Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with a Browser Hijacker


  • This topic is locked This topic is locked
20 replies to this topic

#1 WMAIAS

WMAIAS

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 29 September 2010 - 08:26 AM

Hi,

I think I accidentally posted this in the wrong forum earlier. I believe I have a Hijacker. My browser keeps redirecting me to weird sites that I don't type in. I have run anti-virus, Malwarebytes and AdAware. They all removed something but I am still having the problem. I am running Firefox, but am having the issue when I try to use IE as well. I am on a Windows XP Professional system. My Hijack This log is below. Any suggestions? (REPOSTED WITH UPDATED HIJACK THIS SOFTWARE)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:23:21 AM, on 9/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\jamie b\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jamie b\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1273784040508
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.ias.com
O17 - HKLM\Software\..\Telephony: DomainName = internal.ias.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.ias.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

--
End of file - 13086 bytes


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 03 October 2010 - 02:52 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 05 October 2010 - 08:39 AM



Hi Gringo! Thank you so much for your reply. Here are two of the three logs you requested. I ran the Rootkit report & saved it to my desktop, but it won't open in any format I am familiar with and I am not able to attach it to this post. Is there a better way to do that?

Thanks!


Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/13/2010 3:39:10 PM
System Uptime: 10/5/2010 8:06:44 AM (0 hours ago)

Motherboard: Dell Inc. | | 09KPNV
Processor: Intel® Xeon® CPU W3503 @ 2.40GHz | CPU | 2400/4800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 202.955 GiB free.
D: is CDROM ()
F: is NetworkDisk (NTFS) - 300 GiB total, 136.24 GiB free.
H: is NetworkDisk (NTFS) - 300 GiB total, 136.24 GiB free.
U: is NetworkDisk (NTFS) - 300 GiB total, 136.24 GiB free.
Z: is NetworkDisk (NTFS) - 300 GiB total, 136.24 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP60: 7/7/2010 9:42:34 AM - System Checkpoint
RP61: 7/8/2010 10:35:35 AM - System Checkpoint
RP62: 7/9/2010 11:04:38 AM - System Checkpoint
RP63: 7/10/2010 12:04:38 PM - System Checkpoint
RP64: 7/11/2010 1:04:39 PM - System Checkpoint
RP65: 7/12/2010 1:25:38 PM - System Checkpoint
RP66: 7/13/2010 1:36:39 PM - System Checkpoint
RP67: 7/14/2010 1:41:50 PM - System Checkpoint
RP68: 7/15/2010 5:13:57 PM - System Checkpoint
RP69: 7/16/2010 5:25:43 PM - System Checkpoint
RP70: 7/17/2010 6:11:34 PM - System Checkpoint
RP71: 7/18/2010 7:11:34 PM - System Checkpoint
RP72: 7/19/2010 7:13:02 PM - System Checkpoint
RP73: 7/20/2010 8:13:02 PM - System Checkpoint
RP74: 7/22/2010 7:55:30 AM - System Checkpoint
RP75: 7/23/2010 8:12:10 AM - System Checkpoint
RP76: 7/24/2010 8:13:04 AM - System Checkpoint
RP77: 7/25/2010 9:13:05 AM - System Checkpoint
RP78: 7/26/2010 10:13:05 AM - System Checkpoint
RP79: 7/27/2010 11:13:06 AM - System Checkpoint
RP80: 7/28/2010 12:13:07 PM - System Checkpoint
RP81: 7/29/2010 1:13:07 PM - System Checkpoint
RP82: 7/30/2010 2:13:08 PM - System Checkpoint
RP83: 7/31/2010 3:04:15 PM - System Checkpoint
RP84: 8/1/2010 4:04:16 PM - System Checkpoint
RP85: 8/2/2010 4:16:32 PM - System Checkpoint
RP86: 8/3/2010 4:31:00 PM - System Checkpoint
RP87: 8/4/2010 5:16:41 PM - System Checkpoint
RP88: 8/5/2010 5:31:39 PM - System Checkpoint
RP89: 8/6/2010 6:19:37 PM - System Checkpoint
RP90: 8/7/2010 7:19:37 PM - System Checkpoint
RP91: 8/8/2010 8:19:37 PM - System Checkpoint
RP92: 8/9/2010 9:19:37 PM - System Checkpoint
RP93: 8/10/2010 10:19:37 PM - System Checkpoint
RP94: 8/11/2010 11:19:37 PM - System Checkpoint
RP95: 8/13/2010 12:19:39 AM - System Checkpoint
RP96: 8/14/2010 1:19:37 AM - System Checkpoint
RP97: 8/15/2010 2:19:37 AM - System Checkpoint
RP98: 8/16/2010 3:19:37 AM - System Checkpoint
RP99: 8/17/2010 4:19:37 AM - System Checkpoint
RP100: 8/18/2010 5:19:37 AM - System Checkpoint
RP101: 8/23/2010 1:17:24 PM - System Checkpoint
RP102: 8/25/2010 9:15:18 AM - System Checkpoint
RP103: 8/27/2010 8:17:55 AM - System Checkpoint
RP104: 8/31/2010 8:13:59 AM - System Checkpoint
RP105: 9/1/2010 9:29:39 AM - System Checkpoint
RP106: 9/2/2010 9:43:19 AM - System Checkpoint
RP107: 9/4/2010 9:09:32 PM - System Checkpoint
RP108: 9/7/2010 8:54:30 AM - System Checkpoint
RP109: 9/8/2010 9:49:55 AM - System Checkpoint
RP110: 9/9/2010 1:11:00 PM - System Checkpoint
RP111: 9/12/2010 8:56:16 AM - System Checkpoint
RP112: 9/13/2010 10:26:09 AM - System Checkpoint
RP113: 9/14/2010 11:06:09 AM - System Checkpoint
RP114: 9/15/2010 1:30:21 PM - Installed Adobe Acrobat 8 Professional
RP115: 9/15/2010 2:01:10 PM - Installed QuickBooks.
RP116: 9/16/2010 8:18:44 AM - Installed Java™ 6 Update 21
RP117: 9/17/2010 8:53:05 AM - System Checkpoint
RP118: 9/20/2010 12:11:38 PM - System Checkpoint
RP119: 9/22/2010 8:43:21 AM - System Checkpoint
RP120: 9/23/2010 1:21:51 PM - System Checkpoint
RP121: 9/27/2010 6:42:17 AM - System Checkpoint
RP122: 9/27/2010 3:07:42 PM - Installed AVG Free 9.0
RP123: 9/28/2010 8:53:24 AM - Avg Update
RP124: 9/28/2010 8:54:30 AM - Avg Update
RP125: 9/29/2010 11:39:51 AM - System Checkpoint
RP126: 9/30/2010 2:09:48 PM - System Checkpoint
RP127: 10/1/2010 5:21:51 PM - System Checkpoint
RP128: 10/4/2010 11:44:19 AM - System Checkpoint
RP129: 10/4/2010 12:10:24 PM - Avg Update
RP130: 10/4/2010 12:11:32 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Amazon MP3 Downloader 1.0.10
ATI Catalyst Control Center
ATI Display Driver
AVG Free 9.0
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DCP32MMWrapper
Dell AIO Printer A920
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Dreamweaver UltraDev 4
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
NTRU TCG Software Stack
PowerDVD DX
Preboot Manager
Private Information Manager
QuickBooks
QuickBooks Pro 2009
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB979365)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Wizards
Segoe UI
Skins
SmarterMail Sync for Outlook 2003 and above
SO32MMWrapper
Spybot - Search & Destroy
SupportSoft Assisted Service
Symantec AntiVirus Client
Trusted Drive Manager
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Winbond TPM Device Driver
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/28/2010 9:07:06 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/28/2010 8:07:55 AM, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 00000001, parameter4 85afd320.
9/28/2010 8:07:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QuickBooksDB19 service to connect.
9/28/2010 8:07:02 AM, error: Service Control Manager [7000] - The QuickBooksDB19 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2010 1:17:22 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Not enough storage is available to process this command.
9/28/2010 1:17:22 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Not enough storage is available to process this command.
9/28/2010 1:06:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/28/2010 1:06:16 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2010 8:16:07 AM, error: NAVAP [20] - Unable to initialize the virus scanning engine database files.
10/4/2010 8:05:01 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/1/2010 8:18:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FLEXnet Licensing Service service to connect.
10/1/2010 8:18:53 AM, error: Service Control Manager [7000] - The FLEXnet Licensing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================





