Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis or DDS


  • This topic is locked This topic is locked
43 replies to this topic

#1 speediskoolsmom

speediskoolsmom

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 20 May 2010 - 09:51 PM

The preparation guide says to run DDS. Should I do this or post hijackthis or both. Also did not do anything about CD emulation - should I - I don't know what that is...

Rule 1. Never let teenagers near a computer.

Thanks, Kat


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 20 May 2010 - 10:08 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from GMER
      3.let me know of any problems you may have had
Gringo

Edited by gringo_pr, 20 May 2010 - 10:09 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 20 May 2010 - 10:17 PM

Gringo =thanks, I am doing the things you suggested and will post again shortly. Thank you so much for replying! Kathy

#4 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 20 May 2010 - 10:45 PM

Ran DDS but got a screen saying that the program would take about 3 minutes, it has been sitting there with a blinking cursor for about 15 minutes. My Webroot antivirus is running - could that have caused problems?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 20 May 2010 - 10:50 PM

try shutting down all your security stuff and if that still don't work try in safe mode

I need some logs to start so I know what I am facing - it is not a good idea to go in blind

gringo



Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 20 May 2010 - 11:23 PM

Since I changed firewall settings as directed in Prep. Guide my computer takes a lot longer to boot - pauses a long time between windows loading and desktop appearing. Not sure if related.
Here are the DDS logs - I am about to do the GMER - You did not say to zip the 2nd file so I did not - hope that is ok.
Thanks, Kat

