Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When I click on search results I get something different than the link


  • This topic is locked This topic is locked
22 replies to this topic

#1 mdt81

mdt81

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 14 August 2010 - 11:24 PM

When I do an internet search on google or yahoo I get different results than what the result I clicked on says it is. Usually I get taken to some other search engine with the same results as what I just searched for on google or yahoo. Is this a virus? I've done system restore and run AVG and Spybot but nothing shows up.

Edited by mdt81, 14 August 2010 - 11:30 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 AM

Posted 14 August 2010 - 11:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 14 August 2010 - 11:40 PM

Thanks Gringo. I was able to ge the defogger to run but dds brings up a file in notepad that's all symbols which doesn't seem right. Halfway through the top line of symbols it says "This program cannot be run in DOS mode."

#4 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 14 August 2010 - 11:45 PM

Got it now. Should have tried one of the other links first.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 AM

Posted 14 August 2010 - 11:46 PM

Use one of the next to links for DDS this happens when you have autocad installed

http://download.bleepingcomputer.com/sUBs/dds.com

http://www.forospyware.com/sUBs/dds

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 14 August 2010 - 11:53 PM

Gringo, here's the results.

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by mthomas at 21:42:55.61 on Sat 08/14/2010
Internet Explorer: 8.0.6001.18928
Microsoft Windows Vista Business 6.0.6002.2.1252.1.1033.18.2045.775 [GMT -7:00]

AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Windows\system32\crypserv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

RKUnHooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C00F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7630848 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.69 )
0x82015000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82015000 PnpManager 3903488 bytes
0x82015000 RAW 3903488 bytes
0x82015000 WMIxWDM 3903488 bytes
0x95200000 Win32k 2109440 bytes
0x95200000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x82E03000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82673000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D40A000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x82C06000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0AF1000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D50D000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9AE73000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8D04B000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
0x8C756000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x82D2C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CEFD000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8C80E000 C:\Windows\system32\DRIVERS\bcmwl6.sys 548864 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xA4ADB000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x80606000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82602000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9AF7A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8D738000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C975000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xA4A29000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80738000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D66F000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80492000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8CE34000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C8CE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D140000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8D6EE000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x827A9000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D603000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xA0A5F000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x82F13000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D005000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8D7B0000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x823CE000 ACPI_HAL 208896 bytes
0x823CE000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA4A93000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x805B3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D63D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C894000 C:\Windows\system32\DRIVERS\b57nd60x.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x8CE05000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8D0EE000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9AE3F000 C:\Windows\system32\Drivers\ino_fltr.sys 180224 bytes (Computer Associates, CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003/Vista)
0x8277E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x82DB9000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8CF98000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9AF33000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA4B5B000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA0AC5000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x82F6E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E6000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA4A02000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D11B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CEA2000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9AE1D000 C:\Windows\system32\DRIVERS\WavxDMgr.sys 139264 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0x82FA6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA0A1F000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D189000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA0A40000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807B6000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA0BD9000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82CF0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9AE02000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA4B8E000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8C939000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9AFE7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82DE4000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0A98000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D793000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CE80000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x82FD0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D6B7000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D1C3000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA0A0A000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CEE8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA0AB0000 C:\Windows\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0x8CED4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C961000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8D1D9000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C9C6000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9AF67000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D6DB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x82F95000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D03A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80479000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x807D4000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA4BB4000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9AF23000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8079E000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C91B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CF86000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x82D14000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x805E5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82F5F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CEC5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C90C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80729000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C92B000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95440000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D6CD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D1B5000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8CFF1000 C:\Windows\System32\Drivers\oz776.sys 57344 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0x80789000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C953000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0xA4ACE000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x827E4000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D5C1000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CFCC000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80682000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA4BA8000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x807F3000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA4A87000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8D17D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C000000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x827F1000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8C9E6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C9DB000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D1AA000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CE97000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x82F54000 C:\Windows\system32\DRIVERS\PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0x8C800000 C:\Windows\System32\Drivers\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smard Card Driver Library)
0x8CE75000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA4A7C000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x82FF0000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C8C3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0xA4B84000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x82FE6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CFC2000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9AF5D000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D72A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA0BCF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xA4BE0000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x82FC7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D5CE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA4BE9000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807EA000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D5E5000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95420000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x82D0B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82D23000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807AE000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xA4AC6000 C:\Windows\system32\DRIVERS\BthFilt.sys 32768 bytes (CSR, plc, BthFilt Device Driver)
0x8C9F7000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0xA4BCB000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D5F5000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D400000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x82F4C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA0BF6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D5DE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D5EE000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80782000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA4BC4000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xA4BD3000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x8D5D7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80797000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D7AA000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8C9F1000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x807E4000 C:\Windows\system32\Drivers\ino_flpy.sys 24576 bytes (Computer Associates, CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista)
0xA4A77000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x8D734000 C:\Windows\system32\ckldrv.sys 16384 bytes
0x82FFB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA0AED000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8071C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CF96000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C9D9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x863BDAEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x861BA770 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x807AE000 WARNING: suspicious driver modification [atapi.sys::0x863BDAEA]
0x067B0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x879DE798 ] PID: 1392, 1077248 bytes
0x05470000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x87472D90 ] PID: 380, 1695744 bytes
0x060B0000 Hidden Image-->log4net.dll [ EPROCESS 0x879DE798 ] PID: 1392, 282624 bytes
0x071A0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x879DE798 ] PID: 1392, 421888 bytes
0x00E30000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x879DE798 ] PID: 1392, 471040 bytes
0x04B50000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x879DE798 ] PID: 1392, 479232 bytes
0x06BE0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x879DE798 ] PID: 1392, 479232 bytes
0x03E40000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87472D90 ] PID: 380, 507904 bytes
0x04330000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87395BA8 ] PID: 4908, 507904 bytes
0x05000000 Hidden Image-->msvcm80.dll [ EPROCESS 0x872BD098 ] PID: 4932, 507904 bytes
0x00DD0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x879DE798 ] PID: 1392, 53248 bytes
0x042C0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87472D90 ] PID: 380, 73728 bytes
0x043D0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87395BA8 ] PID: 4908, 73728 bytes
0x03390000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x879DE798 ] PID: 1392, 77824 bytes
0x04D60000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x879DE798 ] PID: 1392, 778240 bytes
0x033B0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x879DE798 ] PID: 1392, 86016 bytes
0x06E60000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x879DE798 ] PID: 1392, 872448 bytes
0x82DE4000 WARNING: Virus alike driver modification [cdrom.sys], 98304 bytes