DDS Log:



DDS (Ver_10-03-17.01) - NTFSx86
Run by jamie b at 8:30:18.35 on Tue 10/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.401 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\jamie b\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jamie b\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\jamie b\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\community
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273784040508
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-27 64288]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-4-23 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-27 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-27 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-27 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-27 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101001.002\NAVENG.sys [2010-10-2 86064]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101001.002\NAVEX15.sys [2010-10-2 1371184]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

=============== Created Last 30 ================

2010-10-05 13:29:21 0 ----a-w- c:\documents and settings\jamie b\defogger_reenable
2010-10-01 15:43:47 436 ----a-w- c:\windows\QXPENSE.INI
2010-09-30 13:12:41 0 ----a-w- c:\windows\vpc32.INI
2010-09-29 16:02:05 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-29 16:02:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-28 18:25:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-28 18:25:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-28 18:09:16 0 d-----w- c:\windows\system32\appmgmt
2010-09-28 18:03:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-27 21:05:39 0 d--h--w- C:\$AVG
2010-09-27 20:54:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-27 20:54:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-27 20:35:15 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-27 20:34:40 0 d-----w- c:\program files\Lavasoft
2010-09-27 20:10:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-27 20:10:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-27 20:10:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-27 20:10:00 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-27 20:07:56 0 d-----w- c:\program files\AVG
2010-09-27 20:07:43 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-27 19:30:14 0 d-----w- c:\program files\Trend Micro
2010-09-23 20:39:02 0 d-----w- C:\spoolerlogs
2010-09-23 18:34:53 0 d-----w- c:\documents and settings\jamie b\Tracing
2010-09-17 21:55:57 0 d-----w- c:\program files\Amazon
2010-09-16 14:28:05 0 d-----w- c:\program files\Dell AIO Printer A920
2010-09-16 14:27:55 69632 ----a-w- c:\windows\system32\dlbkscin.dll
2010-09-16 14:27:55 57344 ----a-w- c:\windows\system32\dlbkcinf.dll
2010-09-16 14:27:55 49152 ----a-w- c:\windows\system32\dlbkcoin.dll
2010-09-16 14:27:55 255 ----a-w- c:\windows\system32\dlbkcoin.ini
2010-09-16 14:27:55 0 d-----w- c:\program files\Dell A920
2010-09-16 14:27:48 299520 ----a-w- c:\windows\uninst.exe
2010-09-16 13:59:07 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-09-16 13:59:07 20352 ----a-w- c:\windows\system32\drivers\hidbatt.sys
2010-09-16 13:59:07 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-09-16 13:59:07 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-09-16 13:59:07 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-09-16 13:59:07 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-09-16 13:59:03 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-16 13:59:03 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-16 13:19:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 19:06:28 0 d-----w- c:\program files\common files\supportsoft
2010-09-15 19:06:01 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2010-09-15 19:05:59 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-09-15 19:01:18 0 d-----w- c:\program files\common files\Intuit
2010-09-15 19:01:17 0 d-----w- c:\program files\Intuit
2010-09-15 19:01:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-09-15 18:58:36 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini
2010-09-15 18:58:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10
2010-09-15 18:58:35 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-09-15 18:36:07 0 d-----w- c:\program files\common files\Macrovision Shared
2010-09-15 15:28:00 0 d-----w- c:\docume~1\jamieb~1\applic~1\Malwarebytes
2010-09-15 15:27:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 15:27:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-15 14:06:59 0 d-----w- c:\program files\common files\Macromedia
2010-09-15 14:06:51 0 d-----w- c:\program files\Macromedia
2010-09-14 17:50:27 0 d-----w- c:\windows\pss
2010-09-14 15:22:37 0 d-----w- c:\docume~1\jamieb~1\applic~1\Windows Search
2010-09-14 15:22:18 0 d-sh--w- c:\documents and settings\jamie b\PrivacIE
2010-09-14 15:12:30 0 d-----w- c:\docume~1\jamieb~1\applic~1\Windows Desktop Search
2010-09-14 15:12:30 0 d-----w- c:\docume~1\jamieb~1\applic~1\Wave Systems Corp
2010-09-14 15:12:30 0 d-----w- c:\docume~1\jamieb~1\applic~1\Broadcom

==================== Find3M ====================


============= FINISH: 8:31:14.95 ===============





#4 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 05 October 2010 - 08:43 AM



