Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Alert Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 Stakkibotris

Stakkibotris

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 15 October 2010 - 07:01 PM

I ran rkill, malawarebytes, vipre anti-viurs and it stopped the alert message but now my computer is freezing when I shut down and half the time it doesn't get past the welcome screen when I boot it up. Explorer also freezes when I open tabs or try to navigate to links. Also continue to get random pop ups. When I first encountered problems I did a system restore which did not help and afraid it may have caused more damage.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Matt Sands at 18:02:28.65 on Fri 10/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2490 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Wireless Comfort Desktop\TSR\xDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Matt Sands\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Daemon] c:\program files\hp\hp wireless comfort desktop\tsr\xDaemon.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: rexplorer.net
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://74.246.198.147/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} - hxxp://www.candystand.com/assets/activex/virtools/CacheManager.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattsa~1\applic~1\mozilla\firefox\profiles\hx4pmvex.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\matt sands\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-15 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-10-15 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-10-15 656320]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-10-11 21464]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-6-27 331992]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-10-11 212568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-1-30 38144]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-10-11 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-7 1251720]
R3 HpWkm001;USB K + M Packet Filter Driver;c:\windows\system32\drivers\HpWkm001.sys [2010-3-8 11264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-8-9 56992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-6-27 68696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-10-11 94040]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-10-15 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-10-15 1145816]

=============== Created Last 30 ================

2010-10-15 20:25:32 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-10-15 20:25:32 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-10-15 20:25:31 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-15 20:25:27 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-15 20:25:27 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-15 20:25:21 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-10-15 20:25:21 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-15 20:25:21 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-10-15 20:25:21 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-10-15 20:25:06 -------- d-----w- c:\program files\PC Tools Security
2010-10-15 20:25:06 -------- d-----w- c:\program files\common files\PC Tools
2010-10-15 20:25:06 -------- d-----w- c:\docume~1\mattsa~1\applic~1\PC Tools
2010-10-15 20:22:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-10-14 03:30:30 -------- d-----w- c:\docume~1\mattsa~1\applic~1\Malwarebytes
2010-10-14 03:30:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 03:30:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 03:30:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 03:30:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-14 02:59:38 229 ----a-w- c:\docume~1\mattsa~1\applic~1\jsfhjjsd.bat
2010-10-11 21:12:37 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-10-11 21:12:31 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-10-11 21:10:28 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-10-11 21:10:28 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-10-11 02:35:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-11 02:35:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 02:29:23 -------- d-----w- c:\program files\WOW
2010-09-29 21:12:27 -------- d-----w- c:\docume~1\mattsa~1\applic~1\Bitrix Security
2010-09-16 15:25:30 -------- d-----w- c:\program files\World of Warcraft.temp

==================== Find3M ====================

2010-08-20 13:18:40 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-08-09 01:19:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

============= FINISH: 18:05:16.25 ===============






Thanks for all the help you all provide.
If there is some place I could make a small donation after my problem is solved please let me know.
Thanks
Stakki

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 25 October 2010 - 04:37 PM

Hello Stakkibotris ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 October 2010 - 03:52 PM

Thanks so much. In my processes log I have, at times, seen almost 20 mshta.exe's operating. Currently I dont see any. Just some info that may or may not help. Here are the requested logs:


DDS (Ver_10-10-21.02) - NTFSx86
Run by Matt Sands at 16:03:08.43 on Wed 10/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2200 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Wireless Comfort Desktop\TSR\xDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\Matt Sands\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Daemon] c:\program files\hp\hp wireless comfort desktop\tsr\xDaemon.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: rexplorer.net
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://74.246.198.147/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} - hxxp://www.candystand.com/assets/activex/virtools/CacheManager.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {BCA4BCBE-EB6E-406B-B990-3BEBF3024B3B} - rundll32.exe "c:\documents and settings\matt sands\application data\bitrix security\tuduewai.dll", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattsa~1\applic~1\mozilla\firefox\profiles\hx4pmvex.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\matt sands\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-15 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-10-15 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-10-15 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-10-11 21464]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-6-27 331992]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-10-11 212568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-1-30 38144]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-10-11 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-7 1251720]
R3 HpWkm001;USB K + M Packet Filter Driver;c:\windows\system32\drivers\HpWkm001.sys [2010-3-8 11264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-8-9 56992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-6-27 68696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-10-11 94040]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-10-15 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-10-15 1145816]