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by HP_Administrator at 23:05:23.17 on Thu 05/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1612 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: MRI_DISABLED - No File
BHO: NAV Helper - No File
BHO: {00034456-2087-4015-a1c8-86a9945c507f} - c:\windows\system32\dhcpqec32.dll
BHO: {00b9878b-9b47-4912-8146-caae8b1df7ec} - c:\windows\system32\cdm32.dll
BHO: {026dc286-b6ea-4a64-a519-1e80b6c02a90} - c:\windows\system32\cdm32.dll
BHO: {02c0dbb5-2108-4ced-b206-14385a327c7c} - c:\windows\system32\dhcpqec32.dll
BHO: {03246fff-a924-4638-8d27-a8d8cb1e1916} - c:\windows\system32\dot3cfg32.dll
BHO: {03846e2b-b0b8-403a-8891-2ae356874164} - c:\windows\system32\dhcpqec32.dll
BHO: {042ab978-bc2b-487c-ad18-a131aadf3132} - c:\windows\system32\dot3cfg32.dll
BHO: {051980a4-bcf3-413d-b621-82b8b5bce577} - c:\windows\system32\dhcpqec32.dll
BHO: {052f7d67-bb03-4751-89a4-7fe38033d3a8} - c:\windows\system32\ieframe32.dll
BHO: {079885b0-d04f-4405-8b6c-70e2701aa537} - c:\windows\system32\hnetmon32.dll
BHO: {07ce87f3-aacf-477e-8681-be9660844e3a} - c:\windows\system32\ieframe32.dll
BHO: {0813564e-0655-431f-b398-b57eb63c8cec} - c:\windows\system32\dot3cfg32.dll
BHO: {08d2d06e-1624-46f9-988e-5250838128d4} - c:\windows\system32\cdm32.dll
BHO: {08f9f7f3-9b45-4525-83e1-3e08541d2d02} - c:\windows\system32\dot3cfg32.dll
BHO: {096da15b-516d-48dd-a241-39d5094be824} - c:\windows\system32\dhcpqec32.dll
BHO: {0abeca59-b416-4262-9386-b3b449ed936b} - c:\windows\system32\hnetmon32.dll
BHO: {0b2a4c9c-33d5-4192-a0d9-8444aaadc79e} - c:\windows\system32\dhcpqec32.dll
BHO: {0b31a861-5376-4dfa-bf18-56ef586014f6} - c:\windows\system32\dhcpqec32.dll
BHO: {0bf0fc14-f305-4378-9f8f-fc53d9b1ef9a} - c:\windows\system32\dot3cfg32.dll
BHO: {0e983344-83fd-4f43-b507-a37a811bfe11} - c:\windows\system32\hnetmon32.dll
BHO: {1145ca89-ada1-4709-bdfe-a42d32ff4e0a} - c:\windows\system32\hnetmon32.dll
BHO: {14b9cbb1-9f7c-44ef-a1b6-f47d44936943} - c:\windows\system32\cdm32.dll
BHO: {14e37e8d-fef5-481e-98c4-f57a4bc84360} - c:\windows\system32\ieframe32.dll
BHO: {14ee37a4-2992-46aa-b314-b978186627eb} - c:\windows\system32\dot3cfg32.dll
BHO: {153b5654-2e62-4e9b-ab5a-4032ad0b1243} - c:\windows\system32\dot3cfg32.dll
BHO: {15f73c4c-66fb-48b1-a9df-6e5072a16ab2} - c:\windows\system32\cdm32.dll
BHO: {167ae8ef-85f7-4a8a-b7b6-0e99d30b3211} - c:\windows\system32\hnetmon32.dll
BHO: {17652b17-bfc0-4366-8858-19c8beb55b37} - c:\windows\system32\dhcpqec32.dll
BHO: {19b1dedf-7b72-4017-96b8-742334a31973} - c:\windows\system32\cdm32.dll
BHO: {1a4aa439-3ff4-41a5-ad32-e46163fc4287} - c:\windows\system32\dhcpqec32.dll
BHO: {20fd1125-51a9-466c-9626-e14263f2f53b} - c:\windows\system32\dot3cfg32.dll
BHO: {23cc6806-10bd-4d7b-901d-a57c3ccc372c} - c:\windows\system32\dot3cfg32.dll
BHO: {23d1bd16-db19-44f3-adf8-cd0e917795a3} - c:\windows\system32\cdm32.dll
BHO: {24b3d7af-b8ee-4d57-8b64-fd5c3cb08549} - c:\windows\system32\hnetmon32.dll
BHO: {2577f39e-afbf-4f3a-ae72-ac211df22bb0} - c:\windows\system32\cdm32.dll
BHO: {26b05aae-8bb1-438e-ab2e-962193e68450} - c:\windows\system32\dot3cfg32.dll
BHO: {2747690c-ed39-4cff-8d20-e9f8cfe73db9} - c:\windows\system32\dhcpqec32.dll
BHO: {2884bc4d-86c6-4eb9-a731-d1e8955693e6} - c:\windows\system32\dot3cfg32.dll
BHO: {294b7381-acbd-470b-b13c-87b7da1bcb75} - c:\windows\system32\dot3cfg32.dll
BHO: {2a100949-a590-4531-889f-47c54c41b3e8} - c:\windows\system32\dhcpqec32.dll
BHO: {2c6572a4-125f-4f70-b5ea-c35b9fa413d3} - c:\windows\system32\cdm32.dll
BHO: {2d40bcc9-951c-424f-ab48-dc9fb50393bb} - c:\windows\system32\cdm32.dll
BHO: {2ec9f2f9-347b-471d-ba54-40d154da8070} - c:\windows\system32\dhcpqec32.dll
BHO: {2f452293-e92f-4b94-b7c3-32aa9475ff5d} - c:\windows\system32\dot3cfg32.dll
BHO: {30cc8af9-24c6-4e7d-a2d4-a729a28e2223} - c:\windows\system32\dhcpqec32.dll
BHO: {31f67c58-221d-44e8-88e6-be678f052f74} - c:\windows\system32\hnetmon32.dll
BHO: {32743232-0d0a-4c9a-b4c6-5f5d3d06e872} - c:\windows\system32\cdm32.dll
BHO: {33a799ca-d761-49aa-9882-32d320bbba8e} - c:\windows\system32\dhcpqec32.dll
BHO: {3401e132-87da-4eb8-b815-aee86607e509} - c:\windows\system32\hnetmon32.dll
BHO: {3520cacc-06d8-4e44-a35c-4dd510bc4978} - c:\windows\system32\hnetmon32.dll
BHO: {3571eb5d-4cb8-4c02-9338-7ef8821eb2b7} - c:\windows\system32\hnetmon32.dll
BHO: {36f5bf01-9556-4814-8e0c-2a170fd26afc} - c:\windows\system32\cdm32.dll
BHO: {37517abf-3cc1-4459-a3be-ab9d788803c8} - c:\windows\system32\hnetmon32.dll
BHO: {38b6e64a-aeac-4b8b-8d49-1b203bd06b27} - c:\windows\system32\dhcpqec32.dll
BHO: {393f469e-77cc-4fbf-81ee-3bab141be79d} - c:\windows\system32\hnetmon32.dll
BHO: {3a15921b-2333-431f-9c12-97a5ad88b70a} - c:\windows\system32\dhcpqec32.dll
BHO: {3a86d6fd-3855-43b1-995e-74a56463d937} - c:\windows\system32\dhcpqec32.dll
BHO: {3b817c5f-6add-481a-8f83-73ffebef4b11} - c:\windows\system32\cdm32.dll
BHO: {3e46b023-90c1-4c69-bd71-1a3df3684b40} - c:\windows\system32\dot3cfg32.dll
BHO: {3ecc7b99-7bce-41e6-9f85-8cdfb3ab56e9} - c:\windows\system32\hnetmon32.dll