I was able to copy the Rootkit report into Notepad. Here is that one.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF687C000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4452352 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1EE000 C:\WINDOWS\System32\ati3duag.dll 3014656 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF4CE000 C:\WINDOWS\System32\ativvaxx.dll 2142208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAE4A3000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 897024 bytes
0xF73E6000 iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 651264 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7310000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF107000 C:\WINDOWS\System32\atikvmag.dll 552960 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAE5B2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF18E000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xECA8F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAE6F7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAE7A7000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 356352 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xAB6A9000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA875000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAB042000 C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys 253952 bytes (Symantec Corporation, AutoProtect)
0xAE6BD000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAE57E000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xABA5E000 C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 212992 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0xF67EA000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 204800 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xECAED000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7517000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAB829000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72E3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE622000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF681C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAE66F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74C1000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAE697000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAE783000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6844000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xECB45000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAE64D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134528 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73C6000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74E7000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72C9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF739D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xECB2E000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAAD8B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF67D6000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6868000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAE750000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73B4000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xAB728000 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS 69632 bytes (Symantec Corporation, NAVAPEL)
0xF7506000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xECB1D000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAB080000 C:\Program Files\Symantec\SYMEVENT.SYS 69632 bytes (Symantec Corporation, Symantec Event Library)
0xF7826000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF0638000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6CFB000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEF831000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7696000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF0628000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7736000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEEDEF000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7686000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF0618000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7666000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF05F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xEF7D1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7656000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76B6000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xF0608000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76A6000 sfaudio.sys 45056 bytes (Sonic Focus, Inc, Sonic Focus DSP driver for ADI)
0xF7646000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xEED8F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEEDFF000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7676000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7716000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6D0B000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF05E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF7F1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAADC8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7796000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xEFE28000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7966000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xEFE40000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF02EC000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xEFE20000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF35DB000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF35D3000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF795E000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEFE38000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF02E4000 C:\WINDOWS\system32\DRIVERS\HidBatt.sys 20480 bytes (Microsoft Corporation, Hid Battery Driver)
0xEFE30000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A36000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF35E3000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF35A3000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF02C4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA869000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7A5E000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xEF3F5000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xED43F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7268000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7254000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEF3DD000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7A56000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A5A000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6E53000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF3292000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEFB9A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xEF401000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF32A6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEFB92000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B16000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7BF8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B4A000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BF6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B46000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BFA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BFC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BE0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BE4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B48000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CC3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEFFFE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D43000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
!!!!!!!!!!!Hidden driver: 0x85BF6AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x85993A20 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF73E6000 WARNING: suspicious driver modification [iaStor.sys::0x85BF6AEA]
0x012D0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 102400 bytes
0x066D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 102400 bytes
0x06700000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 102400 bytes
0x04E80000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 110592 bytes
0x01290000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x85454020 ] PID: 2436, 118784 bytes
0x03DB0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 118784 bytes
0x06D70000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 1224704 bytes
0x01300000 Hidden Image-->SmithMicro.Common.dll [ EPROCESS 0x8551E3F8 ] PID: 1164, 143360 bytes
0x063C0000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 151552 bytes
0x06890000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 1740800 bytes
0x06380000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 208896 bytes
0x05DC0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 217088 bytes
0x07260000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 282624 bytes
0x018D0000 Hidden Image-->Dell.DcpPlugin.dll [ EPROCESS 0x8551E3F8 ] PID: 1164, 28672 bytes
0x012F0000 Hidden Image-->Interop.Wavx_PluginManagerLib.dll [ EPROCESS 0x8542DBE0 ] PID: 1400, 28672 bytes
0x051E0000 Hidden Image-->Interop.Wavx_PluginManagerLib.dll [ EPROCESS 0x8542DBE0 ] PID: 1400, 28672 bytes
0x01460000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x85454020 ] PID: 2436, 28672 bytes
0x01680000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x85454020 ] PID: 2436, 28672 bytes
0x06150000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04F40000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04880000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x012C0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x012F0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x03ED0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04410000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04860000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x048A0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x049C0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04A50000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04EC0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04EF0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x050A0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x04F70000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x05310000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x05290000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x052C0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x052D0000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x053F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x05350000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x053C0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x053D0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x055F0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x05610000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x05E00000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x062C0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x062E0000 Hidden Image-->Branding.dll [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x06400000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x06320000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x06350000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x066F0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 28672 bytes
0x05720000 Hidden Image-->System.Data.dll [ EPROCESS 0x8530B970 ] PID: 2824, 2961408 bytes
0x05690000 Hidden Image-->PrebootManager.dll [ EPROCESS 0x8542DBE0 ] PID: 1400, 307200 bytes
0x040B0000 Hidden Image-->Dell.SystemOverview.Plugin.dll [ EPROCESS 0x8551E3F8 ] PID: 1164, 339968 bytes
0x07310000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 339968 bytes
0x04E10000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 348160 bytes
0x01800000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x85454020 ] PID: 2436, 36864 bytes
0x03F80000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x03DF0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x03E10000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x03F60000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x05330000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x05460000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x05410000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x055A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x05660000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x062D0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x06310000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 36864 bytes
0x072B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 372736 bytes
0x05530000 Hidden Image-->System.Management.dll [ EPROCESS 0x8542DBE0 ] PID: 1400, 380928 bytes
0x060D0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 413696 bytes
0x06820000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 421888 bytes
0x071A0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 421888 bytes
0x00ED0000 Hidden Image-->CFScan.dll [ EPROCESS 0x85485BE0 ] PID: 1552, 45056 bytes
0x054A0000 Hidden Image-->Interop.PBMCredentialManager.dll [ EPROCESS 0x8542DBE0 ] PID: 1400, 45056 bytes
0x012C0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x85454020 ] PID: 2436, 45056 bytes
0x01330000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x85454020 ] PID: 2436, 45056 bytes
0x017F0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x85454020 ] PID: 2436, 45056 bytes
0x01290000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x012B0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x01330000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x03EE0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x053E0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x05450000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x05590000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x05650000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x05600000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 45056 bytes
0x04A60000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8530B970 ] PID: 2824, 454656 bytes
0x06600000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 503808 bytes
0x054B0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8542DBE0 ] PID: 1400, 507904 bytes
0x03E50000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x03E40000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x03F70000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x04420000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x049B0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x05320000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x05400000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x05570000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x05FB0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x062F0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x06370000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x064D0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 53248 bytes
0x05F20000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 561152 bytes
0x038F0000 Hidden Image-->SmithMicro.Controls.dll [ EPROCESS 0x8551E3F8 ] PID: 1164, 569344 bytes
0x07370000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 585728 bytes
0x05580000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 61440 bytes
0x05700000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 61440 bytes
0x055E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 61440 bytes
0x056D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 61440 bytes
0xF6CFB000 WARNING: Virus alike driver modification [serial.sys], 65536 bytes
0x06210000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 659456 bytes
0x03DD0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 69632 bytes
0x03E20000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 69632 bytes
0x03F20000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x8530B970 ] PID: 2824, 69632 bytes
0x05270000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 69632 bytes
0x055B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 69632 bytes
0x056B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 69632 bytes
0x01340000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x85454020 ] PID: 2436, 77824 bytes
0x01300000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 77824 bytes
0x052F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 77824 bytes
0x05380000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 77824 bytes
0x074D0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 790528 bytes
0x05360000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 86016 bytes
0x06330000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 86016 bytes
0x056E0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8530B970 ] PID: 2824, 94208 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 05 October 2010 - 11:53 AM

Greetings

One or more of the identified infections is Known as a Backdoor Trojan. - TDSS rootkit <--please read

What this virus does do.
QUOTE
Functionality
The functionality that the Trojan exhibits implies that it has been designed with profit-making as its primary objective. Making money from the Web typically involves generating Web traffic, installing pay-per-install software and also by generating sales leads for other Web sites and services of a dubious nature. It tries to achieve its objective by employing an array of techniques to try and make the user participate in these income-generating activities.