=============== Created Last 30 ================

2010-10-27 05:26:09 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-10-27 05:26:04 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2010-10-27 05:26:00 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
2010-10-27 05:25:52 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2010-10-27 05:25:49 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2010-10-27 05:25:42 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-10-27 05:25:41 131584 ----a-w- c:\windows\system32\dllcache\pmxviceo.dll
2010-10-27 05:25:41 11264 ----a-w- c:\windows\system32\dllcache\pmxmcro.dll
2010-10-27 05:25:40 67584 ----a-w- c:\windows\system32\dllcache\pmigrate.dll
2010-10-27 05:25:40 6144 ----a-w- c:\windows\system32\dllcache\pmxgl.dll
2010-10-27 03:12:07 70144 ----a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-10-27 03:12:07 53760 ----a-w- c:\windows\system32\dllcache\pintlcsd.dll
2010-10-27 03:12:07 175104 ----a-w- c:\windows\system32\dllcache\pintlcsa.dll
2010-10-27 03:12:03 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-10-27 03:12:00 19840 ----a-w- c:\windows\system32\dllcache\philtune.sys
2010-10-27 03:10:59 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-10-27 03:09:58 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-10-27 03:08:58 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-10-27 03:07:59 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-10-27 03:06:58 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2010-10-27 03:05:58 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2010-10-27 03:04:59 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-10-27 03:03:59 31232 ----a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-10-27 03:02:58 94208 ----a-w- c:\windows\system32\dllcache\fpencode.dll
2010-10-27 03:01:59 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe
2010-10-27 03:00:59 37962 ----a-w- c:\windows\system32\dllcache\divaprop.dll
2010-10-27 02:59:59 4096 ----a-w- c:\windows\system32\dllcache\ctwdm32.dll
2010-10-27 02:58:55 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys
2010-10-27 02:57:59 21343 ----a-w- c:\windows\system32\dllcache\ati1ttxx.sys
2010-10-27 02:56:59 598071 ----a-w- c:\windows\system32\dllcache\fpmmc.dll
2010-10-17 00:41:53 -------- d-----w- c:\docume~1\mattsa~1\applic~1\SUPERAntiSpyware.com
2010-10-17 00:41:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-17 00:41:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 20:25:32 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-10-15 20:25:32 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-10-15 20:25:31 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-15 20:25:27 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-15 20:25:27 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-15 20:25:21 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-10-15 20:25:21 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-15 20:25:21 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-10-15 20:25:21 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-10-15 20:25:06 -------- d-----w- c:\program files\PC Tools Security
2010-10-15 20:25:06 -------- d-----w- c:\program files\common files\PC Tools
2010-10-15 20:25:06 -------- d-----w- c:\docume~1\mattsa~1\applic~1\PC Tools
2010-10-15 20:22:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-10-14 03:30:30 -------- d-----w- c:\docume~1\mattsa~1\applic~1\Malwarebytes
2010-10-14 03:30:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 03:30:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 03:30:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 03:30:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-14 02:59:38 229 ----a-w- c:\docume~1\mattsa~1\applic~1\jsfhjjsd.bat
2010-10-11 21:12:37 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-10-11 21:12:31 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-10-11 21:10:28 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-10-11 21:10:28 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-10-11 02:35:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-11 02:35:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 02:29:23 -------- d-----w- c:\program files\WOW
2010-09-29 21:12:27 -------- d-----w- c:\docume~1\mattsa~1\applic~1\Bitrix Security

==================== Find3M ====================

2010-08-20 13:18:40 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-08-09 01:19:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

============= FINISH: 16:06:33.51 ===============



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:56 PM, on 10/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\HP\HP Wireless Comfort Desktop\TSR\xDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matt Sands\My Documents\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Daemon] C:\Program Files\HP\HP Wireless Comfort Desktop\TSR\xDaemon.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Sportsbook.com - {a0cadf8e-1c3d-4463-89f9-b6db8e1fe580} - C:\Documents and Settings\Matt Sands\Start Menu\Programs\Sportsbook.com\Sportsbook.com.lnk (HKCU)
O15 - Trusted Zone: *.rexplorer.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://support.rexplorer.net/iftw_install//iftwclix.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://74.246.198.147/plugin/h263ctrl.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10415 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 27 October 2010 - 04:16 PM