MBR Check

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision M90
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 174):
0x82015000 \SystemRoot\system32\ntkrnlpa.exe
0x823CE000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80479000 \SystemRoot\system32\PSHED.dll
0x8048A000 \SystemRoot\system32\BOOTVID.dll
0x80492000 \SystemRoot\system32\CLFS.SYS
0x804D3000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80729000 \SystemRoot\system32\drivers\volmgr.sys
0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
0x80782000 \SystemRoot\system32\drivers\intelide.sys
0x80789000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80797000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8079E000 \SystemRoot\System32\drivers\mountmgr.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x807B6000 \SystemRoot\system32\drivers\ataport.SYS
0x805B3000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D4000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E4000 \SystemRoot\system32\Drivers\ino_flpy.sys
0x807EA000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82602000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82673000 \SystemRoot\system32\drivers\ndis.sys
0x8277E000 \SystemRoot\system32\drivers\msrpc.sys
0x827A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C06000 \SystemRoot\System32\drivers\tcpip.sys
0x82CF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82E03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F13000 \SystemRoot\system32\drivers\volsnap.sys
0x82F4C000 \SystemRoot\System32\Drivers\spldr.sys
0x82F54000 \SystemRoot\system32\DRIVERS\PBADRV.sys
0x82F5F000 \SystemRoot\System32\Drivers\mup.sys
0x82F6E000 \SystemRoot\System32\drivers\ecache.sys
0x82F95000 \SystemRoot\system32\drivers\disk.sys
0x82FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82FC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x82FF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82D0B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82D14000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x82D23000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x82FFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C00F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C756000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C000000 \SystemRoot\System32\drivers\watchdog.sys
0x82D2C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C80E000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C894000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8C8C3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C8CE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C90C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C91B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C92B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C939000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C953000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C961000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C975000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C9C6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x82DB9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C9D9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C9DB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C9E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82DE4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C9F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CE05000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CE34000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CE75000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CE80000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CE97000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CEA2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CEC5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CED4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CEE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CEFD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8CF86000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CF96000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CF98000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CFC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CFCC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D005000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D03A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D04B000 \SystemRoot\system32\drivers\stwrt.sys
0x8D0EE000 \SystemRoot\system32\drivers\portcls.sys
0x8D11B000 \SystemRoot\system32\drivers\drmk.sys
0x8D140000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D40A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D50D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D5C1000 \SystemRoot\system32\drivers\modem.sys
0x8D5CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D5D7000 \SystemRoot\System32\Drivers\Null.SYS
0x8D5DE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D5EE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D17D000 \SystemRoot\System32\drivers\vga.sys
0x8D189000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D5F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D400000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D1AA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D1B5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D5E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D1C3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D1D9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D603000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8D63D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D66F000 \SystemRoot\system32\drivers\afd.sys
0x8D6B7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D6CD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D6DB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D6EE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D72A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D734000 \SystemRoot\system32\ckldrv.sys
0x8D738000 \SystemRoot\system32\drivers\csc.sys
0x8D793000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D7AA000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8D7B0000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8CFF1000 \SystemRoot\System32\Drivers\oz776.sys
0x8C800000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0x82FD0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x827E4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x827F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C9F7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95200000 \SystemRoot\System32\win32k.sys
0x82FE6000 \SystemRoot\System32\drivers\Dxapi.sys
0x805E5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95420000 \SystemRoot\System32\TSDDD.dll