What the virus can do.
QUOTE
Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer.


This "could" allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can clean this machine but I cannot guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 05 October 2010 - 03:15 PM

I disabled all my anti-malware & anti-virus software. Closed all open programs. I downloaded Combofix and double clicked it. When the window opens asking if I want to run it or cancel, I click "Run" & nothing ever happens. Nothing ever runs. No window pops up, no report, nothing. What does that mean?

#7 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 05 October 2010 - 03:19 PM

I even clicked on "Properties" on the context menu & there was an option to "Unblock" the program since it came from another computer. I have never seen that before, but I unblocked it anyway & tried again. Nothing happened.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 05 October 2010 - 04:52 PM

Hello

run this first and send me the report


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 05 October 2010 - 04:58 PM

2010/10/05 16:53:48.0359 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/05 16:53:48.0359 ================================================================================
2010/10/05 16:53:48.0359 SystemInfo:
2010/10/05 16:53:48.0359
2010/10/05 16:53:48.0359 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/05 16:53:48.0359 Product type: Workstation
2010/10/05 16:53:48.0359 ComputerName: WS051310
2010/10/05 16:53:48.0359 UserName: jamie b
2010/10/05 16:53:48.0359 Windows directory: C:\WINDOWS
2010/10/05 16:53:48.0359 System windows directory: C:\WINDOWS
2010/10/05 16:53:48.0359 Processor architecture: Intel x86
2010/10/05 16:53:48.0359 Number of processors: 2
2010/10/05 16:53:48.0359 Page size: 0x1000
2010/10/05 16:53:48.0359 Boot type: Normal boot
2010/10/05 16:53:48.0359 ================================================================================
2010/10/05 16:53:48.0625 Initialize success
2010/10/05 16:53:49.0968 ================================================================================
2010/10/05 16:53:49.0968 Scan started
2010/10/05 16:53:49.0968 Mode: Manual;
2010/10/05 16:53:49.0968 ================================================================================
2010/10/05 16:53:50.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/05 16:53:50.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/05 16:53:50.0828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/05 16:53:50.0953 ADIHdAudAddService (053a070bd25649abbbad7862aea051d0) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/10/05 16:53:51.0125 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/05 16:53:51.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/05 16:53:51.0390 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/05 16:53:51.0484 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/05 16:53:51.0515 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/05 16:53:51.0625 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/05 16:53:51.0734 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/05 16:53:52.0000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/05 16:53:52.0062 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/05 16:53:52.0078 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/05 16:53:52.0125 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/05 16:53:52.0125 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/05 16:53:52.0171 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/05 16:53:52.0187 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/05 16:53:52.0234 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/05 16:53:52.0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/05 16:53:52.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/05 16:53:53.0062 ati2mtag (f19574cf15797150b79424139deecb97) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/05 16:53:53.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/05 16:53:53.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/05 16:53:53.0359 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/10/05 16:53:53.0390 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/10/05 16:53:53.0453 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/10/05 16:53:53.0484 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/05 16:53:53.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/05 16:53:53.0656 Blfp (a341cdb0beb6880f11678944f292dd16) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
2010/10/05 16:53:53.0750 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/05 16:53:53.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/05 16:53:53.0796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/05 16:53:53.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/05 16:53:54.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/05 16:53:54.0156 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/05 16:53:54.0312 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/05 16:53:54.0359 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/05 16:53:54.0468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/05 16:53:54.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/05 16:53:54.0656 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/05 16:53:54.0765 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/05 16:53:54.0812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/05 16:53:54.0968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/05 16:53:55.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/05 16:53:55.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/05 16:53:55.0203 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/05 16:53:55.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/05 16:53:55.0375 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/05 16:53:55.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/05 16:53:55.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/05 16:53:55.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/05 16:53:55.0687 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/05 16:53:55.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/05 16:53:55.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/05 16:53:56.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/05 16:53:56.0093 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/05 16:53:56.0218 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/10/05 16:53:56.0343 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/05 16:53:56.0406 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/05 16:53:56.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/05 16:53:56.0593 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/05 16:53:56.0625 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/05 16:53:56.0750 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/05 16:53:56.0859 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/05 16:53:56.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/05 16:53:56.0937 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/05 16:53:56.0984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/05 16:53:57.0046 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/05 16:53:57.0078 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/05 16:53:57.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/05 16:53:57.0109 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/05 16:53:57.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/05 16:53:57.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/05 16:53:57.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/05 16:53:57.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/05 16:53:57.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/05 16:53:57.0656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/05 16:53:57.0703 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/05 16:53:57.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/05 16:53:57.0843 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/05 16:53:57.0906 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/10/05 16:53:57.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/05 16:53:58.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/05 16:53:58.0140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/05 16:53:58.0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/05 16:53:58.0218 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/05 16:53:58.0250 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/05 16:53:58.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/05 16:53:58.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/05 16:53:58.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/05 16:53:58.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/05 16:53:58.0578 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/05 16:53:58.0687 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/05 16:53:58.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/05 16:53:59.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/05 16:53:59.0421 NAVAP (37ac23b6a5ff044f9b84d14a4008556e) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
