Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer infected by spuninst.exe and cant remove


  • Please log in to reply
3 replies to this topic

#1 mzbecky10

mzbecky10

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 29 September 2010 - 09:10 PM

in the last week, my email has started sending out random emails to my contacts list. after doing a full system scan with AVG, this was the result:
C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe";"The file is signed with a broken digital signature, issued by: Unknown company.";
Spybot caught nothing. tried malwarebytes. nothing.
it is hiding in the background or something but it keeps sending out random emails to everyone.

what is my next step?

Edited by Budapest, 29 September 2010 - 09:52 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 29 September 2010 - 10:16 PM

Hello and welcome. What did AVG do with that file??
Is yhis XP??
This looks like an Aleuron infection.

Please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mzbecky10

mzbecky10
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 30 September 2010 - 12:24 PM

sorry, yes i am running Windows XP
AVG did nothing with the file.

Here is the TDSSKiller log:
2010/09/30 12:54:13.0765 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 12:54:13.0765 ================================================================================
2010/09/30 12:54:13.0765 SystemInfo:
2010/09/30 12:54:13.0765
2010/09/30 12:54:13.0765 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/30 12:54:13.0765 Product type: Workstation
2010/09/30 12:54:13.0765 ComputerName: ACER-2E68C49B20
2010/09/30 12:54:13.0765 UserName: XP User
2010/09/30 12:54:13.0765 Windows directory: C:\WINDOWS
2010/09/30 12:54:13.0765 System windows directory: C:\WINDOWS
2010/09/30 12:54:13.0765 Processor architecture: Intel x86
2010/09/30 12:54:13.0765 Number of processors: 1
2010/09/30 12:54:13.0765 Page size: 0x1000
2010/09/30 12:54:13.0765 Boot type: Normal boot
2010/09/30 12:54:13.0765 ================================================================================
2010/09/30 12:54:14.0593 Initialize success
2010/09/30 12:54:38.0937 ================================================================================
2010/09/30 12:54:38.0937 Scan started
2010/09/30 12:54:38.0937 Mode: Manual;
2010/09/30 12:54:38.0937 ================================================================================
2010/09/30 12:54:39.0671 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/30 12:54:40.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/30 12:54:40.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/30 12:54:40.0890 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/30 12:54:41.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/30 12:54:41.0312 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/30 12:54:42.0406 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/30 12:54:43.0062 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/09/30 12:54:43.0984 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/30 12:54:44.0296 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/30 12:54:44.0609 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/30 12:54:44.0921 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/30 12:54:45.0218 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/30 12:54:45.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/30 12:54:45.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/30 12:54:45.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/30 12:54:46.0078 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/30 12:54:46.0343 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/09/30 12:54:46.0468 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/09/30 12:54:46.0625 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/09/30 12:54:46.0906 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/30 12:54:47.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/30 12:54:47.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/30 12:54:47.0421 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/30 12:54:47.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/30 12:54:47.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/30 12:54:48.0046 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/30 12:54:48.0406 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/30 12:54:48.0687 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/30 12:54:49.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/30 12:54:49.0812 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
2010/09/30 12:54:50.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/30 12:54:50.0406 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/30 12:54:50.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/30 12:54:50.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/30 12:54:51.0078 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/30 12:54:51.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/30 12:54:51.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/30 12:54:51.0609 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/30 12:54:51.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/30 12:54:51.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/30 12:54:52.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/30 12:54:52.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/30 12:54:52.0500 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/09/30 12:54:52.0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/30 12:54:52.0859 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/30 12:54:53.0296 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/30 12:54:53.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/30 12:54:54.0140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/30 12:54:54.0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/30 12:54:54.0859 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\acer\eRecovery\int15.sys
2010/09/30 12:54:55.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/30 12:54:55.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/30 12:54:55.0640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/30 12:54:55.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/30 12:54:56.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/30 12:54:56.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/30 12:54:56.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/30 12:54:56.0828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/30 12:54:57.0000 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/30 12:54:57.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/30 12:54:57.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/30 12:54:57.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/30 12:54:58.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/30 12:54:58.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/30 12:54:58.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/30 12:54:58.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/30 12:54:59.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/30 12:54:59.0312 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/30 12:54:59.0578 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/30 12:54:59.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/30 12:55:00.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/30 12:55:00.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/30 12:55:00.0562 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/30 12:55:00.0859 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/30 12:55:01.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/30 12:55:01.0265 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/30 12:55:01.0546 NB762_XP (6d0b121fe665626d266678ea97c75622) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