Hello,

My very first suggestion is to uninstall Vipre. It causes a lot of problems, especially since you actually have too much protection anyway.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to Stakkibotris.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 October 2010 - 04:52 PM

Vipre is a poor anti-virus program? I had heard good things about it. Could you please suggests an all in one anti-virus? What other programs do I have protecting my computer?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 27 October 2010 - 05:35 PM

I also see Norton and Spyware Doctor with AntiVirus. I'm not saying Vipre is a "bad" program, but I have seen it mess up some computers pretty bad, and this is my personal opinion.....what I consider safest for you. Whether this is from a conflict of programs, a glitch, bad download or uninstall, I don't know. In any case, you have 3 present, and that really is bad. Less is more in this case. Please disable them all and follow my previous instructions. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 October 2010 - 06:37 PM

Initially ran combofix.exe and it had to restart. Got stuck on welcome menu one time and then desktop with no icons the 2nd time(was already having this problem on occasion) but finally got it back up and combofix.exe finished running. Also, Generic Host Process for Win32 error popped up after running(also was already having problem). I uninstalled spyware doctore because I did not have a membership. I dont have a membership to norton either. Also uninstalled vipre. What anti-virus should I replace it with since I did not have services from the other installed on my machine.
Thanks so much for your help. I will be sure to make a donation when my issues are resolved.
THANKS!
-Stakki



Here is the log:

ComboFix 10-10-26.04 - Matt Sands 10/27/2010 19:09:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2703 [GMT -4:00]
Running from: c:\documents and settings\Matt Sands\My Documents\Downloads\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt Sands\Application Data\Bitrix Security
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\ffcd
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\fg.txt
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\hjzvk
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\hwwkat9_shrd
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\jje.txt
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\kezpay
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\ljgh.txt
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\plk.txt
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\qnf.txt
c:\documents and settings\Matt Sands\Application Data\Bitrix Security\tuduewai_shrd
c:\windows\AutoRun.ini
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-27 05:26 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-10-27 05:26 . 2001-08-18 02:36 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2010-10-27 05:26 . 2001-08-17 17:51 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
2010-10-27 05:25 . 2004-08-04 03:00 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2010-10-27 05:25 . 2001-08-17 17:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2010-10-27 05:25 . 2001-08-17 17:53 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-10-27 05:25 . 2004-08-10 10:00 131584 ----a-w- c:\windows\system32\dllcache\pmxviceo.dll
2010-10-27 05:25 . 2004-08-10 10:00 11264 ----a-w- c:\windows\system32\dllcache\pmxmcro.dll
2010-10-27 05:25 . 2004-08-10 10:00 67584 ----a-w- c:\windows\system32\dllcache\pmigrate.dll
2010-10-27 05:25 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\pmxgl.dll
2010-10-27 03:12 . 2004-08-10 10:00 70144 ----a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-10-27 03:12 . 2004-08-10 10:00 53760 ----a-w- c:\windows\system32\dllcache\pintlcsd.dll
2010-10-27 03:12 . 2004-08-10 10:00 175104 ----a-w- c:\windows\system32\dllcache\pintlcsa.dll
2010-10-27 03:12 . 2001-08-18 02:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-10-27 03:12 . 2001-08-17 18:07 19840 ----a-w- c:\windows\system32\dllcache\philtune.sys
2010-10-27 03:10 . 2001-08-17 18:05 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-10-27 03:09 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-10-27 03:08 . 2001-08-18 02:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-10-27 03:07 . 2004-08-04 03:00 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-10-27 03:06 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2010-10-27 03:05 . 2001-08-17 17:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2010-10-27 03:04 . 2001-08-17 16:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-10-27 03:03 . 2001-08-18 02:36 31232 ----a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-10-27 03:02 . 2003-03-24 20:52 94208 ----a-w- c:\windows\system32\dllcache\fpencode.dll
2010-10-27 03:01 . 2001-08-18 02:36 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe
2010-10-27 03:00 . 2001-08-18 02:36 37962 ----a-w- c:\windows\system32\dllcache\divaprop.dll
2010-10-27 02:59 . 2004-08-04 04:56 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll
2010-10-27 02:58 . 2004-08-04 03:10 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys
2010-10-27 02:57 . 2004-08-04 02:29 21343 ----a-w- c:\windows\system32\dllcache\ati1ttxx.sys
2010-10-27 02:56 . 2004-05-13 04:39 598071 ----a-w- c:\windows\system32\dllcache\fpmmc.dll
2010-10-17 00:41 . 2010-10-17 00:41 -------- d-----w- c:\documents and settings\Matt Sands\Application Data\SUPERAntiSpyware.com
2010-10-17 00:41 . 2010-10-17 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-17 00:41 . 2010-10-17 00:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 20:25 . 2010-10-27 22:01 -------- d-----w- c:\program files\PC Tools Security
2010-10-15 20:22 . 2010-10-27 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-10-15 02:25 . 2010-10-15 02:25 -------- d-----w- c:\documents and settings\Matt Sands\Local Settings\Application Data\Mozilla
2010-10-14 04:01 . 2010-10-14 04:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Sunbelt
2010-10-14 04:00 . 2010-10-14 04:00 173 ----a-w- c:\documents and settings\LocalService\Application Data\jsfhjjsd.bat
2010-10-14 03:59 . 2010-10-14 06:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-14 03:57 . 2010-10-14 03:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-14 03:30 . 2010-10-14 03:30 -------- d-----w- c:\documents and settings\Matt Sands\Application Data\Malwarebytes
2010-10-14 03:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 03:30 . 2010-10-14 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 03:30 . 2010-10-14 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-14 03:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 02:59 . 2010-10-14 02:59 229 ----a-w- c:\documents and settings\Matt Sands\Application Data\jsfhjjsd.bat
2010-10-11 02:35 . 2010-10-11 02:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 02:29 . 2010-10-11 02:31 -------- d-----w- c:\program files\WOW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 01:19 . 2007-08-06 05:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Daemon"="c:\program files\HP\HP Wireless Comfort Desktop\TSR\xDaemon.exe" [2008-08-01 356352]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-10-15 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^11bg PCI&Cardbus Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\11bg PCI&Cardbus Wireless LAN Utility.lnk
backup=c:\windows\pss\11bg PCI&Cardbus Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-17 18:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"GoogleDesktopManager-010108-205858"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autobahn\\mlb-nexdef-autobahn.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war demo\\medieval2.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Steam\\steamapps\\msands20\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/30/2010 11:34 AM 38144]
R3 HpWkm001;USB K + M Packet Filter Driver;c:\windows\system32\drivers\HpWkm001.sys [3/8/2010 5:16 PM 11264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/9/2010 2:27 PM 56992]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 11:42 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:42]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: rexplorer.net
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\Matt Sands\Application Data\Mozilla\Firefox\Profiles\hx4pmvex.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Matt Sands\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1170373258\ee\AOLSoftware.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
ActiveSetup-{BCA4BCBE-EB6E-406B-B990-3BEBF3024B3B} - c:\documents and settings\Matt Sands\Application Data\Bitrix Security\tuduewai.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 19:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ADA0C56]<<
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x8A87A870]
2 ntkrnlpa[0x804EF1A0] -> CLASSPNP.SYS[0xB80E905B] -> \Device\Harddisk0\DR0[0x8A87A870]
3 CLASSPNP[0xB80E905B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> [0x8ADD2218]
\Driver\iaStor[0x8A4718B8] -> IRP_MJ_CREATE -> 0x8ADA0C56
4 ntkrnlpa[0x804EF1A0] -> UNKNOWN[0x8ADA0C59] -> [0x8ADD2218]
error: Read \Device\Ide\IdePort0 The system cannot find the file specified.
kernel: MBR read successfully
detected hooks:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3160812AS_____________________________3.ADH___#4&3836d654&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\iaStor DriverStartIo -> 0x8ADA0A9F
\Driver\iaStor -> iaStor.sys @ 0xb7e74f80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
SecurityProcedure -> ntkrnlpa.exe @ 0x80582be6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
SecurityProcedure -> ntkrnlpa.exe @ 0x80582be6
NDIS: Intel® 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7d68ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7d57a0b
SendHandler -> NDIS.sys @ 0xb7d6bb31
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-865072718-4146018968-3227640357-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,f0,b2,1a,c9,38,68,56,01,6f,23,61,44,4c,f1,86,5c,9f,25,21,5b,73,0c,
f4,3c,eb,0c,b0,09,0c,00,07,67,ce,d0,e7,a5,23,79,78,ac,23,99,4b,c7,74,60,a1,\
"??"=hex:ea,a1,32,ce,bd,9a,3a,26,aa,34,88,24,3b,21,1b,99