BHO: {3f67d93c-6b20-45a3-b67a-64249c56f2c6} - c:\windows\system32\dot3cfg32.dll
BHO: {3f6b2d8d-23f9-46fb-b6fd-c4a1a8518b64} - c:\windows\system32\hnetmon32.dll
BHO: {3f8e81c4-812b-45f5-a3fd-7d108be2d1af} - c:\windows\system32\hnetmon32.dll
BHO: {4084e612-5e4e-4a73-8fe6-2d3d3955c005} - c:\windows\system32\cdm32.dll
BHO: {408533c1-43d7-4404-a21a-05cd5762a440} - c:\windows\system32\hnetmon32.dll
BHO: {411a9bb7-60e3-4cd3-84f7-617d63b0ca74} - c:\windows\system32\dot3cfg32.dll
BHO: {441abb29-47f1-4e4e-abe6-367f678ce759} - c:\windows\system32\cdm32.dll
BHO: {46db1c70-c797-4b3f-8701-975c902d68ba} - c:\windows\system32\hnetmon32.dll
BHO: {47f7a3db-ba00-44db-a31d-0bacdaaa0f7b} - c:\windows\system32\dot3cfg32.dll
BHO: {4aea9f07-0204-4c0c-aaa0-0be6a995d937} - c:\windows\system32\hnetmon32.dll
BHO: {4b4223ee-b97a-4c19-8361-4532289c5a41} - c:\windows\system32\ieframe32.dll
BHO: {4d259435-9fc0-4aff-b7fa-160f4c67c892} - c:\windows\system32\dhcpqec32.dll
BHO: {4f3d2dfd-f9f2-42c0-a9c6-6c9aa2cbdcce} - c:\windows\system32\dhcpqec32.dll
BHO: {5098a20a-fc6e-4e4d-8234-1c27b9fa62e6} - c:\windows\system32\dot3cfg32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5381d9f7-f31a-44ee-90f4-e7bb5273239a} - c:\windows\system32\dot3cfg32.dll
BHO: {56dcec4b-96ec-4d39-8c49-a9839abd74dd} - c:\windows\system32\dot3cfg32.dll
BHO: {585e5943-6080-4619-908f-6ca845a6b4bc} - c:\windows\system32\hnetmon32.dll
BHO: {593f5474-517d-46b4-8e4e-c836159f6091} - c:\windows\system32\cdm32.dll
BHO: {59ec275d-e3cc-47ae-b66b-ed5cb797d51c} - c:\windows\system32\dhcpqec32.dll
BHO: {5acdae38-ecda-46b3-89eb-046a6d639844} - c:\windows\system32\cdm32.dll
BHO: {5c628965-c9f2-439f-82b3-408850d8820c} - c:\windows\system32\dot3cfg32.dll
BHO: {5cd45218-695c-4dce-b619-68495f265ea3} - c:\windows\system32\hnetmon32.dll
{5d6ab97d-078f-420d-9689-703a6ad5e40d}
BHO: {5d879ad9-6c2d-4e49-a07e-c90875ef2fd2} - c:\windows\system32\dsprop32.dll
BHO: {5eb9fb99-0c06-42bd-914e-41830bf44115} - c:\windows\system32\dot3cfg32.dll
BHO: {5f04d435-bd89-44ef-bfac-7c96278714f3} - c:\windows\system32\cdm32.dll
BHO: {5f08162a-ed96-4e3f-bd91-3bf46f9535f8} - c:\windows\system32\cdm32.dll
BHO: {60e37f5e-5eb3-4d01-aab8-949d46ddf4f1} - c:\windows\system32\dhcpqec32.dll
BHO: {617ba009-411b-4def-9195-8f5a25965e0a} - c:\windows\system32\cdm32.dll
BHO: {619f4997-381f-45e4-af5a-a5423f0c072a} - c:\windows\system32\hnetmon32.dll
BHO: {6379bff2-f631-421d-b33d-4fb56e9c1e0c} - c:\windows\system32\dhcpqec32.dll
BHO: {63927aa8-b0d8-4c7b-9c54-d919478c20e2} - c:\windows\system32\dhcpqec32.dll
BHO: {66690d39-c669-4b30-b943-488799801023} - c:\windows\system32\dhcpqec32.dll
BHO: {6a01b137-dede-44e4-b1b1-b1a1caf54be7} - c:\windows\system32\dsprop32.dll
BHO: {6eef86f2-0779-4db0-85de-592d0f518251} - c:\windows\system32\dot3cfg32.dll
BHO: {6effdb47-aefb-407c-bc2d-1cc0cc8d94eb} - c:\windows\system32\hnetmon32.dll
BHO: {6f806a93-1693-428f-9d4d-48c0166d6e93} - c:\windows\system32\dhcpqec32.dll
BHO: {7008aa03-1923-4346-a442-5402438849ae} - c:\windows\system32\dsprop32.dll
BHO: {70248ea8-d0a3-40ab-9608-6b09afc2615a} - c:\windows\system32\cdm32.dll
BHO: {709f8d53-18a8-473e-9c5e-b608e54cc0ae} - c:\windows\system32\hnetmon32.dll
BHO: {711a5176-cfdc-484d-9acd-416775fce232} - c:\windows\system32\hnetmon32.dll
BHO: {7464d16e-c471-4fdd-b1a3-b2b86a50c330} - c:\windows\system32\dot3cfg32.dll
BHO: {75d39755-9f83-4305-af3a-0ac7293e12a0} - c:\windows\system32\cdm32.dll
BHO: {76b47987-34fa-4c4d-a642-e0a82972db20} - c:\windows\system32\dhcpqec32.dll
BHO: {77cdf697-6d5f-4d97-ad8a-8ff9ba4cb08b} - c:\windows\system32\dot3cfg32.dll
BHO: {79684684-cdfb-4084-b68f-136d71b0194d} - c:\windows\system32\hnetmon32.dll
BHO: {7a2aaff5-b482-4a0d-8fb8-71938af31609} - c:\windows\system32\dot3cfg32.dll
BHO: {7a4d4ba6-353f-473b-9235-aff05e658d77} - c:\windows\system32\dot3cfg32.dll
BHO: {7bc92fe7-c72b-446f-bf6f-b3af64b4c79d} - c:\windows\system32\hnetmon32.dll
BHO: {7c68eb25-b857-403b-b28f-984b54e5563b} - c:\windows\system32\dhcpqec32.dll
BHO: {7c81ff10-847c-4ba8-afe6-f2f00e27a95e} - c:\windows\system32\dot3cfg32.dll
BHO: {7d88acb5-dc13-4ed3-a9d7-455b77997f29} - c:\windows\system32\hnetmon32.dll
BHO: {7f1dfddb-3254-4eb3-b253-7c0e8d93c292} - c:\windows\system32\dot3cfg32.dll
BHO: {7f6cbe72-e6ee-41ce-bbaf-3da032df1645} - c:\windows\system32\hnetmon32.dll
BHO: {80710ab2-dd26-4b55-8eda-0307fd97d3c8} - c:\windows\system32\cdm32.dll
BHO: {807a2a8a-94a6-4d2a-84b4-d841790a3c57} - c:\windows\system32\dhcpqec32.dll
BHO: {81071fb6-91aa-4d47-a57a-b410032bff1a} - c:\windows\system32\cdm32.dll
BHO: {8194b75e-67eb-4351-9e6a-c147422a6f04} - c:\windows\system32\hnetmon32.dll
BHO: {822b4372-33bf-47a2-acf4-4ed5719ebc89} - c:\windows\system32\dhcpqec32.dll
BHO: {82ae56a3-0f32-4bf8-89b6-b847be053531} - c:\windows\system32\dhcpqec32.dll
BHO: {834d3777-30a6-4456-8508-59aee9366a33} - c:\windows\system32\dot3cfg32.dll
BHO: {84ec01d4-88c7-488e-839b-767f83b72d35} - c:\windows\system32\dhcpqec32.dll
BHO: {893a27e8-7e4b-4d3c-95f6-2edc02be4bb1} - c:\windows\system32\cdm32.dll
BHO: {8b7b2c15-a175-49ce-bedf-7ff19bb47b32} - c:\windows\system32\hnetmon32.dll