2010/10/05 16:53:59.0468 NAVAPEL (287085edfb3eaad31b75f137b644994d) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
2010/10/05 16:53:59.0656 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101001.002\NAVENG.sys
2010/10/05 16:54:00.0093 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101001.002\NAVEX15.sys
2010/10/05 16:54:00.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/05 16:54:00.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/05 16:54:00.0625 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/05 16:54:00.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/05 16:54:00.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/05 16:54:00.0906 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/05 16:54:00.0953 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/05 16:54:01.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/05 16:54:01.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/05 16:54:01.0265 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/05 16:54:01.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/05 16:54:01.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/05 16:54:01.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/05 16:54:01.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/05 16:54:01.0656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/05 16:54:01.0718 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2010/10/05 16:54:01.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/05 16:54:01.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/05 16:54:01.0906 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/05 16:54:02.0015 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/05 16:54:02.0062 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/05 16:54:02.0171 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/05 16:54:02.0203 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/05 16:54:02.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/05 16:54:02.0312 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/05 16:54:02.0343 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/05 16:54:02.0453 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/05 16:54:02.0500 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/05 16:54:02.0625 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/05 16:54:02.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/05 16:54:02.0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/05 16:54:02.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/05 16:54:02.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/05 16:54:02.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/05 16:54:02.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/05 16:54:02.0968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/05 16:54:03.0000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/05 16:54:03.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/05 16:54:03.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/05 16:54:03.0250 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/05 16:54:03.0328 Serial (ffb66bdc1724eafc75a92e2003a24641) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/05 16:54:03.0328 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: ffb66bdc1724eafc75a92e2003a24641, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
2010/10/05 16:54:03.0328 Serial - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/05 16:54:03.0390 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2010/10/05 16:54:03.0609 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/05 16:54:03.0687 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/05 16:54:03.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/05 16:54:03.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/05 16:54:03.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/05 16:54:03.0828 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/05 16:54:03.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/05 16:54:04.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/05 16:54:04.0062 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/05 16:54:04.0093 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/05 16:54:04.0156 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS
2010/10/05 16:54:04.0234 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/05 16:54:04.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/05 16:54:04.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/05 16:54:04.0390 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/05 16:54:04.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/05 16:54:04.0578 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/05 16:54:04.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/05 16:54:04.0671 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/05 16:54:04.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/05 16:54:04.0765 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/05 16:54:04.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/05 16:54:04.0843 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/05 16:54:04.0875 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/05 16:54:05.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/05 16:54:05.0109 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/05 16:54:05.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/05 16:54:05.0281 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/05 16:54:05.0328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/05 16:54:05.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/05 16:54:05.0421 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/05 16:54:05.0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/05 16:54:05.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/05 16:54:05.0718 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/05 16:54:05.0765 WavxDMgr (a188d488f863ad388c6d0439c7d06a99) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2010/10/05 16:54:05.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/05 16:54:05.0906 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2010/10/05 16:54:05.0953 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/05 16:54:06.0015 ================================================================================
2010/10/05 16:54:06.0015 Scan finished
2010/10/05 16:54:06.0015 ================================================================================
2010/10/05 16:54:06.0015 Detected object count: 1
2010/10/05 16:54:23.0156 Serial (ffb66bdc1724eafc75a92e2003a24641) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/05 16:54:23.0156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: ffb66bdc1724eafc75a92e2003a24641, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
2010/10/05 16:54:23.0968 Backup copy found, using it..
2010/10/05 16:54:23.0968 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured after reboot
2010/10/05 16:54:23.0968 Rootkit.Win32.TDSS.tdl3(Serial) - User select action: Cure
2010/10/05 16:54:40.0906 Deinitialize success