[HKEY_USERS\S-1-5-21-865072718-4146018968-3227640357-1005\Software\SecuROM\License information*]
"datasecu"=hex:d2,42,29,c3,3f,ef,03,e4,7c,30,f5,1a,f3,ea,82,98,13,1d,66,bf,30,
d7,c3,6c,fb,c8,ba,cf,5d,56,2d,c5,ca,a7,9f,23,f4,35,6e,72,73,cb,c9,2f,dc,a6,\
"rkeysecu"=hex:9d,03,5d,1e,1d,4a,73,59,34,ec,15,19,41,1e,b4,db

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\dlcccoms.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-10-27 19:29:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-27 23:29

Pre-Run: 32,780,804,096 bytes free
Post-Run: 32,780,333,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 3A943B1B260417969A2CEFCF23B43B69

#8 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 October 2010 - 06:42 PM

Also got a pop saying something about registry errors and it attempted to download this file on my computer :regcuresetup. Obviously I canceled it. Just trying to give you any information that may help.

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 27 October 2010 - 07:01 PM

Hello,

I appreciate all the info you give me. :thumbup2:

AVG, Avira OR Avast are good FREE antivirus. I use Avira myself.

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Just as you've been doing, let me know how it's running. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 October 2010 - 08:21 PM

Will keep you posted on performance.