0x95440000 \SystemRoot\System32\cdd.dll
0x9AE02000 \SystemRoot\system32\drivers\luafv.sys
0x9AE1D000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x9AE3F000 \??\C:\Windows\system32\Drivers\ino_fltr.sys
0x9AE73000 \SystemRoot\system32\drivers\spsys.sys
0x9AF23000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9AF33000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9AF5D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9AF67000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9AF7A000 \SystemRoot\system32\drivers\HTTP.sys
0x9AFE7000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0A0A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0A1F000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0A40000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0A5F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0A98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0AB0000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xA0AC5000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA0AED000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA0AF1000 \SystemRoot\system32\drivers\peauth.sys
0xA0BCF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0BD9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x807F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0BF6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA4A02000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4A29000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4A77000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA4A7C000 \SystemRoot\system32\drivers\tdtcp.sys
0xA4A87000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA4A93000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA4AC6000 \SystemRoot\system32\DRIVERS\BthFilt.sys
0xA4ACE000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA4ADB000 \SystemRoot\System32\Drivers\bthport.sys
0xA4B5B000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA4B84000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA4B8E000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xA4BA8000 \SystemRoot\system32\DRIVERS\hidbth.sys
0xA4BB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA4BC4000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xA4BCB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA4BD3000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xA4BE0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77A70000 \Windows\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
576 csrss.exe
628 C:\Windows\System32\wininit.exe
636 csrss.exe
648 C:\Program Files\AVG\AVG9\avgchsvx.exe
656 C:\Program Files\AVG\AVG9\avgrsx.exe
684 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\services.exe
788 C:\Windows\System32\lsass.exe
796 C:\Windows\System32\lsm.exe
856 C:\Program Files\AVG\AVG9\avgcsrvx.exe
956 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\audiodg.exe
1704 C:\Windows\System32\svchost.exe
1772 C:\Windows\System32\SLsvc.exe
1828 C:\Windows\System32\svchost.exe
1916 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
1956 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\WLTRYSVC.EXE
380 C:\Windows\System32\BCMWLTRY.EXE
640 C:\Windows\System32\spoolsv.exe
948 C:\Windows\System32\svchost.exe
1592 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1900 C:\Windows\System32\svchost.exe
1984 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
276 C:\Windows\System32\ASTSRV.EXE
764 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1660 C:\Program Files\Bonjour\mDNSResponder.exe
1664 C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
1796 C:\Windows\System32\svchost.exe
1976 C:\Windows\System32\drivers\CDAC11BA.EXE
2072 C:\Windows\System32\Crypserv.exe
2224 C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
2348 C:\Program Files\AVG\AVG9\avgnsx.exe
2436 C:\Program Files\CA\eTrustITM\InoRPC.exe
2652 C:\Program Files\CA\eTrustITM\InoRT.exe
2688 C:\Program Files\CA\eTrustITM\InoTask.exe
2728 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
2740 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
2776 C:\Windows\System32\svchost.exe
2912 C:\Windows\System32\svchost.exe
2952 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
3052 C:\Windows\System32\svchost.exe
3080 C:\Windows\System32\svchost.exe
3140 C:\Windows\System32\SearchIndexer.exe
3236 C:\Windows\System32\drivers\XAudio.exe
3252 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
3428 WmiPrvSE.exe
3524 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
1736 C:\Windows\System32\taskeng.exe
1392 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
816 C:\Windows\System32\taskeng.exe
4280 C:\Windows\System32\dwm.exe
4316 C:\Windows\explorer.exe
4884 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4896 C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
4908 C:\Windows\System32\WLTRAY.EXE
4920 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
4932 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
5016 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
5064 C:\Windows\System32\rundll32.exe
5076 C:\Windows\System32\rundll32.exe
5140 C:\Windows\sttray.exe
5152 C:\Program Files\AVG\AVG9\avgtray.exe
5176 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
5240 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
5268 C:\Program Files\Digital Line Detect\DLG.exe
5280 C:\Program Files\Logitech\SetPoint\SetPoint.exe
5296 C:\Program Files\Dell\QuickSet\quickset.exe
5368 C:\Windows\System32\rundll32.exe
5804 C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
1384 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
5376 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3948 C:\Program Files\Internet Explorer\iexplore.exe
4792 C:\Program Files\Internet Explorer\iexplore.exe
5184 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
5496 C:\Windows\System32\svchost.exe
5060 C:\Windows\System32\SearchProtocolHost.exe
5292 C:\Windows\System32\SearchFilterHost.exe
3552 C:\Program Files\Internet Explorer\iexplore.exe
4800 C:\Windows\System32\SearchProtocolHost.exe
2804 C:\Users\MThomas\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`83f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03f00000 (NTFS)

PhysicalDrive0 Model Number: ST910021AS, Rev: 8.04

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Nothing unusual came up. THanks for the help.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 AM

Posted 14 August 2010 - 11:59 PM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 August 2010 - 12:54 AM

Well it found something. It rebooted my computer before it completed stage one. No problems to report and I didn't get redirected to any other sites when I just did a random search. The first 5 links or so came up as advertised. Here's the log from ComboFix. Again, thanks for the help.