BHO: {8c07ac26-e553-4df5-a2cf-03222d0e580e} - c:\windows\system32\dhcpqec32.dll
{8ec90edc-3787-4ba1-ae6c-54dd3228d8c8}
BHO: {8fd7af4b-4a6e-4a70-bf37-e0eb2de42244} - c:\windows\system32\hnetmon32.dll
BHO: {926a6067-e73a-43d6-bd10-dcc24def04bc} - c:\windows\system32\dot3cfg32.dll
BHO: {928bc79f-a877-4917-8ca8-2737f7d9d010} - c:\windows\system32\cdm32.dll
BHO: {93fa04d5-b612-442c-b880-6faa11725a79} - c:\windows\system32\dhcpqec32.dll
BHO: {950637b3-1c87-4ff8-9518-fe4b2a02e4dc} - c:\windows\system32\cdm32.dll
BHO: {975769e6-112f-4671-876b-55b468072509} - c:\windows\system32\cdm32.dll
BHO: {987201eb-5331-4a35-857f-27f9400f220f} - c:\windows\system32\hnetmon32.dll
BHO: {98decfdb-78c7-4618-ae3a-834e18dbabf3} - c:\windows\system32\dhcpqec32.dll
BHO: {990817ec-6074-4abe-9e15-b97dcc299ebb} - c:\windows\system32\dhcpqec32.dll
BHO: {99bc59cc-779c-4feb-9dbe-6da184c41126} - c:\windows\system32\cdm32.dll
BHO: {99e741fc-1aa0-4f31-aaa7-e6fe4425a3cf} - c:\windows\system32\hnetmon32.dll
BHO: {9a252ff6-c2fd-40e4-8bda-a676096620e0} - c:\windows\system32\dhcpqec32.dll
BHO: {9aa7e433-5820-4d17-ae9e-4d504a428b6b} - c:\windows\system32\dot3cfg32.dll
BHO: {9ab09de8-41c7-4d21-93f4-38d51f1b2d02} - c:\windows\system32\cdm32.dll
BHO: {9b822c46-6ae7-4738-a436-5f5236261f46} - c:\windows\system32\dsprop32.dll
BHO: {9bd815ca-f347-485f-b643-16355e27e62f} - c:\windows\system32\cdm32.dll
BHO: {9f0550ab-af23-469d-89ff-699c0329d4d6} - c:\windows\system32\hnetmon32.dll
BHO: {9f46f1df-59c1-4372-89d3-6b535e549bd6} - c:\windows\system32\dsprop32.dll
BHO: {a0f5747e-ced5-4747-ad5b-82b7f48a00d4} - c:\windows\system32\dot3cfg32.dll
BHO: {a25466f8-0191-4faf-aa17-dcbac4b3f925} - c:\windows\system32\dsprop32.dll
BHO: {a60dba56-895a-4b98-a786-e0669d66f265} - c:\windows\system32\hnetmon32.dll
BHO: {a63e302c-de2b-4afa-8a91-a0e84d16fc17} - c:\windows\system32\dot3cfg32.dll
BHO: {a63f51a2-3f21-43ec-974f-7aacc7536fcf} - c:\windows\system32\hnetmon32.dll
BHO: {a90d110c-4a09-435e-9123-d563daf52b02} - c:\windows\system32\dot3cfg32.dll
BHO: {a93bb814-8b6d-4fd5-b84d-0ee7979b85c4} - c:\windows\system32\hnetmon32.dll
BHO: {aab5f954-57e9-4da1-94b6-d7b1cd09289d} - c:\windows\system32\dot3cfg32.dll
BHO: {ad6d1dfc-8925-4f4a-bfaf-b6d645597ff8} - c:\windows\system32\dot3cfg32.dll
BHO: {adc5564e-e12f-460a-a716-323ba4fd9aaa} - c:\windows\system32\hnetmon32.dll
BHO: {ae1ce7f4-49b5-4d93-84b2-2af9ff8971f6} - c:\windows\system32\dsprop32.dll
BHO: {ae9458b9-54d2-4965-9672-17cf577e31e4} - c:\windows\system32\hnetmon32.dll
BHO: {aec30ab7-af59-46f1-9e0b-c08729c34725} - c:\windows\system32\hnetmon32.dll
BHO: {b0243543-498d-4c06-81a0-3d08fcbb8646} - c:\windows\system32\hnetmon32.dll
BHO: {b11f890f-fa17-485f-9299-3ae4a4f48afe} - c:\windows\system32\dot3cfg32.dll
BHO: {b4f49650-b81f-4828-a598-e6d7712e303c} - c:\windows\system32\dot3cfg32.dll
BHO: {b52e1633-01e2-4eaf-b66f-4aaf8dded128} - c:\windows\system32\cdm32.dll
BHO: {b52ecdd5-a5e7-4d64-bb8e-96e9bf5ae41f} - c:\windows\system32\dhcpqec32.dll
BHO: {b5ace0fc-3185-46a0-a021-f96b0bd8b9fb} - c:\windows\system32\hnetmon32.dll
BHO: {b7953758-e772-4cb0-837d-3310db6049e2} - c:\windows\system32\hnetmon32.dll
BHO: {ba378578-25a4-48a1-8f01-18b2dadb21dd} - c:\windows\system32\dsprop32.dll
BHO: {ba941ab4-5754-4298-b95a-a83f2171da30} - c:\windows\system32\dhcpqec32.dll
BHO: {bc7fd467-fa62-4c65-a339-d05ee87d669a} - c:\windows\system32\cdm32.dll
BHO: {bccd8f0d-7ea7-449d-b6b3-a75cdd044884} - c:\windows\system32\dsprop32.dll
BHO: {bd01a9b7-39bf-4fc2-a266-29548e1d7dc3} - c:\windows\system32\dhcpqec32.dll
BHO: {bf402d99-0cf9-4a5b-8f64-21337cf9cd9c} - c:\windows\system32\cdm32.dll
BHO: {bf9379be-a152-444c-8e3b-dcc7d6578c53} - c:\windows\system32\dot3cfg32.dll
BHO: {c4d0a502-6e3e-485b-907c-50326938b86a} - c:\windows\system32\hnetmon32.dll
BHO: {c6001f0d-1595-4a4b-853d-96d4cb5e27e4} - c:\windows\system32\dot3cfg32.dll
BHO: {c9632ca8-364e-489f-87a9-b00dbbca28a2} - c:\windows\system32\cdm32.dll
BHO: {ca2ef03e-c642-4066-8657-9e47768d12b7} - c:\windows\system32\cdm32.dll
BHO: {ca62fa78-cee4-49f3-98cf-12a39a097fa9} - c:\windows\system32\dot3cfg32.dll
BHO: {cbaf9f56-7fc9-47e6-a1c6-763a2b280d7a} - c:\windows\system32\dsprop32.dll
BHO: {cd4f1b2a-8bf3-4758-b80b-b5fdc5cbe106} - c:\windows\system32\hnetmon32.dll
BHO: {cd90070f-a48b-4060-9a73-ea5956b3a379} - c:\windows\system32\hnetmon32.dll
BHO: {cde8f38f-7357-4320-97de-d9894ae7f7da} - c:\windows\system32\dot3cfg32.dll
BHO: {ce6f0430-5f34-4019-b92c-59c3de8bf79d} - c:\windows\system32\dot3cfg32.dll
BHO: {cf3c0d7b-4906-48de-9614-82ddb5eeada5} - c:\windows\system32\hnetmon32.dll
BHO: {d0015e4e-a786-4310-a8b6-cca54341b49c} - c:\windows\system32\dot3cfg32.dll
{d0407608-2559-41c8-98ec-8ef29f81659a}
BHO: {d291cba3-6ba7-4cd9-bea6-136ab23f543a} - c:\windows\system32\dhcpqec32.dll
BHO: {d29676d9-30af-4afd-b8ca-d1758cef2550} - c:\windows\system32\ieframe32.dll
BHO: {d2b70230-e87c-4c9f-9023-c0d43f8b7112} - c:\windows\system32\dhcpqec32.dll
BHO: {d3d4430b-56af-4b88-93a3-2aa0361ca8f5} - c:\windows\system32\dsprop32.dll
BHO: {d43e0765-9e96-4d2e-92e8-0f5579881ca8} - c:\windows\system32\dhcpqec32.dll