Log:
2010/10/27 21:13:01.0375 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 21:13:01.0375 ================================================================================
2010/10/27 21:13:01.0375 SystemInfo:
2010/10/27 21:13:01.0375
2010/10/27 21:13:01.0375 OS Version: 5.1.2600 ServicePack: 2.0
2010/10/27 21:13:01.0375 Product type: Workstation
2010/10/27 21:13:01.0375 ComputerName: SANDS
2010/10/27 21:13:01.0375 UserName: Matt Sands
2010/10/27 21:13:01.0375 Windows directory: C:\WINDOWS
2010/10/27 21:13:01.0375 System windows directory: C:\WINDOWS
2010/10/27 21:13:01.0375 Processor architecture: Intel x86
2010/10/27 21:13:01.0375 Number of processors: 2
2010/10/27 21:13:01.0375 Page size: 0x1000
2010/10/27 21:13:01.0375 Boot type: Normal boot
2010/10/27 21:13:01.0375 ================================================================================
2010/10/27 21:13:01.0562 Initialize success
2010/10/27 21:13:08.0484 ================================================================================
2010/10/27 21:13:08.0484 Scan started
2010/10/27 21:13:08.0484 Mode: Manual;
2010/10/27 21:13:08.0484 ================================================================================
2010/10/27 21:13:09.0546 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/27 21:13:11.0500 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 21:13:11.0781 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 21:13:12.0031 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/27 21:13:12.0328 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 21:13:12.0843 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/27 21:13:12.0875 AegisP - detected Unsigned file (1)
2010/10/27 21:13:12.0968 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 21:13:13.0109 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/27 21:13:13.0328 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/27 21:13:13.0546 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/27 21:13:13.0734 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/27 21:13:13.0921 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/27 21:13:14.0140 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/27 21:13:14.0343 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/27 21:13:14.0578 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/27 21:13:14.0812 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/27 21:13:15.0015 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/27 21:13:15.0250 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/27 21:13:15.0375 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/27 21:13:15.0609 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/10/27 21:13:15.0640 ASCTRM - detected Unsigned file (1)
2010/10/27 21:13:15.0734 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 21:13:15.0953 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 21:13:16.0265 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 21:13:16.0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 21:13:16.0828 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/27 21:13:16.0953 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/27 21:13:18.0765 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/27 21:13:18.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 21:13:19.0156 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/27 21:13:19.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 21:13:19.0562 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/27 21:13:19.0750 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 21:13:19.0984 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 21:13:20.0281 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 21:13:20.0562 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/27 21:13:20.0781 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/27 21:13:21.0000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/27 21:13:21.0203 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/27 21:13:21.0484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 21:13:21.0750 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/10/27 21:13:21.0765 DLABOIOM - detected Unsigned file (1)
2010/10/27 21:13:21.0828 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/10/27 21:13:21.0859 DLACDBHM - detected Unsigned file (1)
2010/10/27 21:13:21.0890 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/10/27 21:13:21.0906 DLADResN - detected Unsigned file (1)
2010/10/27 21:13:21.0921 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/10/27 21:13:21.0937 DLAIFS_M - detected Unsigned file (1)
2010/10/27 21:13:21.0968 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/10/27 21:13:21.0968 DLAOPIOM - detected Unsigned file (1)
2010/10/27 21:13:22.0000 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/10/27 21:13:22.0031 DLAPoolM - detected Unsigned file (1)
2010/10/27 21:13:22.0093 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/10/27 21:13:22.0125 DLARTL_N - detected Unsigned file (1)
2010/10/27 21:13:22.0171 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/10/27 21:13:22.0187 DLAUDFAM - detected Unsigned file (1)
2010/10/27 21:13:22.0203 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/10/27 21:13:22.0218 DLAUDF_M - detected Unsigned file (1)
2010/10/27 21:13:22.0281 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 21:13:22.0593 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 21:13:22.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 21:13:23.0156 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 21:13:23.0453 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/27 21:13:23.0703 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 21:13:23.0937 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/10/27 21:13:23.0968 DRVMCDB - detected Unsigned file (1)
2010/10/27 21:13:24.0015 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/10/27 21:13:24.0046 DRVNDDM - detected Unsigned file (1)
2010/10/27 21:13:24.0140 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2010/10/27 21:13:24.0156 DSproct - detected Unsigned file (1)
2010/10/27 21:13:24.0250 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/27 21:13:24.0484 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/10/27 21:13:24.0609 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2010/10/27 21:13:24.0640 EAPPkt - detected Unsigned file (1)
2010/10/27 21:13:24.0765 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/27 21:13:24.0890 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 21:13:25.0109 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/27 21:13:25.0390 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 21:13:25.0671 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/27 21:13:25.0937 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/27 21:13:26.0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 21:13:26.0734 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 21:13:26.0984 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/27 21:13:27.0062 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 21:13:27.0296 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/27 21:13:27.0375 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/27 21:13:27.0562 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/27 21:13:27.0796 HpWkm001 (5f86e0821763b87cdbe803fc30bfb4e7) C:\WINDOWS\system32\DRIVERS\HpWkm001.SYS
2010/10/27 21:13:27.0875 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/27 21:13:27.0953 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/27 21:13:28.0093 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 21:13:28.0187 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/27 21:13:28.0453 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/27 21:13:28.0703 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 21:13:28.0984 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/27 21:13:29.0125 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 21:13:29.0359 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/27 21:13:29.0593 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/27 21:13:29.0859 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/27 21:13:30.0109 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/27 21:13:30.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 21:13:30.0625 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 21:13:30.0875 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 21:13:31.0453 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 21:13:31.0671 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 21:13:31.0875 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 21:13:32.0125 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 21:13:32.0390 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/27 21:13:32.0687 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 21:13:33.0234 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 21:13:33.0484 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/27 21:13:33.0531 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/27 21:13:33.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 21:13:33.0781 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 21:13:33.0984 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/27 21:13:34.0171 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 21:13:34.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/27 21:13:34.0687 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 21:13:34.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/27 21:13:35.0140 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 21:13:35.0765 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 21:13:35.0906 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 21:13:36.0109 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 21:13:36.0265 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 21:13:36.0515 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 21:13:36.0734 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 21:13:36.0984 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 21:13:37.0218 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
