.0.6002 ServicePack: 2.0
19:33:42:879 8100 Product type: Workstation
19:33:42:879 8100 ComputerName: UZAIR
19:33:42:879 8100 UserName: user
19:33:42:879 8100 Windows directory: C:\Windows
19:33:42:879 8100 Processor architecture: Intel x86
19:33:42:879 8100 Number of processors: 2
19:33:42:879 8100 Page size: 0x1000
19:33:42:881 8100 Boot type: Normal boot
19:33:42:881 8100 ================================================================================
19:33:42:884 8100 UnloadDriverW: NtUnloadDriver error 2
19:33:42:884 8100 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:33:42:921 8100 wfopen_ex: Trying to open file C:\Windows\system32\config\system
19:33:42:977 8100 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:33:42:977 8100 wfopen_ex: Trying to KLMD file open
19:33:42:977 8100 wfopen_ex: File opened ok (Flags 2)
19:33:42:978 8100 wfopen_ex: Trying to open file C:\Windows\system32\config\software
19:33:42:981 8100 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:33:42:981 8100 wfopen_ex: Trying to KLMD file open
19:33:42:981 8100 wfopen_ex: File opened ok (Flags 2)
19:33:42:981 8100 Initialize success
19:33:42:981 8100
19:33:42:982 8100 Scanning Services ...
19:33:43:860 8100 GetAdvancedServicesInfo: Raw services enum returned 463 services
19:33:43:864 8100
19:33:43:864 8100 Scanning Kernel memory ...
19:33:43:865 8100 Devices to scan: 2
19:33:43:865 8100
19:33:43:865 8100 Driver Name: USBSTOR
19:33:43:865 8100 IRP_MJ_CREATE : A572FFC8
19:33:43:865 8100 IRP_MJ_CREATE_NAMED_PIPE : 82A7AA22
19:33:43:865 8100 IRP_MJ_CLOSE : A5730040
19:33:43:865 8100 IRP_MJ_READ : A57300B8
19:33:43:865 8100 IRP_MJ_WRITE : A57300B8
19:33:43:865 8100 IRP_MJ_QUERY_INFORMATION : 82A7AA22
19:33:43:865 8100 IRP_MJ_SET_INFORMATION : 82A7AA22
19:33:43:865 8100 IRP_MJ_QUERY_EA : 82A7AA22
19:33:43:865 8100 IRP_MJ_SET_EA : 82A7AA22
19:33:43:865 8100 IRP_MJ_FLUSH_BUFFERS : 82A7AA22
19:33:43:865 8100 IRP_MJ_QUERY_VOLUME_INFORMATION : 82A7AA22
19:33:43:865 8100 IRP_MJ_SET_VOLUME_INFORMATION : 82A7AA22
19:33:43:865 8100 IRP_MJ_DIRECTORY_CONTROL : 82A7AA22
19:33:43:865 8100 IRP_MJ_FILE_SYSTEM_CONTROL : 82A7AA22
19:33:43:865 8100 IRP_MJ_DEVICE_CONTROL : A572FBC4
19:33:43:865 8100 IRP_MJ_INTERNAL_DEVICE_CONTROL : A57237E4
19:33:43:865 8100 IRP_MJ_SHUTDOWN : 82A7AA22
19:33:43:865 8100 IRP_MJ_LOCK_CONTROL : 82A7AA22
19:33:43:865 8100 IRP_MJ_CLEANUP : 82A7AA22
19:33:43:865 8100 IRP_MJ_CREATE_MAILSLOT : 82A7AA22