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 05 October 2010 - 05:11 PM

Hello

Good now please to try to run combofix again


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 06 October 2010 - 08:41 AM

Combofix Log:


ComboFix 10-10-05.01 - jamie b 10/06/2010 8:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.503 [GMT -5:00]
Running from: c:\documents and settings\jamie b\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sewell s\Local Settings\Temporary Internet Files\CUSTOM.DICCUSTOM.DIC

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-04 17:10 . 2010-10-04 17:10 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-04 17:10 . 2010-10-04 17:10 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 17:10 . 2010-10-04 17:10 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-09-29 16:02 . 2010-09-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 16:02 . 2010-09-29 21:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-28 18:25 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-28 18:25 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-28 18:03 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-28 13:54 . 2010-09-28 13:54 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-28 13:54 . 2010-09-28 13:54 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-28 13:54 . 2010-09-28 13:54 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-28 13:54 . 2010-09-28 13:54 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-28 13:53 . 2010-09-28 13:53 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-27 21:05 . 2010-09-27 21:05 -------- d-----w- C:\$AVG
2010-09-27 20:54 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-27 20:54 . 2010-09-27 20:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-27 20:35 . 2010-09-27 20:35 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\Sunbelt Software
2010-09-27 20:35 . 2010-09-27 20:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-27 20:35 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-27 20:34 . 2010-09-27 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-27 20:34 . 2010-09-27 20:34 -------- d-----w- c:\program files\Lavasoft
2010-09-27 20:10 . 2010-09-27 20:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-27 20:10 . 2010-09-27 20:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-27 20:10 . 2010-09-27 20:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-27 20:10 . 2010-09-27 20:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-27 20:10 . 2010-10-06 13:09 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-27 20:07 . 2010-09-27 20:07 -------- d-----w- c:\program files\AVG
2010-09-27 20:07 . 2010-09-27 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-27 19:30 . 2010-09-27 19:30 -------- d-----w- c:\program files\Trend Micro
2010-09-24 13:32 . 2010-09-24 13:33 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\PowerDVD DX
2010-09-24 13:32 . 2010-09-24 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-09-23 20:39 . 2010-09-23 20:39 -------- d-----w- C:\spoolerlogs
2010-09-23 19:48 . 2010-09-23 19:48 -------- d-----w- c:\windows\Sun
2010-09-23 18:34 . 2010-09-23 18:34 -------- d-----w- c:\documents and settings\jamie b\Tracing
2010-09-17 21:58 . 2010-09-17 21:58 -------- d-----w- c:\documents and settings\jamie b\Application Data\Amazon
2010-09-17 21:55 . 2010-09-17 21:55 -------- d-----w- c:\program files\Amazon
2010-09-17 14:07 . 2010-09-17 14:07 -------- d-----w- c:\documents and settings\bill j\Local Settings\Application Data\Adobe
2010-09-16 14:27 . 2010-09-16 14:27 -------- d-----w- c:\program files\Dell A920
2010-09-16 14:27 . 2003-05-12 20:02 57344 ----a-w- c:\windows\system32\dlbkcinf.dll
2010-09-16 14:27 . 2003-05-12 20:02 49152 ----a-w- c:\windows\system32\dlbkcoin.dll
2010-09-16 14:27 . 2003-05-12 20:02 69632 ----a-w- c:\windows\system32\dlbkscin.dll
2010-09-16 14:27 . 1997-04-09 01:08 299520 ----a-w- c:\windows\uninst.exe
2010-09-16 13:59 . 2008-04-14 05:06 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-09-16 13:59 . 2008-04-14 05:06 20352 ----a-w- c:\windows\system32\drivers\hidbatt.sys
2010-09-16 13:59 . 2008-04-14 05:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-09-16 13:59 . 2008-04-14 05:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-09-16 13:59 . 2008-04-14 05:06 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-09-16 13:59 . 2008-04-14 05:06 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-09-16 13:59 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-16 13:59 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-16 13:27 . 2010-10-05 18:17 2244 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-09-16 13:19 . 2010-09-16 13:19 503808 ----a-w- c:\documents and settings\jamie b\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42c4e962-n\msvcp71.dll
2010-09-16 13:19 . 2010-09-16 13:19 499712 ----a-w- c:\documents and settings\jamie b\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42c4e962-n\jmc.dll
2010-09-16 13:19 . 2010-09-16 13:19 348160 ----a-w- c:\documents and settings\jamie b\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42c4e962-n\msvcr71.dll
2010-09-16 13:19 . 2010-09-16 13:19 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 13:19 . 2010-09-16 13:19 61440 ----a-w- c:\documents and settings\jamie b\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6c5b75e7-n\decora-sse.dll
2010-09-16 13:19 . 2010-09-16 13:19 12800 ----a-w- c:\documents and settings\jamie b\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6c5b75e7-n\decora-d3d.dll
2010-09-16 13:19 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-16 13:17 . 2010-09-16 13:17 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\Intuit
2010-09-15 22:37 . 2010-09-15 22:37 869664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2010-09-15 22:37 . 2010-09-15 22:36 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2010-09-15 22:37 . 2010-09-15 22:36 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2010-09-15 19:05 . 2009-01-20 22:33 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-09-15 19:01 . 2010-09-15 19:03 -------- d-----w- c:\program files\Common Files\Intuit