ComboFix 10-08-14.02 - mthomas 08/14/2010 22:20:39.1.2 - x86
Microsoft Windows Vista Business 6.0.6002.2.1252.1.1033.18.2045.1110 [GMT -7:00]
Running from: c:\users\MThomas\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\MThomas\AppData\Local\{18FC298E-6C58-4DBA-899A-AD6619299A5E}
c:\users\MThomas\AppData\Local\{18FC298E-6C58-4DBA-899A-AD6619299A5E}\chrome\content\overlay.xul
c:\users\MThomas\AppData\Local\{18FC298E-6C58-4DBA-899A-AD6619299A5E}\install.rdf
c:\users\MThomas\AppData\Local\{A4B6507E-6776-4D01-AAE9-DD679CA8730D}
c:\users\MThomas\AppData\Local\{A4B6507E-6776-4D01-AAE9-DD679CA8730D}\chrome\content\overlay.xul
c:\users\MThomas\AppData\Local\{A4B6507E-6776-4D01-AAE9-DD679CA8730D}\install.rdf
c:\users\MThomas\g2mdlhlpx.exe
c:\windows\jestertb.dll
c:\windows\system32\%appdata%
c:\windows\system32\lsprst7.dll

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 05:32 . 2010-08-15 05:38 -------- d-----w- c:\users\MThomas\AppData\Local\temp
2010-08-15 05:32 . 2010-08-15 05:32 -------- d-----w- c:\users\Matthew Thomas\AppData\Local\temp
2010-08-15 05:32 . 2010-08-15 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 05:32 . 2010-08-15 05:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-14 20:08 . 2010-08-14 20:08 -------- d-----w- c:\users\MThomas\AppData\Roaming\Malwarebytes
2010-08-14 20:07 . 2010-08-14 20:07 -------- d-----w- c:\progra~2\Malwarebytes
2010-08-14 20:07 . 2010-08-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 14:18 . 2010-08-14 18:17 0 ----a-w- c:\users\MThomas\AppData\Local\Arukagoxutux.bin
2010-08-14 14:18 . 2010-08-14 18:17 120 ----a-w- c:\users\MThomas\AppData\Local\Xwihacud.dat
2010-08-10 22:28 . 2010-08-10 22:28 -------- d-----w- c:\program files\COMODO
2010-08-02 20:45 . 2010-08-02 20:45 -------- d-----w- c:\program files\Autodesk
2010-08-02 20:41 . 2010-08-15 05:36 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-27 17:19 . 2010-07-27 17:19 -------- d-----w- c:\program files\iPod
2010-07-27 17:18 . 2010-07-27 17:20 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\program files\QuickTime
2010-07-27 17:04 . 2010-07-27 17:04 -------- d-----w- c:\program files\Bonjour
2010-07-26 18:23 . 2010-07-26 18:23 -------- d-----w- c:\users\MThomas\AppData\Roaming\Bentley
2010-07-19 22:02 . 2010-07-19 22:02 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 05:38 . 2007-08-04 16:30 0 ----a-w- c:\users\MThomas\AppData\Local\WavXMapDrive.bat
2010-08-15 05:33 . 2007-07-30 13:05 2140 ----a-w- c:\windows\bthservsdp.dat
2010-08-15 05:31 . 2007-10-24 16:06 -------- d-----w- c:\program files\Common Files\TJ Shared
2010-08-15 03:47 . 2007-08-04 16:30 93512 ----a-w- c:\users\MThomas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-15 03:18 . 2007-07-30 13:32 -------- d-----w- c:\progra~2\Microsoft Help
2010-08-15 03:01 . 2007-08-04 17:58 -------- d-----w- c:\progra~2\FLEXnet
2010-08-15 03:01 . 2007-08-04 17:13 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-08-15 03:01 . 2010-06-21 15:35 -------- d-----w- c:\program files\Uniblue
2010-08-14 20:49 . 2007-08-06 14:40 62378 ----a-w- c:\users\MThomas\AppData\Roaming\nvModes.dat
2010-08-09 20:06 . 2008-09-03 18:10 -------- d-----w- c:\program files\ENERCALC_6
2010-08-06 18:53 . 2008-03-11 16:11 -------- d-----w- c:\program files\CMD06
2010-08-02 23:43 . 2008-08-19 18:23 302 ----a-w- c:\windows\system32\tracklog.sys
2010-08-02 20:45 . 2007-08-06 22:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-07-27 17:20 . 2008-12-26 05:51 -------- d-----w- c:\program files\iTunes
2010-07-27 17:19 . 2008-12-26 05:47 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 00:12 . 2007-10-12 22:09 -------- d-----w- c:\program files\CostWork
2010-07-15 16:53 . 2010-04-23 04:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:53 . 2010-07-15 16:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:52 . 2010-04-23 04:53 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 15:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-03 21:52 . 2010-06-29 21:13 -------- d-----w- c:\users\MThomas\AppData\Roaming\SpecsIntact
2010-07-03 21:52 . 2010-06-29 18:11 -------- d-----w- c:\program files\SpecsIntact
2010-07-01 15:39 . 2007-07-30 13:34 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 18:11 . 2007-07-30 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 15:35 . 2010-06-21 15:35 -------- d-----w- c:\users\MThomas\AppData\Roaming\Uniblue
2010-06-02 15:47 . 2010-04-23 04:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 17:06 . 2010-06-11 01:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 01:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-02 15:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-07-30 20:57 . 2007-07-30 20:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"BtHidUi"="c:\program files\CSR\Vista Profile Pack\BtHidUi.exe" [2006-11-15 1298432]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 66560]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 218688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-04-03 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"="c:\progra~1\INSTAL~1\{A350E~1\setup.exe" [2010-02-04 455600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-30 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-6 784912]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1004336348-1606980848-1232\Scripts\Logon\0\0]
"Script"=logon.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1004336348-1606980848-1232\Scripts\Logon\0\1]
"Script"=PushPrinterConnections.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^MThomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Status Board.url]
path=c:\users\MThomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Status Board.url
backup=c:\windows\pss\Status Board.url.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-02 01:22 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:e9,ee,bf,a3,e9,df,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-12-01 13824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:43]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
MSConfigStartUp-GoBoingo - c:\program files\Boingo\GoBoingo\GoBoingo.lnk
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-RAM Concept 2.1 - c:\progra~1\Ram\RAMCON~1.1\UNWISE.EXE