19:33:43:865 8100 IRP_MJ_QUERY_SECURITY : 82A7AA22
19:33:43:866 8100 IRP_MJ_SET_SECURITY : 82A7AA22
19:33:43:866 8100 IRP_MJ_POWER : A572E59C
19:33:43:866 8100 IRP_MJ_SYSTEM_CONTROL : A572B7A2
19:33:43:866 8100 IRP_MJ_DEVICE_CHANGE : 82A7AA22
19:33:43:866 8100 IRP_MJ_QUERY_QUOTA : 82A7AA22
19:33:43:866 8100 IRP_MJ_SET_QUOTA : 82A7AA22
19:33:43:884 8100 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:33:43:884 8100
19:33:43:884 8100 Driver Name: atapi
19:33:43:884 8100 IRP_MJ_CREATE : 8B0ED140
19:33:43:885 8100 IRP_MJ_CREATE_NAMED_PIPE : 82A7AA22
19:33:43:885 8100 IRP_MJ_CLOSE : 8B0ED140
19:33:43:885 8100 IRP_MJ_READ : 82A7AA22
19:33:43:885 8100 IRP_MJ_WRITE : 82A7AA22
19:33:43:885 8100 IRP_MJ_QUERY_INFORMATION : 82A7AA22
19:33:43:885 8100 IRP_MJ_SET_INFORMATION : 82A7AA22
19:33:43:885 8100 IRP_MJ_QUERY_EA : 82A7AA22
19:33:43:885 8100 IRP_MJ_SET_EA : 82A7AA22
19:33:43:885 8100 IRP_MJ_FLUSH_BUFFERS : 82A7AA22
19:33:43:885 8100 IRP_MJ_QUERY_VOLUME_INFORMATION : 82A7AA22
19:33:43:885 8100 IRP_MJ_SET_VOLUME_INFORMATION : 82A7AA22
19:33:43:885 8100 IRP_MJ_DIRECTORY_CONTROL : 82A7AA22
19:33:43:885 8100 IRP_MJ_FILE_SYSTEM_CONTROL : 82A7AA22
19:33:43:885 8100 IRP_MJ_DEVICE_CONTROL : 8B0DBA5A
19:33:43:885 8100 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B0DBA2C
19:33:43:885 8100 IRP_MJ_SHUTDOWN : 82A7AA22
19:33:43:885 8100 IRP_MJ_LOCK_CONTROL : 82A7AA22
19:33:43:885 8100 IRP_MJ_CLEANUP : 82A7AA22
19:33:43:885 8100 IRP_MJ_CREATE_MAILSLOT : 82A7AA22
19:33:43:885 8100 IRP_MJ_QUERY_SECURITY : 82A7AA22
19:33:43:885 8100 IRP_MJ_SET_SECURITY : 82A7AA22
19:33:43:885 8100 IRP_MJ_POWER : 8B0DBA88
19:33:43:885 8100 IRP_MJ_SYSTEM_CONTROL : 8B0E8B70
19:33:43:885 8100 IRP_MJ_DEVICE_CHANGE : 82A7AA22
19:33:43:885 8100 IRP_MJ_QUERY_QUOTA : 82A7AA22
19:33:43:885 8100 IRP_MJ_SET_QUOTA : 82A7AA22
19:33:43:893 8100 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
19:33:43:893 8100
19:33:43:893 8100 Completed
19:33:43:894 8100
19:33:43:894 8100 Results:
19:33:43:894 8100 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:33:43:894 8100 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:33:43:894 8100 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:33:43:895 8100
19:33:43:895 8100 fclose_ex: Trying to close file C:\Windows\system32\config\system
19:33:43:896 8100 fclose_ex: Trying to close file C:\Windows\system32\config\software
19:33:43:897 8100 KLMD(ARK) unloaded successfully