2010/09/30 12:55:01.0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/30 12:55:02.0078 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/30 12:55:02.0250 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/30 12:55:02.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/30 12:55:02.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/30 12:55:02.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/30 12:55:02.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/30 12:55:03.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/30 12:55:03.0328 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/09/30 12:55:03.0500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/30 12:55:03.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/30 12:55:03.0968 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/09/30 12:55:04.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/30 12:55:04.0234 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/30 12:55:04.0375 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/30 12:55:04.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/30 12:55:04.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/30 12:55:04.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/30 12:55:04.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/30 12:55:05.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/30 12:55:05.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/30 12:55:06.0500 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/09/30 12:55:06.0734 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/30 12:55:06.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/30 12:55:06.0921 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/30 12:55:07.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/30 12:55:08.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/30 12:55:08.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/30 12:55:08.0218 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/30 12:55:08.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/30 12:55:08.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/30 12:55:08.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/30 12:55:08.0968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/30 12:55:09.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/30 12:55:09.0375 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/30 12:55:09.0546 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/30 12:55:09.0937 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/09/30 12:55:10.0078 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/09/30 12:55:10.0296 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/09/30 12:55:10.0484 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/09/30 12:55:10.0609 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/30 12:55:10.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/30 12:55:11.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/30 12:55:11.0296 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/30 12:55:11.0515 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/30 12:55:11.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/30 12:55:11.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/30 12:55:12.0781 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/30 12:55:12.0921 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/30 12:55:13.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/30 12:55:13.0421 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/09/30 12:55:13.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/30 12:55:13.0687 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/30 12:55:13.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/30 12:55:14.0265 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/09/30 12:55:14.0437 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/09/30 12:55:14.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/30 12:55:14.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/30 12:55:15.0312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/30 12:55:15.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/30 12:55:15.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/30 12:55:15.0984 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/30 12:55:16.0296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/30 12:55:16.0515 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/30 12:55:16.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/30 12:55:17.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/30 12:55:17.0500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/30 12:55:17.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/30 12:55:18.0218 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/30 12:55:18.0531 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/30 12:55:18.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/30 12:55:19.0062 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/30 12:55:19.0296 ================================================================================
2010/09/30 12:55:19.0296 Scan finished
2010/09/30 12:55:19.0296 ================================================================================








Here is the Malwarebytes' scan Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4723

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/30/2010 1:21:26 PM
mbam-log-2010-09-30 (13-21-26).txt

Scan type: Quick scan
Objects scanned: 145519
Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 30 September 2010 - 08:35 PM

Those $NtUninstall family of folders contains uninstallers for the patches.

I believe what we have here may be that you are showing Hidden Folders and the AVG iis seeing what it isn't supposed to.

How to Hide Hidden Files in Xp


Guide Overview

This guide will explain how to hide the files that Windows has hidden from you.

Instructions
  • Click 'Start'.
  • Open 'My Computer'.
  • Select 'Tools' menu
  • Click 'Folder Options'
  • Select the 'View' Tab.
  • Uncheck 'Show hidden files and folders' in the Hidden files and folders section.
  • Select 'Hide protected operating system files (recommended)' option.
  • Check the 'Hide file extensions for known file types' option.
  • Click 'Yes'.
  • Click 'OK'.

Rescan with AVG.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users