BHO: {d49be9fb-7aba-4c3c-a70a-9d61527c0152} - c:\windows\system32\hnetmon32.dll
BHO: {d5f460d2-9227-4c5c-8d58-79b2e6db1939} - c:\windows\system32\hnetmon32.dll
BHO: {d7766e52-05b4-4e80-8cec-05cfe7dd9ed2} - c:\windows\system32\dot3cfg32.dll
BHO: {d777285e-f8fa-4fbc-962d-b75ae37ce55c} - c:\windows\system32\dot3cfg32.dll
BHO: {d941700d-cdce-4e43-af16-15d6d831e6f6} - c:\windows\system32\dhcpqec32.dll
BHO: {da166f76-a101-4477-ae8c-7bd8090d2a04} - c:\windows\system32\dhcpqec32.dll
BHO: {da97ab1a-51b3-4754-bbce-cd05f7a3bc98} - c:\windows\system32\hnetmon32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {dcaf4d33-d1e0-4cc4-b267-6ed15f5c4891} - c:\windows\system32\cdm32.dll
BHO: {de60a35b-fd9f-4c73-965a-35d03ad91b83} - c:\windows\system32\cdm32.dll
BHO: {dfff3ce0-e833-48ad-afc0-5e64fbd68441} - c:\windows\system32\ieframe32.dll
BHO: {e046a31b-5b38-4db5-8087-a531def62383} - c:\windows\system32\dot3cfg32.dll
BHO: {e08a1687-4349-4e36-935a-8883eda87043} - c:\windows\system32\dot3cfg32.dll
BHO: {e11e932e-7f08-4c4e-8c64-d6d4115a5c47} - c:\windows\system32\dhcpqec32.dll
BHO: {e23f87e5-3aec-4e90-8b73-aa78b5889112} - c:\windows\system32\hnetmon32.dll
BHO: {e269f8c3-a9c8-4115-bc22-81500490318c} - c:\windows\system32\dhcpqec32.dll
BHO: {e304bc68-054e-426f-a817-ae355408db7d} - c:\windows\system32\dhcpqec32.dll
BHO: {e31c7afc-3223-4b8a-a1f5-96309dda9090} - c:\windows\system32\dhcpqec32.dll
BHO: {e68e928a-9a62-4db7-8238-5a6bc70b1ee3} - c:\windows\system32\dhcpqec32.dll
BHO: {e7821780-5037-4156-b1f0-585ec5e30598} - c:\windows\system32\dhcpqec32.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {e9f4f2ea-ec36-4bed-b52d-7d00cfa94cb9} - c:\windows\system32\cdm32.dll
BHO: {ea1f3988-94dc-4dc6-a520-510a53bb6b8c} - c:\windows\system32\dot3cfg32.dll
BHO: {ec26be25-e065-444f-9a0e-90dbafa08bdb} - c:\windows\system32\cdm32.dll
BHO: {ecb80a19-e35a-487b-8447-abc9fdba7ac7} - c:\windows\system32\dhcpqec32.dll
BHO: {ecd071bf-08b2-4c5c-bd11-9f5a15d6959b} - c:\windows\system32\dhcpqec32.dll
BHO: {ed1b057f-4117-4ec5-b57c-daccb0f403d6} - c:\windows\system32\hnetmon32.dll
BHO: {ee2d0c9e-6e7f-453d-91fa-beb06ffc0e01} - c:\windows\system32\dhcpqec32.dll
BHO: {eefec118-d59d-4dc7-9dd5-ee76f51c73b6} - c:\windows\system32\dot3cfg32.dll
BHO: {efeeadeb-08a8-440a-8c51-95e6d2249c9c} - c:\windows\system32\dhcpqec32.dll
BHO: {f0ca28a0-fe20-4ec0-a94c-55593052080d} - c:\windows\system32\dot3cfg32.dll
BHO: {f1faeca7-33b5-4fe9-bf9f-71816a87b276} - c:\windows\system32\hnetmon32.dll
BHO: {f2b91f6b-cb2f-4879-aea0-8ce464780882} - c:\windows\system32\dhcpqec32.dll
BHO: {f2c0f466-57fc-443c-9308-21d5cfa60ba1} - c:\windows\system32\cdm32.dll
{f2ccd532-90c9-487e-8280-f9cd16a0a964}
BHO: {f54c9dd3-da26-4295-b68e-7d705dc87776} - c:\windows\system32\hnetmon32.dll
BHO: {f8f7e24e-9cde-40b3-abf0-a58129d6986e} - c:\windows\system32\dot3cfg32.dll
BHO: {f90dbb08-4a3f-4bb4-8868-a28c2b887e2f} - c:\windows\system32\cdm32.dll
BHO: {f9451b6b-c4ab-4054-8c77-ff7fedc5af63} - c:\windows\system32\cdm32.dll
BHO: {f98fe1f5-4e89-4457-afe4-32cad3528ab8} - c:\windows\system32\hnetmon32.dll
BHO: {f9ce4d00-7cbf-4715-8a35-728941ebc9af} - c:\windows\system32\dot3cfg32.dll
BHO: {fa408f69-72cf-423f-9e7d-34a5f1d60e1f} - c:\windows\system32\hnetmon32.dll
BHO: {fb7ad3f6-e6da-4790-bade-59569643c8a6} - c:\windows\system32\dhcpqec32.dll
BHO: {fcefbe67-082d-4a12-9f9d-658e6c4e40f5} - c:\windows\system32\dot3cfg32.dll
BHO: {fd10d5f8-8298-4f7c-a652-29daa7c87cbb} - c:\windows\system32\dot3cfg32.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: MRI_DISABLED - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "ARPWRMSG.EXE"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdateMgr.exe"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPwuSchd2.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [ps2] "c:\windows\system32\ps2.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [ALCMTR] "ALCMTR.EXE"
mRun: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RECGUARD] "c:\windows\sminst\RECGUARD.EXE"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: trymedia.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.163.16,93.188.161.200
TCP: {7DD88371-BAD1-43F0-8645-4FE4F11E7B54} = 93.188.163.16,93.188.161.200
TCP: {E3B2687C-24D1-4ECA-BC89-934C14AE5A92} = 93.188.163.16,93.188.161.200
Notify: 4c0c3c4879 - c:\windows\system32\docprop32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-21 64288]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-12-9 98304]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-4-6 1201640]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-5-20 104704]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-5-20 35584]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MSIU-8b7184fe;MSIU-8b7184fe;c:\windows\system32\-8b7184fe.exe [2010-5-19 70656]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-12-9 69632]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-12-27 100480]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-12-27 468768]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-5-20 14976]