#13 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 March 2010 - 10:02 AM

ComboFix 10-03-22.03 - user 23/03/2010 14:51:05.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3068.1696 [GMT 0:00]
Running from: c:\users\user\Desktop\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\7h3w0yk9.default\extensions\{e5d82885-f2d8-40f6-8a21-4cebd9b43d5c}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\7h3w0yk9.default\extensions\{e5d82885-f2d8-40f6-8a21-4cebd9b43d5c}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\7h3w0yk9.default\extensions\{e5d82885-f2d8-40f6-8a21-4cebd9b43d5c}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\7h3w0yk9.default\extensions\{e5d82885-f2d8-40f6-8a21-4cebd9b43d5c}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\7h3w0yk9.default\extensions\{e5d82885-f2d8-40f6-8a21-4cebd9b43d5c}\install.rdf
c:\windows\system32\Connect.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 14:56 . 2010-03-23 14:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-23 14:56 . 2010-03-23 14:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-23 14:56 . 2010-03-23 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 20:16 . 2010-03-22 20:16 -------- d-----w- C:\Combo-Fix17938C
2010-03-22 18:34 . 2010-03-22 19:53 -------- d-----w- C:\Combo-Fix
2010-03-19 00:33 . 2010-03-19 00:33 -------- d-----w- c:\program files\AC3Filter
2010-03-18 22:21 . 2010-03-18 22:22 -------- d-----w- C:\rsit
2010-03-18 19:16 . 2010-03-18 19:17 -------- d-----w- c:\program files\ERUNT
2010-03-17 22:15 . 2010-03-17 22:15 52224 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-14 21:04 . 2010-03-14 21:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-14 20:19 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-14 20:13 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-14 20:13 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-14 20:13 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 17:40 . 2010-03-12 17:40 74760 ----a-w- c:\programdata\avg9\update\backup\UniversalDD.sys
2010-03-12 17:40 . 2010-03-12 17:40 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-12 17:40 . 2010-03-12 17:40 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-12 17:40 . 2010-03-12 17:40 27800 ----a-w- c:\programdata\avg9\update\backup\AVGIDSShim.sys
2010-03-12 17:40 . 2010-03-12 17:40 25608 ----a-w- c:\programdata\avg9\update\backup\AVGIDSvx.sys
2010-03-12 17:40 . 2010-03-12 17:40 30216 ----a-w- c:\programdata\avg9\update\backup\AVGIDSFilter.sys
2010-03-12 17:40 . 2010-03-12 17:40 122376 ----a-w- c:\programdata\avg9\update\backup\AVGIDSDriver.sys
2010-03-12 17:40 . 2010-03-12 17:40 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-12 17:40 . 2010-03-12 17:40 161800 ----a-w- c:\programdata\avg9\update\backup\avgrkx86.sys
2010-03-12 17:39 . 2010-03-12 17:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-06 01:07 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-06 01:07 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-02 21:30 . 2010-03-02 21:30 -------- d-----w- c:\users\user\AppData\Roaming\WordWeb
2010-02-28 01:34 . 2010-02-28 01:34 -------- d-----w- c:\program files\TryMedia
2010-02-28 01:32 . 2010-02-28 02:52 -------- d-----w- c:\program files\Team17
2010-02-24 20:25 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:24 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:24 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:24 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:24 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:24 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:24 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 20:24 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:24 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:24 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:24 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 20:24 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 20:24 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 22:40 . 2010-02-22 22:40 -------- d-----w- c:\windows\Applian Director
2010-02-22 22:37 . 2010-02-22 22:37 -------- d-----w- c:\windows\Replay Converter 3
2010-02-22 22:07 . 2010-02-22 22:07 -------- d-----w- c:\users\user\AppData\Roaming\NCH Software
2010-02-22 22:07 . 2007-08-29 15:36 110592 ----a-w- c:\users\user\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
2010-02-22 22:06 . 2010-02-22 22:06 -------- d-----w- c:\programdata\NCH Swift Sound
2010-02-22 22:06 . 2010-02-22 22:06 -------- d-----w- c:\users\user\AppData\Roaming\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 14:45 . 2009-12-02 22:27 0 ----a-w- c:\users\user\AppData\Local\prvlcl.dat
2010-03-23 11:46 . 2009-08-19 20:44 77920 ----a-w- c:\programdata\nvModes.dat
2010-03-22 20:03 . 2009-09-28 16:44 -------- d-----w- c:\users\user\AppData\Roaming\LimeWire
2010-03-22 19:58 . 2008-08-01 09:32 1076 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 17:48 . 2009-10-04 13:52 7592 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat
2010-03-22 17:11 . 2010-02-05 22:46 -------- d-----w- c:\users\user\AppData\Roaming\Apple Computer
2010-03-22 17:07 . 2010-03-22 17:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-22 17:07 . 2010-02-06 01:03 -------- d-----w- c:\programdata\Apple
2010-03-18 22:21 . 2009-10-30 01:26 -------- d-----w- c:\program files\Trend Micro
2010-03-17 22:15 . 2009-10-29 19:53 117760 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-14 21:21 . 2009-08-19 13:16 102824 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-14 20:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-12 17:39 . 2009-11-14 14:58 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 17:39 . 2009-11-14 14:58 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 17:39 . 2009-11-14 14:57 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-03-12 17:39 . 2009-11-14 14:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 17:39 . 2009-11-14 14:58 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-06 23:55 . 2008-08-01 11:17 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-05 19:22 . 2010-01-20 22:34 -------- d-----w- c:\users\user\AppData\Roaming\SoundSpectrum
2010-03-05 19:22 . 2010-01-20 22:31 -------- d-----w- c:\program files\SoundSpectrum
2010-02-28 13:46 . 2009-11-20 17:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-28 13:45 . 2009-11-20 17:18 38784 ----a-w- c:\users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-28 13:45 . 2009-11-20 17:17 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-27 13:21 . 2009-10-29 19:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-24 10:16 . 2009-10-03 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 19:07 . 2010-02-18 13:28 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-20 19:07 . 2010-02-18 13:28 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-17 15:19 . 2010-02-10 15:37 -------- d-----w- c:\program files\RocketDock