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t******?**?***********???#\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*t'7\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*$\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*?D$T\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*?o\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*@O\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c p t
ߊ.\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*V5]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*V5\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*c*V5]
@Allowed: (Read) (RestrictedCode)
"0"=hex:49,3a,5c,50,72,6f,6a,65,63,74,73,5c,32,30,31,30,5c,31,30,30,34,31,2d,
30,30,34,37,20,4b,54,45,41,20,43,2d,53,74,6f,72,65,5c,50,72,6f,6a,65,63,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'Explorer.exe'(6992)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\VetRedir.dll
c:\program files\CA\eTrustITM\ISafe\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\CA\eTrustITM\ppcl.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\CA\eTrustITM\ppcl.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\CSR\Vista Profile Pack\HidSw.exe
c:\windows\sttray.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-14 22:49:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 05:49

Pre-Run: 28,387,409,920 bytes free
Post-Run: 27,976,089,600 bytes free

- - End Of File - - 56343CDE85522BDA0B03F1F9D68C9095


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 AM

Posted 15 August 2010 - 01:08 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\users\MThomas\AppData\Local\Arukagoxutux.bin
c:\users\MThomas\AppData\Local\Xwihacud.dat


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 August 2010 - 01:28 AM

Everything seems to be okay. Here's the report.