2010-09-15 19:01 . 2010-09-15 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-09-15 19:01 . 2010-09-15 19:01 -------- d-----w- c:\program files\Intuit
2010-09-15 18:58 . 2010-09-15 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2010-09-15 18:58 . 2010-09-15 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2010-09-15 18:36 . 2010-10-01 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-09-15 18:36 . 2010-09-15 18:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-15 17:53 . 2010-08-30 19:33 43008 ----a-w- c:\documents and settings\jamie b\Application Data\Mozilla\Firefox\Profiles\teweo9ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-15 17:53 . 2010-08-30 19:34 1496064 ----a-w- c:\documents and settings\jamie b\Application Data\Mozilla\Firefox\Profiles\teweo9ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-15 17:53 . 2010-08-30 19:33 338944 ----a-w- c:\documents and settings\jamie b\Application Data\Mozilla\Firefox\Profiles\teweo9ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-15 17:53 . 2010-08-30 19:33 346112 ----a-w- c:\documents and settings\jamie b\Application Data\Mozilla\Firefox\Profiles\teweo9ck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-15 17:52 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\jamie b\Application Data\Mozilla\Firefox\Profiles\teweo9ck.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-09-15 15:28 . 2010-09-15 15:28 -------- d-----w- c:\documents and settings\jamie b\Application Data\Malwarebytes
2010-09-15 15:27 . 2010-09-28 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 15:16 . 2010-09-15 15:16 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\Google
2010-09-15 14:06 . 2010-09-15 14:07 -------- d-----w- c:\program files\Common Files\Macromedia
2010-09-15 14:06 . 2010-09-15 14:07 -------- d-----w- c:\program files\Macromedia
2010-09-14 20:29 . 2010-09-15 18:36 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\Adobe
2010-09-14 17:33 . 2010-09-14 17:33 -------- d-----w- c:\documents and settings\jamie b\Application Data\CyberLink
2010-09-14 15:26 . 2010-09-14 15:26 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\Mozilla
2010-09-14 15:26 . 2010-10-05 13:29 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\Mozilla Firefox
2010-09-14 15:22 . 2010-09-14 15:22 -------- d-----w- c:\documents and settings\jamie b\Application Data\Windows Search
2010-09-14 15:22 . 2010-09-14 15:22 -------- d-sh--w- c:\documents and settings\jamie b\PrivacIE
2010-09-14 15:13 . 2010-09-14 15:13 -------- d-----w- c:\documents and settings\jamie b\Local Settings\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 21:55 . 2008-04-14 00:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2010-10-05 13:07 . 2010-04-23 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-17 14:07 . 2010-09-14 17:48 74064 ----a-w- c:\documents and settings\bill j\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-16 14:28 . 2010-09-16 14:28 -------- d-----w- c:\program files\Dell AIO Printer A920
2010-09-16 13:18 . 2010-04-23 12:52 -------- d-----w- c:\program files\Java
2010-09-15 19:06 . 2010-09-15 19:06 -------- d-----w- c:\program files\Common Files\supportsoft
2010-09-15 19:06 . 2010-09-14 15:12 74064 ----a-w- c:\documents and settings\jamie b\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 18:36 . 2010-05-19 13:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-15 14:07 . 2010-04-23 12:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 14:05 . 2010-04-23 13:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-15 13:54 . 2010-05-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 17:50 . 2010-09-14 15:12 0 ----a-w- c:\documents and settings\jamie b\Local Settings\Application Data\WavXMapDrive.bat
2010-09-14 17:48 . 2010-09-14 17:48 0 ----a-w- c:\documents and settings\bill j\Local Settings\Application Data\WavXMapDrive.bat
2010-09-13 18:36 . 2010-05-17 12:43 0 ----a-w- c:\documents and settings\jack v\Local Settings\Application Data\WavXMapDrive.bat
2010-09-13 13:09 . 2010-05-13 21:21 0 ----a-w- c:\documents and settings\clancym\Local Settings\Application Data\WavXMapDrive.bat
2010-09-02 18:48 . 2010-09-02 18:48 -------- d-----w- c:\documents and settings\clancym\Application Data\Windows Search
2010-09-01 20:26 . 2010-05-14 20:36 0 ----a-w- c:\documents and settings\tom w\Local Settings\Application Data\WavXMapDrive.bat
2010-08-27 16:16 . 2010-05-13 20:44 0 ----a-w- c:\documents and settings\matt s\Local Settings\Application Data\WavXMapDrive.bat
2010-08-25 12:41 . 2010-05-21 12:41 0 ----a-w- c:\documents and settings\terry w\Local Settings\Application Data\WavXMapDrive.bat
2010-07-16 18:48 . 2010-05-14 20:07 0 ----a-w- c:\documents and settings\sewell s\Local Settings\Application Data\WavXMapDrive.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-09-15 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-19 1044480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-06 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1338224]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-9-12 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-12 51984]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-27 20:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2010-01-05 19:04 158592 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/27/2010 3:54 PM 64288]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/23/2010 10:35 AM 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2010 3:10 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2010 3:10 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/27/2010 3:09 PM 308136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/8/2010 4:20 PM 376688]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1356952]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 21:10]
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\community
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\WCR10.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2010-10-06 08:40:08
ComboFix-quarantined-files.txt 2010-10-06 13:40