=============== Created Last 30 ================

2010-05-21 03:26:55 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable
2010-05-21 00:38:19 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-05-20 23:38:36 0 d-----w- c:\program files\common files\Cisco Systems
2010-05-20 23:38:24 23552 ----a-w- c:\windows\system32\SophosBootTasks.exe
2010-05-20 23:38:13 0 d-----w- c:\program files\Sophos
2010-05-20 23:38:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2010-05-20 23:36:47 35584 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2010-05-20 23:36:47 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-05-20 23:36:47 104704 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2010-05-20 23:36:44 0 d-----w- C:\stdtsa
2010-05-19 05:27:44 70656 ----a-w- c:\windows\system32\-8b7184fe.exe
2010-05-15 07:40:19 0 d-----w- c:\program files\common files\Motive
2010-05-15 07:39:42 0 d-----w- c:\program files\ATT-PRT22-WISE
2010-05-15 07:39:24 0 d-----w- c:\program files\ATT
2010-05-14 20:22:50 357 ----a-w- c:\windows\ULEAD32.INI
2010-05-14 20:22:45 384512 ------w- c:\windows\system32\MFCO40.DLL
2010-05-14 20:22:26 0 d-----w- c:\program files\Ulead Systems
2010-05-14 07:27:05 0 d-----w- c:\program files\eBay
2010-05-14 07:27:05 0 d-----w- c:\documents and settings\all users\eBay
2010-05-14 06:19:07 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-05-14 05:13:09 0 d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-05-14 04:52:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-14 04:52:52 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-14 04:52:52 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-14 04:52:52 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-14 04:52:52 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-05-14 04:52:51 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-05-14 04:52:46 0 d-----w- c:\windows\ie8updates
2010-05-14 04:52:41 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-14 04:51:41 0 dc-h--w- c:\windows\ie8
2010-05-14 04:47:24 0 d-----w- c:\program files\Windows Media Connect 2
2010-05-14 04:45:14 0 d-----w- c:\windows\system32\LogFiles
2010-05-14 04:09:33 0 d-----w- c:\program files\VideoLAN
2010-05-13 07:39:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-13 07:39:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-13 07:02:46 0 d-----w- c:\program files\YouTube Downloader
2010-05-06 02:37:54 754 ----a-w- c:\windows\WORDPAD.INI
2010-04-23 07:52:22 817 ----a-w- c:\windows\system32\79741892
2010-04-22 04:06:38 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-22 04:06:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-22 03:43:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-21 22:56:08 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-21 22:55:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 22:07:51 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-21 22:07:43 0 d-----w- c:\program files\Lavasoft
2010-04-21 21:12:58 0 d-----w- c:\program files\Trend Micro
2010-04-21 09:39:18 0 d-----w- c:\windows\pss