ComboFix 10-08-14.02 - mthomas 08/14/2010 23:13:47.2.2 - x86
Microsoft Windows Vista Business 6.0.6002.2.1252.1.1033.18.2045.969 [GMT -7:00]
Running from: c:\users\MThomas\Desktop\ComboFix.exe
Command switches used :: c:\users\MThomas\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\MThomas\AppData\Local\Arukagoxutux.bin"
"c:\users\MThomas\AppData\Local\Xwihacud.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MThomas\AppData\Local\Arukagoxutux.bin
c:\users\MThomas\AppData\Local\Xwihacud.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\users\MThomas\AppData\Local\temp
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\users\Matthew Thomas\AppData\Local\temp
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 06:23 . 2010-08-15 06:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-14 20:08 . 2010-08-14 20:08 -------- d-----w- c:\users\MThomas\AppData\Roaming\Malwarebytes
2010-08-14 20:07 . 2010-08-14 20:07 -------- d-----w- c:\progra~2\Malwarebytes
2010-08-14 20:07 . 2010-08-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 22:28 . 2010-08-10 22:28 -------- d-----w- c:\program files\COMODO
2010-08-02 20:45 . 2010-08-02 20:45 -------- d-----w- c:\program files\Autodesk
2010-08-02 20:41 . 2010-08-15 05:36 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-27 17:19 . 2010-07-27 17:19 -------- d-----w- c:\program files\iPod
2010-07-27 17:18 . 2010-07-27 17:20 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\program files\QuickTime
2010-07-27 17:04 . 2010-07-27 17:04 -------- d-----w- c:\program files\Bonjour
2010-07-26 18:23 . 2010-07-26 18:23 -------- d-----w- c:\users\MThomas\AppData\Roaming\Bentley
2010-07-19 22:02 . 2010-07-19 22:02 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 06:11 . 2007-10-24 16:06 -------- d-----w- c:\program files\Common Files\TJ Shared
2010-08-15 05:38 . 2007-08-04 16:30 0 ----a-w- c:\users\MThomas\AppData\Local\WavXMapDrive.bat
2010-08-15 05:33 . 2007-07-30 13:05 2140 ----a-w- c:\windows\bthservsdp.dat
2010-08-15 03:47 . 2007-08-04 16:30 93512 ----a-w- c:\users\MThomas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-15 03:18 . 2007-07-30 13:32 -------- d-----w- c:\progra~2\Microsoft Help
2010-08-15 03:01 . 2007-08-04 17:58 -------- d-----w- c:\progra~2\FLEXnet
2010-08-15 03:01 . 2007-08-04 17:13 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-08-15 03:01 . 2010-06-21 15:35 -------- d-----w- c:\program files\Uniblue
2010-08-14 20:49 . 2007-08-06 14:40 62378 ----a-w- c:\users\MThomas\AppData\Roaming\nvModes.dat
2010-08-09 20:06 . 2008-09-03 18:10 -------- d-----w- c:\program files\ENERCALC_6
2010-08-06 18:53 . 2008-03-11 16:11 -------- d-----w- c:\program files\CMD06
2010-08-02 23:43 . 2008-08-19 18:23 302 ----a-w- c:\windows\system32\tracklog.sys
2010-08-02 20:45 . 2007-08-06 22:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-07-27 17:20 . 2008-12-26 05:51 -------- d-----w- c:\program files\iTunes
2010-07-27 17:19 . 2008-12-26 05:47 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 00:12 . 2007-10-12 22:09 -------- d-----w- c:\program files\CostWork
2010-07-15 16:53 . 2010-04-23 04:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:53 . 2010-07-15 16:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:52 . 2010-04-23 04:53 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 15:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-03 21:52 . 2010-06-29 21:13 -------- d-----w- c:\users\MThomas\AppData\Roaming\SpecsIntact
2010-07-03 21:52 . 2010-06-29 18:11 -------- d-----w- c:\program files\SpecsIntact
2010-07-01 15:39 . 2007-07-30 13:34 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 18:11 . 2007-07-30 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 15:35 . 2010-06-21 15:35 -------- d-----w- c:\users\MThomas\AppData\Roaming\Uniblue
2010-06-02 15:47 . 2010-04-23 04:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 17:06 . 2010-06-11 01:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 01:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-02 15:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-07-30 20:57 . 2007-07-30 20:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"BtHidUi"="c:\program files\CSR\Vista Profile Pack\BtHidUi.exe" [2006-11-15 1298432]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 66560]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 218688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-04-03 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-30 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-6 784912]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1004336348-1606980848-1232\Scripts\Logon\0\0]
"Script"=logon.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1004336348-1606980848-1232\Scripts\Logon\0\1]
"Script"=PushPrinterConnections.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^MThomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Status Board.url]
path=c:\users\MThomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Status Board.url
backup=c:\windows\pss\Status Board.url.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-02 01:22 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:e9,ee,bf,a3,e9,df,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-12-01 13824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:43]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 23:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t******?**?***********???#\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*t'7\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*$\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*?D$T\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*?o\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*@O\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c p t
ߊ.\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*V5]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*V5\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*c*V5]
@Allowed: (Read) (RestrictedCode)
"0"=hex:49,3a,5c,50,72,6f,6a,65,63,74,73,5c,32,30,31,30,5c,31,30,30,34,31,2d,
30,30,34,37,20,4b,54,45,41,20,43,2d,53,74,6f,72,65,5c,50,72,6f,6a,65,63,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-08-14 23:26:58
ComboFix-quarantined-files.txt 2010-08-15 06:26
ComboFix2.txt 2010-08-15 05:49

Pre-Run: 28,003,041,280 bytes free
Post-Run: 27,967,397,888 bytes free

- - End Of File - - 2204E32F544807164C3A2A0C32AEA4F4


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 AM

Posted 15 August 2010 - 01:42 AM

Hello

I want to see this report

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\qoobox\ComboFix2.txt
  • click ok
  • copy and paste the report into this topic for me to review



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 August 2010 - 01:45 AM

ComboFix 10-08-14.02 - mthomas 08/14/2010 22:20:39.1.2 - x86
Microsoft Windows Vista Business 6.0.6002.2.1252.1.1033.18.2045.1110 [GMT -7:00]
Running from: c:\users\MThomas\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\MThomas\AppData\Local\{18FC298E-6C58-4DBA-899A-AD6619299A5E}
c:\users\MThomas\AppData\Local\{18FC298E-6C58-4DBA-899A-AD6619299A5E}\chrome\content\overlay.xul
c:\users\MThomas\AppData\Local\{18FC298E-6C58-4DBA-899A-AD6619299A5E}\install.rdf
c:\users\MThomas\AppData\Local\{A4B6507E-6776-4D01-AAE9-DD679CA8730D}
c:\users\MThomas\AppData\Local\{A4B6507E-6776-4D01-AAE9-DD679CA8730D}\chrome\content\overlay.xul
c:\users\MThomas\AppData\Local\{A4B6507E-6776-4D01-AAE9-DD679CA8730D}\install.rdf
c:\users\MThomas\g2mdlhlpx.exe
c:\windows\jestertb.dll
c:\windows\system32\%appdata%
c:\windows\system32\lsprst7.dll