2010-02-15 19:51 . 2009-10-17 15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 19:44 . 2009-11-20 16:52 -------- d-----w- c:\program files\McAfee
2010-02-15 19:39 . 2010-02-15 19:39 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-11 10:55 . 2009-10-18 21:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-10 21:12 . 2009-10-18 21:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 21:29 . 2010-02-06 01:21 -------- d-----w- c:\users\user\AppData\Roaming\gtk-2.0
2010-02-06 01:09 . 2010-02-06 01:08 -------- d-----w- c:\program files\iTunes
2010-02-06 01:08 . 2010-02-06 01:08 -------- d-----w- c:\program files\iPod
2010-02-06 01:08 . 2010-02-06 01:03 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 01:08 . 2010-02-06 01:06 -------- d-----w- c:\programdata\Apple Computer
2010-02-06 01:07 . 2010-02-06 01:07 -------- d-----w- c:\program files\Bonjour
2010-02-06 01:07 . 2010-02-06 01:06 -------- d-----w- c:\program files\QuickTime
2010-02-06 01:06 . 2010-02-06 01:06 -------- d-----w- c:\program files\Apple Software Update
2010-02-06 00:33 . 2010-02-06 00:33 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-06 00:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-06 00:32 . 2010-02-06 00:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-05 22:45 . 2010-02-05 22:42 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-02 00:36 . 2010-02-02 00:31 -------- d-----w- c:\program files\PhotoFiltre
2010-01-31 18:37 . 2008-08-01 09:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 18:36 . 2010-01-31 14:49 -------- d-----w- c:\programdata\Codemasters
2010-01-31 14:48 . 2010-01-31 14:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 14:48 . 2010-01-31 14:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 14:48 . 2010-01-31 14:48 -------- d-----w- c:\program files\OpenAL
2010-01-31 14:37 . 2010-01-31 14:37 -------- d-----w- c:\program files\Codemasters
2010-01-31 00:13 . 2010-01-31 00:13 8854 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{4B682CF4-9B41-4297-8B13-968B28B864C6}\Uninstall_FlatOut_De_E7A4797FABFC4ECEA2D0CD1C7229179B.exe
2010-01-31 00:13 . 2010-01-31 00:13 61440 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{4B682CF4-9B41-4297-8B13-968B28B864C6}\FlatOutDemo.exe_E7A4797FABFC4ECEA2D0CD1C7229179B.exe
2010-01-31 00:13 . 2010-01-31 00:13 61440 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{4B682CF4-9B41-4297-8B13-968B28B864C6}\ARPPRODUCTICON.exe
2010-01-31 00:13 . 2010-01-31 00:13 15086 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{4B682CF4-9B41-4297-8B13-968B28B864C6}\FlatOutDemo.exe1_4B682CF49B4142978B13968B28B864C6.exe
2010-01-31 00:13 . 2010-01-31 00:13 -------- d-----w- c:\program files\Empire Interactive
2010-01-29 19:43 . 2009-10-29 19:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-29 01:16 . 2010-01-29 01:16 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 17:51 . 2010-01-28 17:51 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-01-28 17:51 . 2009-11-14 14:55 -------- d-----w- c:\programdata\avg9
2010-01-27 21:05 . 2010-01-25 20:21 -------- d-sh--w- c:\users\user\AppData\Roaming\lowsec
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-20 22:29 . 2010-01-20 22:28 5805056 ----a-w- c:\windows\Media\PsychedeliaVizPack.msi
2010-01-20 22:28 . 2010-01-20 22:28 181656 ----a-w- c:\windows\Media\trilogyi.exe
2010-01-20 22:28 . 2010-01-20 22:28 533768 ----a-w- c:\windows\Media\MP10_EnergyBlissViz.exe
2010-01-20 22:28 . 2010-01-20 22:27 9809336 ----a-w- c:\windows\Media\WhiteCap_522.exe
2010-01-07 16:07 . 2009-10-17 15:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-10-17 15:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-02-24 20:24 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 20:24 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 20:24 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 20:24 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 17:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 17:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 17:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-01 08:23 . 2008-08-01 08:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-27 2012912]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-13 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-1-4 95232]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 15:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:4a,11,9e,56,08,55,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1304049785-2521163758-735974272-1000]
"EnableNotificationsRef"=dword:00000002

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-28 40752]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-12 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-12 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-11-14 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-12 242696]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-02-17 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-02-17 108904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-27 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-27 66632]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-03-12 2325816]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-23 93320]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-02-17 779496]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-03-26 599344]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-12 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-12 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-12 27144]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-17 97936]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-27 12872]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{2B9BE40A-3FD1-4E5D-9F7E-6D4D55062560}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fvlkwcpm.default\
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 14:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(18844)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Hewlett-Packard\HP QuickTouch\HPShared.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
Completion time: 2010-03-23 14:59:54
ComboFix-quarantined-files.txt 2010-03-23 14:59

Pre-Run: 158,942,896,128 bytes free
Post-Run: 158,898,012,160 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,20
- - End Of File - - A94D7B9D0F4BCDA645F86F8E31611EAC


#14 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 23 March 2010 - 11:01 AM

Just to let you know ive posted 2 logs
that the first log is for TDSS KILLER and bottom for Combofix
manage to find the TDSS log

Edited by uzair, 23 March 2010 - 11:02 AM.


#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:59 PM

Posted 23 March 2010 - 12:48 PM

Yep I see them, are you still having issues with redirects?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users