==================== Find3M ====================

2010-04-20 07:44:06 203776 --sh--w- c:\windows\system32\unrar.exe
2010-04-20 07:43:51 774144 --sha-w- c:\windows\system32\17.tmp
2010-04-04 22:22:26 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-04-04 22:22:26 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2006-12-05 03:31:08 22 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 23:05:56.85 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2010 9:24:51 PM
System Uptime: 5/20/2010 11:02:37 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | EMERY
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 290 GiB total, 261.833 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.045 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: BCM2045A
Device ID: USB\VID_0A5C&PID_2101\00027201DAD9
Manufacturer:
Name: BCM2045A
PNP Device ID: USB\VID_0A5C&PID_2101\00027201DAD9
Service:

==== System Restore Points ===================

RP11: 2/23/2010 4:33:43 PM - Removed Norton Security Center
RP12: 2/23/2010 4:38:46 PM - Software Distribution Service 3.0
RP13: 2/24/2010 5:02:14 PM - System Checkpoint
RP14: 2/25/2010 6:34:20 PM - System Checkpoint
RP15: 2/26/2010 8:09:55 PM - System Checkpoint
RP16: 2/27/2010 8:43:32 PM - System Checkpoint
RP17: 2/28/2010 10:18:35 PM - System Checkpoint
RP18: 3/1/2010 11:31:03 PM - System Checkpoint
RP19: 3/3/2010 1:18:31 AM - System Checkpoint
RP20: 3/4/2010 2:42:32 AM - System Checkpoint
RP21: 3/5/2010 2:50:38 AM - System Checkpoint
RP22: 3/6/2010 5:25:03 AM - System Checkpoint
RP23: 3/7/2010 5:42:26 AM - System Checkpoint
RP24: 3/8/2010 6:46:00 AM - System Checkpoint
RP25: 3/9/2010 7:06:28 AM - System Checkpoint
RP26: 3/10/2010 3:41:25 PM - System Checkpoint
RP27: 3/11/2010 3:00:13 AM - Software Distribution Service 3.0
RP28: 3/12/2010 4:04:17 AM - System Checkpoint
RP29: 3/13/2010 6:37:31 AM - System Checkpoint
RP30: 3/14/2010 8:29:22 AM - System Checkpoint
RP31: 3/15/2010 8:30:09 AM - System Checkpoint
RP32: 3/16/2010 9:01:28 AM - System Checkpoint
RP33: 3/17/2010 9:28:21 AM - System Checkpoint
RP34: 3/18/2010 11:16:22 AM - System Checkpoint
RP35: 3/19/2010 11:42:30 AM - System Checkpoint
RP36: 4/4/2010 5:18:42 AM - System Checkpoint
RP37: 4/5/2010 3:00:13 AM - Software Distribution Service 3.0
RP38: 4/6/2010 10:42:10 AM - System Checkpoint
RP39: 4/8/2010 7:42:38 PM - System Checkpoint
RP40: 4/9/2010 9:07:50 PM - System Checkpoint
RP41: 4/12/2010 3:35:38 PM - System Checkpoint
RP42: 5/13/2010 5:35:23 AM - System Checkpoint
RP43: 5/13/2010 11:43:59 PM - Software Distribution Service 3.0
RP44: 5/14/2010 2:27:02 AM - Installed Turbo Lister 2.
RP45: 4/14/2010 11:45:07 PM - System Checkpoint
RP46: 4/16/2010 1:04:30 AM - System Checkpoint
RP47: 4/17/2010 2:15:24 AM - System Checkpoint
RP48: 4/18/2010 2:27:24 AM - System Checkpoint
RP49: 4/19/2010 2:52:59 AM - System Checkpoint
RP50: 4/19/2010 3:00:14 AM - Software Distribution Service 3.0
RP51: 4/20/2010 2:50:32 AM - Removed Ask Toolbar.
RP52: 4/21/2010 3:11:13 AM - System Checkpoint
RP53: 4/21/2010 4:12:57 PM - Installed HiJackThis
RP54: 4/22/2010 5:02:13 PM - System Checkpoint
RP55: 4/25/2010 3:37:31 AM - System Checkpoint
RP56: 4/26/2010 6:41:00 AM - System Checkpoint
RP57: 4/27/2010 10:09:27 AM - System Checkpoint
RP58: 4/28/2010 11:58:25 AM - System Checkpoint
RP59: 4/30/2010 6:45:47 AM - System Checkpoint
RP60: 5/1/2010 7:49:54 AM - System Checkpoint
RP61: 5/2/2010 7:17:26 PM - System Checkpoint
RP62: 5/5/2010 3:30:13 PM - System Checkpoint
RP63: 5/6/2010 9:41:49 PM - System Checkpoint
RP64: 5/7/2010 10:28:24 PM - System Checkpoint
RP65: 5/8/2010 11:28:26 PM - System Checkpoint
RP66: 5/9/2010 11:45:05 PM - System Checkpoint
RP67: 5/11/2010 12:43:03 AM - System Checkpoint
RP68: 5/12/2010 3:00:14 AM - Software Distribution Service 3.0
RP69: 5/13/2010 2:59:05 PM - System Checkpoint
RP70: 5/14/2010 3:16:19 PM - System Checkpoint
RP71: 5/16/2010 5:06:31 AM - System Checkpoint
RP72: 5/17/2010 6:07:47 PM - System Checkpoint
RP73: 5/19/2010 8:53:08 AM - System Checkpoint
RP74: 5/20/2010 8:59:19 AM - System Checkpoint
RP75: 5/20/2010 6:38:08 PM - Installed Sophos Anti-Virus