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 05:32 . 2010-08-15 05:38 -------- d-----w- c:\users\MThomas\AppData\Local\temp
2010-08-15 05:32 . 2010-08-15 05:32 -------- d-----w- c:\users\Matthew Thomas\AppData\Local\temp
2010-08-15 05:32 . 2010-08-15 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 05:32 . 2010-08-15 05:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-14 20:08 . 2010-08-14 20:08 -------- d-----w- c:\users\MThomas\AppData\Roaming\Malwarebytes
2010-08-14 20:07 . 2010-08-14 20:07 -------- d-----w- c:\progra~2\Malwarebytes
2010-08-14 20:07 . 2010-08-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 14:18 . 2010-08-14 18:17 0 ----a-w- c:\users\MThomas\AppData\Local\Arukagoxutux.bin
2010-08-14 14:18 . 2010-08-14 18:17 120 ----a-w- c:\users\MThomas\AppData\Local\Xwihacud.dat
2010-08-10 22:28 . 2010-08-10 22:28 -------- d-----w- c:\program files\COMODO
2010-08-02 20:45 . 2010-08-02 20:45 -------- d-----w- c:\program files\Autodesk
2010-08-02 20:41 . 2010-08-15 05:36 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-27 17:19 . 2010-07-27 17:19 -------- d-----w- c:\program files\iPod
2010-07-27 17:18 . 2010-07-27 17:20 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\program files\QuickTime
2010-07-27 17:04 . 2010-07-27 17:04 -------- d-----w- c:\program files\Bonjour
2010-07-26 18:23 . 2010-07-26 18:23 -------- d-----w- c:\users\MThomas\AppData\Roaming\Bentley
2010-07-19 22:02 . 2010-07-19 22:02 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 05:38 . 2007-08-04 16:30 0 ----a-w- c:\users\MThomas\AppData\Local\WavXMapDrive.bat
2010-08-15 05:33 . 2007-07-30 13:05 2140 ----a-w- c:\windows\bthservsdp.dat
2010-08-15 05:31 . 2007-10-24 16:06 -------- d-----w- c:\program files\Common Files\TJ Shared
2010-08-15 03:47 . 2007-08-04 16:30 93512 ----a-w- c:\users\MThomas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-15 03:18 . 2007-07-30 13:32 -------- d-----w- c:\progra~2\Microsoft Help
2010-08-15 03:01 . 2007-08-04 17:58 -------- d-----w- c:\progra~2\FLEXnet
2010-08-15 03:01 . 2007-08-04 17:13 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-08-15 03:01 . 2010-06-21 15:35 -------- d-----w- c:\program files\Uniblue
2010-08-14 20:49 . 2007-08-06 14:40 62378 ----a-w- c:\users\MThomas\AppData\Roaming\nvModes.dat
2010-08-09 20:06 . 2008-09-03 18:10 -------- d-----w- c:\program files\ENERCALC_6
2010-08-06 18:53 . 2008-03-11 16:11 -------- d-----w- c:\program files\CMD06
2010-08-02 23:43 . 2008-08-19 18:23 302 ----a-w- c:\windows\system32\tracklog.sys
2010-08-02 20:45 . 2007-08-06 22:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-07-27 17:20 . 2008-12-26 05:51 -------- d-----w- c:\program files\iTunes
2010-07-27 17:19 . 2008-12-26 05:47 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 00:12 . 2007-10-12 22:09 -------- d-----w- c:\program files\CostWork
2010-07-15 16:53 . 2010-04-23 04:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:53 . 2010-07-15 16:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:52 . 2010-04-23 04:53 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 15:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-03 21:52 . 2010-06-29 21:13 -------- d-----w- c:\users\MThomas\AppData\Roaming\SpecsIntact
2010-07-03 21:52 . 2010-06-29 18:11 -------- d-----w- c:\program files\SpecsIntact
2010-07-01 15:39 . 2007-07-30 13:34 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 18:11 . 2007-07-30 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 15:35 . 2010-06-21 15:35 -------- d-----w- c:\users\MThomas\AppData\Roaming\Uniblue
2010-06-02 15:47 . 2010-04-23 04:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 17:06 . 2010-06-11 01:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 01:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-02 15:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-07-30 20:57 . 2007-07-30 20:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"BtHidUi"="c:\program files\CSR\Vista Profile Pack\BtHidUi.exe" [2006-11-15 1298432]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 66560]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 218688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-04-03 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"="c:\progra~1\INSTAL~1\{A350E~1\setup.exe" [2010-02-04 455600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-30 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-6 784912]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1004336348-1606980848-1232\Scripts\Logon\0\0]
"Script"=logon.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1004336348-1606980848-1232\Scripts\Logon\0\1]
"Script"=PushPrinterConnections.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^MThomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Status Board.url]
path=c:\users\MThomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Status Board.url
backup=c:\windows\pss\Status Board.url.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-02 01:22 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:e9,ee,bf,a3,e9,df,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-12-01 13824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:43]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
MSConfigStartUp-GoBoingo - c:\program files\Boingo\GoBoingo\GoBoingo.lnk
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-RAM Concept 2.1 - c:\progra~1\Ram\RAMCON~1.1\UNWISE.EXE