2010/10/27 21:13:37.0234 NAL - detected Unsigned file (1)
2010/10/27 21:13:37.0343 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 21:13:37.0562 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 21:13:37.0750 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 21:13:37.0875 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 21:13:38.0046 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 21:13:38.0250 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 21:13:38.0562 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 21:13:38.0843 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 21:13:39.0062 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 21:13:39.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 21:13:40.0046 nv (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/27 21:13:40.0734 NVHDA (2e661d73b21619818787fd5059294751) C:\WINDOWS\system32\drivers\nvhda32.sys
2010/10/27 21:13:40.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 21:13:41.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 21:13:41.0265 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
2010/10/27 21:13:41.0281 Packet - detected Unsigned file (1)
2010/10/27 21:13:41.0359 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 21:13:41.0593 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 21:13:41.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 21:13:42.0046 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 21:13:42.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 21:13:42.0500 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 21:13:42.0890 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/27 21:13:43.0093 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/27 21:13:43.0359 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 21:13:43.0625 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/27 21:13:43.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 21:13:44.0171 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/27 21:13:44.0171 PxHelp20 - detected Unsigned file (1)
2010/10/27 21:13:44.0265 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/27 21:13:44.0453 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/27 21:13:44.0703 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/27 21:13:44.0921 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/27 21:13:45.0140 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/27 21:13:45.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 21:13:45.0578 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 21:13:45.0781 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 21:13:45.0984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 21:13:46.0250 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 21:13:46.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 21:13:47.0015 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/27 21:13:47.0234 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 21:13:47.0812 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 21:13:48.0093 rtl8185 (3425ebabfa1761a8614b84e8cbe56ff1) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2010/10/27 21:13:48.0125 rtl8185 - detected Unsigned file (1)
2010/10/27 21:13:48.0234 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/27 21:13:48.0281 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/27 21:13:48.0453 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2010/10/27 21:13:48.0515 SDDMI2 - detected Unsigned file (1)
2010/10/27 21:13:48.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 21:13:49.0046 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/27 21:13:49.0265 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/27 21:13:49.0500 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 21:13:49.0765 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/27 21:13:49.0984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/27 21:13:50.0171 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 21:13:50.0750 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 21:13:50.0953 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 21:13:51.0078 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/27 21:13:51.0156 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/27 21:13:51.0312 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 21:13:51.0500 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 21:13:51.0781 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/27 21:13:51.0984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/27 21:13:52.0218 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/10/27 21:13:52.0296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/27 21:13:52.0500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/27 21:13:52.0781 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 21:13:53.0078 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 21:13:53.0203 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 21:13:53.0390 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 21:13:53.0640 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 21:13:53.0906 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/27 21:13:54.0109 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 21:13:54.0296 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/27 21:13:54.0484 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 21:13:55.0078 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/27 21:13:55.0234 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/27 21:13:55.0468 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 21:13:55.0750 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 21:13:56.0250 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 21:13:56.0484 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/27 21:13:56.0703 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 21:13:56.0968 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/27 21:13:57.0171 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 21:13:57.0390 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/27 21:13:57.0625 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/27 21:13:57.0906 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 21:13:58.0125 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 21:13:58.0359 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/10/27 21:13:58.0500 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 21:13:59.0046 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/27 21:13:59.0203 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/27 21:13:59.0281 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/27 21:13:59.0359 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/27 21:13:59.0359 ================================================================================
2010/10/27 21:13:59.0359 Scan finished
2010/10/27 21:13:59.0359 ================================================================================
2010/10/27 21:13:59.0484 Detected object count: 21
2010/10/27 21:14:54.0593 Unsigned file(AegisP) - User select action: Skip
2010/10/27 21:14:54.0593 Unsigned file(ASCTRM) - User select action: Skip
2010/10/27 21:14:54.0593 Unsigned file(DLABOIOM) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLACDBHM) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLADResN) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLAIFS_M) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLAOPIOM) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLAPoolM) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLARTL_N) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLAUDFAM) - User select action: Skip
2010/10/27 21:14:54.0609 Unsigned file(DLAUDF_M) - User select action: Skip
2010/10/27 21:14:54.0625 Unsigned file(DRVMCDB) - User select action: Skip
2010/10/27 21:14:54.0625 Unsigned file(DRVNDDM) - User select action: Skip
2010/10/27 21:14:54.0625 Unsigned file(DSproct) - User select action: Skip
2010/10/27 21:14:54.0625 Unsigned file(EAPPkt) - User select action: Skip
2010/10/27 21:14:54.0625 Unsigned file(NAL) - User select action: Skip
2010/10/27 21:14:54.0625 Unsigned file(Packet) - User select action: Skip
2010/10/27 21:14:54.0640 Unsigned file(PxHelp20) - User select action: Skip
2010/10/27 21:14:54.0640 Unsigned file(rtl8185) - User select action: Skip
2010/10/27 21:14:54.0640 Unsigned file(SDDMI2) - User select action: Skip
2010/10/27 21:14:54.0671 \HardDisk0\MBR - will be cured after reboot
2010/10/27 21:14:54.0671 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/27 21:15:06.0156 Deinitialize success