Pre-Run: 217,873,326,080 bytes free
Post-Run: 219,271,786,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F56E1A4DCC698A88D9EFAA60D6E1D354


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 06 October 2010 - 10:23 PM

Hello

How is the computer doing now?


Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 WMAIAS

WMAIAS
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 07 October 2010 - 08:54 AM

Hi Gringo,

I have done random Google searches & clicked on probably 20 links in various searches to test the redirect. So far I have not been redirected to any random sites. I will continue to test that throughout the day today & will let you know if it happens again. I will be out of the office tomorrow & will not return until Monday, so I will test again on Monday & let you know about any other issues. I just wanted to let you know that I will be gone for the next few days so you didn't think I was ignoring your future posts during that time. I greatly appreciate your help with this! I look forward to getting this completely resolved. In the meantime, I have attached both my MBAM & Hijack This logs below.


MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4768

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/7/2010 8:43:03 AM
mbam-log-2010-10-07 (08-43-03).txt

Scan type: Quick scan
Objects scanned: 259458
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




HIJACK THIS Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:56 AM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Documents and Settings\jamie b\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\jamie b\Local Settings\Application Data\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jamie b\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1273784040508
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.ias.com
O17 - HKLM\Software\..\Telephony: DomainName = internal.ias.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.ias.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

--
End of file - 13336 bytes





#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 07 October 2010 - 12:08 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
      O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
      O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
      O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
      O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brakets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 10 October 2010 - 12:07 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users