==== Installed Programs ======================

5 Card Slingo from HP Media Center (remove only)
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AstroPop Deluxe from HP Media Center (remove only)
ATT-PRT22
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
GemMaster Mystic
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java™ 6 Update 18
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.56.1
Mah Jong Quest from HP Media Center (remove only)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2005
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
NVIDIA Drivers
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sophos Anti-Virus
Spy Sweeper Core
Spybot - Search & Destroy
Status
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp
Turbo Lister 2
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
WebReg
Webroot AntiVirus with Spy Sweeper
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
YouTube Downloader 2.5.4
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

5/20/2010 11:03:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/20/2010 11:03:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter Tcpip
5/20/2010 11:03:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 11:03:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 11:03:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 11:03:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 11:03:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/19/2010 12:27:46 AM, error: Service Control Manager [7034] - The MSIU-8b7184fe service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================




#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 20 May 2010 - 11:48 PM

ill be waiting or let me know if you have any problems


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 21 May 2010 - 05:54 AM

Hi - having major problems. Grem ran for hours and then stalled and computer froze. Restarted and going to run grem again. Gonna catch some sleep while it runs and will post again. Thanks.

#9 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 21 May 2010 - 05:55 AM

Meant to say GMER - sorry.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 21 May 2010 - 12:19 PM

Greetings

If you keep having problems then try this scan

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 22 May 2010 - 12:25 AM

Gmer finally complete (I think), after a few stallouts and computer freezing. Gmer took hours to complete scan.

Symptoms - Browser redirects, computer will not go to microsoft update, cannot update Webroot Antivirus or Ad-Aware. Most online virus scans will not run. Computer very slow. Slow startup - blue screen for a long time between windows start and desktop appearing. Webroot shows trojans even after quarantines and restarts - new virus appears. Many browsing attempts come up "cannot run the page - diagnose connection problems."

Have not tried the last scan you suggested - going to post this first and then run the RKUnHooker.
Thanks for you time and patience! Kat


#12 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 22 May 2010 - 12:27 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-21 23:29:38
Windows 5.1.2600 Service Pack 3
Running: 27tv36vd gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwxyafod.sys


---- System - GMER 1.0.15 ----

SSDT 89DE9FA8 ZwAllocateVirtualMemory
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA93887E]
SSDT 89DCBD28 ZwCreateProcess
SSDT 89DCBCB0 ZwCreateProcessEx
SSDT 89DCBAD0 ZwCreateThread
SSDT 89E060A8 ZwDeleteKey
SSDT 89DCBDA0 ZwDeleteValueKey
SSDT 89DE9020 ZwQueueApcThread
SSDT 89DE9EB8 ZwReadVirtualMemory
SSDT 89DEA1B0 ZwRenameKey
SSDT 89DCB968 ZwSetContextThread
SSDT 89DEA138 ZwSetInformationKey
SSDT 89DCBBC0 ZwSetInformationProcess
SSDT 89DCB9E0 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA938BFE]
SSDT 89DCBB48 ZwSuspendProcess
SSDT 89DCB8F0 ZwSuspendThread
SSDT 89DCBC38 ZwTerminateProcess
SSDT 89DCBA58 ZwTerminateThread
SSDT 89DE9F30 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E87360, 0x1DE8FD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\HP_Administrator\Desktop\27tv36vd gmer.exe[224] msvcrt.dll!sin 77C4D464 2 Bytes [83, 7C]
.text C:\Documents and Settings\HP_Administrator\Desktop\27tv36vd gmer.exe[224] msvcrt.dll!sin + 3 77C4D467 5 Bytes [08, 01, 75, 19, 6A]
.text C:\Documents and Settings\HP_Administrator\Desktop\27tv36vd gmer.exe[224] msvcrt.dll!sin + 9 77C4D46D 28 Bytes [6A, 00, 68, 92, 67, 90, 7C, ...]
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3220] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\DISC\DiscStreamHub.exe[4024] msvcrt.dll!sin 77C4D464 2 Bytes [83, 7C]
.text C:\Program Files\DISC\DiscStreamHub.exe[4024] msvcrt.dll!sin + 3 77C4D467 5 Bytes [08, 01, 75, 19, 6A]
.text C:\Program Files\DISC\DiscStreamHub.exe[4024] msvcrt.dll!sin + 9 77C4D46D 28 Bytes [6A, 00, 68, 92, 67, 90, 7C, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \Driver\Tcpip \Device\Ip 88BB3EA8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp 88BB3EA8
Device \Driver\Tcpip \Device\Udp 88BB3EA8
Device \Driver\Tcpip \Device\RawIp 88BB3EA8
Device \Driver\Tcpip \Device\IPMULTICAST 88BB3EA8

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- EOF - GMER 1.0.15 ----


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 22 May 2010 - 12:27 AM

if gmer finished let me have the report

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 speediskoolsmom

speediskoolsmom
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 22 May 2010 - 12:30 AM

Rootkit unhooker detected a parasite Within Itself. I tried to close it. A box came up saying "Rootkit unhooker LE - hmm, are you sure? Then a smiley face. Should I tell it yes - or am I downloading more trash?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 22 May 2010 - 12:56 AM

greetings

I seen in Gmer what I needed so don't worry abour RKunhooker

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users