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t******?**?***********???#\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*t'7\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*$\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*?D$T\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*?o\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*p*t*@O\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c p t
ߊ.\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*V5]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*V5\OpenWithList]
@Class="Shell"
"a"="Concept.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-776561741-1004336348-1606980848-1232\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*c*V5]
@Allowed: (Read) (RestrictedCode)
"0"=hex:49,3a,5c,50,72,6f,6a,65,63,74,73,5c,32,30,31,30,5c,31,30,30,34,31,2d,
30,30,34,37,20,4b,54,45,41,20,43,2d,53,74,6f,72,65,5c,50,72,6f,6a,65,63,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'Explorer.exe'(6992)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\VetRedir.dll
c:\program files\CA\eTrustITM\ISafe\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\CA\eTrustITM\ppcl.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\CA\eTrustITM\ppcl.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\CSR\Vista Profile Pack\HidSw.exe
c:\windows\sttray.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-14 22:49:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 05:49

Pre-Run: 28,387,409,920 bytes free
Post-Run: 27,976,089,600 bytes free

- - End Of File - - 56343CDE85522BDA0B03F1F9D68C9095


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 AM

Posted 15 August 2010 - 01:52 AM

hello

I am sorry this is the report that I wanted

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\Qoobox\Add-Remove Programs.txt
  • click ok
  • copy and paste the report into this topic for me to review



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 August 2010 - 01:53 AM


Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.4 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
AISIWIN - Clark Western 7.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Autodesk Design Review 2011
AVG Free 9.0
Bejeweled 2 Deluxe (remove only)
Bentley IEG License Service
Bentley IEGLicensing
Bentley OpenSTAAD OEM
biolsp patch
Bonjour
Broadcom Management Programs
CA eTrustITM Agent
CA iTechnology iGateway
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCScore
Cda Product Service - shared component
CFS Version 5.0.3
CMD06 6.03
Conexant HDA D110 MDC V.92 Modem
CostWorks 2010
Decon STDesign 3.0
Dell Driver Download Manager
Dell Embassy Trust Suite by Wave Systems
Dell System Customization Wizard
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
DWG TrueView 2010
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ENERCALC Structural Engineering Library 6.0.05
ESC Home Page Plugin
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ETABS
ETS Upgrade
Facebook Plug-In
fflink
Fingerprint Sensor Minimum Install
FloorVibe
GameSpy Comrade
Google Earth
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HSE NET
iLevel Common Registration Licensing
iLevel Forte
iTunes
Java™ SE Runtime Environment 6
KhalInstallWrapper
Kodak EasyShare software
LAN-Fax Utilities
LEGO Digital Designer
Logitech Legacy USB Camera Driver Package
Logitech SetPoint
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2005
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
MovieEdit Task
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NetWaiting
NTRU TCG Software Stack
NVIDIA Drivers
O2Micro USB Smart Card Reader
OfotoXMI
OGA Notifier 2.0.0048.0
pcaColumn v3.63
PhotoStitch
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
RAM Advanse 8.0
RAM CADstudio 2007 Object Enabler
RAM Concept 3.0
RAM Concept V8i Release 3.1
RAM Concept V8i Release 3.1.1
RAM Concept V8i Release 3.3
RAM Connection 4
RAM Connection V8i (SELECTseries 2) Release 6.5
RAM Elements V8i (SELECTseries 2) Release 10.5
RAM License Support
RAM SBeam
RAM SColumn
RAM Single License Lock Utilities
RAM Structural System V8i Release 13.0
RAM Structural System V8i Release 14.0
RAM Structural System V8i Release 14.00.03
RAM Structural System V8i Release 14.00.04.01
RAM Structural System V8i Release 14.02.01.00
RAMBasePlate
RAMCADstudio
RAMSBeam Update
RAW Image Task 2.1
RISA-3D 8.0 Network
RISA-3D 8.1 Network
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Wizards
Sentinel Protection Installer 7.1.0
Sentinel System Driver Installer 7.5.0
SFR
SHASTA
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 Gold
SigmaTel Audio
SimCity 4 Deluxe
skin0001
SKINXSDK
Skype 3.6
Sonic Activation Module
SpecsIntact
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
staticcr
Strong-Wall Shearwall Selector
Synaptics Pointing Device Driver
The AISC Steel Construction Manual Companion
TJ-Beam
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
upekmsi
URL Assistant
User's Guides
Vista Profile Pack
VPRINTOL
Wave Infrastructure Installer
Wave Support Software
Weyerhaeuser Design Engine 4.8.0
Windows Live OneCare safety scanner
WIRELESS


#15 mdt81

mdt81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 August 2010 - 01:54 AM

Also, what's the best way to get rid of all these programs you've had me install and run? Program uninstall through the control panel? Or is there a better way to do that? Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users