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 27 October 2010 - 08:32 PM

Yes, please let me know how it's running so I know what to tell you next. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 28 October 2010 - 10:11 AM

Definitely have seen an improvement in performance and pop-ups have been eliminated so far it seems. However, I downloaded Avira as my anti-virus and it has started finding pieces of malaware. The 3 pieces it found are:
TR/Dldr.Zlob. Gen Trojan
TR/fakealert.13312 Trojan
TR/spy.53248.653 Trojan

-Stakki

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 28 October 2010 - 11:43 AM

Did you happen to save the report? If you did I'd like to see it, please. Avira is pretty thorough, and it's likely that those were found in system restore and not active. Still, I'd like to be sure. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 28 October 2010 - 02:35 PM

Last scan it found 5 detections. I selected to delete them.

Here is the log from most recent scan:

Avira AntiVir Personal
Report file date: Thursday, October 28, 2010 12:05

Scanning for 2979531 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SANDS

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 01:05:18
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 01:05:39
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 01:06:23
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 01:06:56
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 01:06:56
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 01:06:56
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 01:06:56
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 01:06:56
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 01:06:58
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 01:07:00
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 01:07:01
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 01:07:02
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 01:07:04
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 01:07:05
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 01:07:06
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 01:07:08
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 01:07:09
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 01:07:10
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 01:07:11
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 01:07:13
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 01:07:14
VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 01:07:15
VBASE027.VDF : 7.10.13.22 137728 Bytes 10/22/2010 01:07:17
VBASE028.VDF : 7.10.13.39 124416 Bytes 10/26/2010 01:07:18
VBASE029.VDF : 7.10.13.40 2048 Bytes 10/26/2010 01:07:18
VBASE030.VDF : 7.10.13.41 2048 Bytes 10/26/2010 01:07:18
VBASE031.VDF : 7.10.13.59 123392 Bytes 10/27/2010 01:07:20
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/28/2010 01:07:50
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/28/2010 01:07:49
AESCN.DLL : 8.1.6.1 127347 Bytes 10/28/2010 01:07:46
AESBX.DLL : 8.1.3.1 254324 Bytes 10/28/2010 01:07:51
AERDL.DLL : 8.1.9.2 635252 Bytes 10/28/2010 01:07:45
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/28/2010 01:07:42
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/28/2010 01:07:40
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/28/2010 01:07:39
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/28/2010 01:07:27
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/28/2010 01:07:26
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/28/2010 01:07:24
AECORE.DLL : 8.1.17.0 196982 Bytes 10/28/2010 01:07:23
AEBB.DLL : 8.1.1.0 53618 Bytes 10/28/2010 01:07:22
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, October 28, 2010 12:05

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-865072718-4146018968-3227640357-1005\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-865072718-4146018968-3227640357-1005\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '51' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '31' Module(s) have been scanned
Scan process 'xDaemon.exe' - '39' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'issch.exe' - '11' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '19' Module(s) have been scanned
Scan process 'Iaanotif.exe' - '39' Module(s) have been scanned
Scan process 'stsystra.exe' - '38' Module(s) have been scanned
Scan process 'ehtray.exe' - '36' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'Explorer.EXE' - '108' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '28' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'Iaantmon.exe' - '12' Module(s) have been scanned
Scan process 'hnm_svc.exe' - '57' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '24' Module(s) have been scanned
Scan process 'dlcccoms.exe' - '21' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'ALUSchedulerSvc.exe' - '27' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '176' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '41' Module(s) have been scanned
Scan process 'lsass.exe' - '64' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '81' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1743' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111658.dll
[0] Archive type: HIDDEN
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
--> FIL\\\?\C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111658.dll
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111659.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111660.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111661.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111662.exe
[0] Archive type: HIDDEN
[DETECTION] Is the TR/Dldr.Zlob.mrm Trojan
--> FIL\\\?\C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111662.exe
--> Object
[2] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.Zlob.mrm Trojan

Beginning disinfection:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111662.exe
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] A backup was created as '4f5a6bc8.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111661.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] A backup was created as '57cd446f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111660.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] A backup was created as '05921e87.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111659.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] A backup was created as '63a55145.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP850\A0111658.dll
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] The source file could not be found.
[NOTE] The file was deleted!


End of the scan: Thursday, October 28, 2010 15:28
Used time: 1:22:13 Hour(s)

The scan has been done completely.

11618 Scanned directories
396782 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
5 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
396776 Files not concerned
5171 Archives were scanned
1 Warnings
5 Notes
481011 Objects were scanned with rootkit scan
3 Hidden objects were found

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:24 AM

Posted 28 October 2010 - 02:52 PM

Excellent....just as I thought....system restore. :thumbup2:

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Those old versions also take up a ton of space! Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Are there any problems remaining now? Let me know so we can address them. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users