Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect to Happili


  • Please log in to reply
2 replies to this topic

#1 jslim1999

jslim1999

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 03 December 2010 - 02:11 AM

I made the mistake of installing 360Share (P2P client) on my computer, and seem to have picked up a virus or malware. When clicking on google search results, I occasionally get sent to another site. This site is most commonly Happili, but I've also been redirected to other sites. The redirect link in my browser history is mtresearch.com. I immediately uninstalled 360Share after I noticed this, but the problem persists. It occurs in both Firefox and Windows Explorer. I've run scans with Avast, SpyNoMore, and SUPERAntiSpyware, and disinfected everything that was found. Thank you for any help you can provide.

I'm having trouble running the DDS script. It just opens this in notepad (truncated so as not to take up lots of space):

MZ   @  !L!This program cannot be run in DOS mode.

$ PE L +I  2 n    @       7<
         .code    PEC2FO .rsrc   S Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcD

The Rootkit ack.txt file is:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-03 01:54:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.D005
Running: gmer.exe; Driver: C:\Users\JOSHLU~1\AppData\Local\Temp\pwrcqfoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8305B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[3920] kernel32.dll!SetUnhandledExceptionFilter 75DB3162 5 Bytes JMP 571354C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[3920] ole32.dll!OleLoadFromStream 75B05BF6 5 Bytes JMP 57BED62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] ntdll.dll!LdrLoadDll 7726F625 5 Bytes JMP 00CB13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!closesocket 757E3BED 5 Bytes JMP 100136D6 C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!WSASocketW 757E3D1B 7 Bytes JMP 100135FD C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!bind 757E46BC 5 Bytes JMP 10013587 C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!connect 757E48BE 5 Bytes JMP 10013660 C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!getaddrinfo 757E6737 5 Bytes JMP 1001374C C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!WSAConnect 757EBB9B 5 Bytes JMP 10013695 C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!WSAAsyncGetHostByName 757F6D2A 5 Bytes JMP 1001379A C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4368] WS2_32.dll!gethostbyname 757F7133 5 Bytes JMP 10013700 C:\ProgramData\api-ms-win-core-console-l1-1-032.dll (Borland MIDAS Component Package/Borland Software Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\000000d0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000d2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI_HAL \Device\0000006f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a151a77e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcba76e44
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a151a77e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcba76e44 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E5F9EE1E-8EA8-11DF-A37E-806E6F6E6963} 2085231504

---- Files - GMER 1.0.15 ----

File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0516.jpg 3621792 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0517.jpg 3648594 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0518.jpg 4063714 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0519.jpg 4016883 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0520.jpg 3843540 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0521.jpg 3623910 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0522.jpg 3779754 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0523.jpg 3909489 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\1. GV1&4\Coupons holder\IMG_0524.jpg 3518616 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0525.jpg 3371051 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0526.jpg 3651117 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0527.jpg 3601214 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0528.jpg 3547946 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0529.jpg 3091531 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0530.jpg 3315869 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0531.jpg 3396369 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0532.jpg 4010901 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\87-91 2010 EdF SGCC Support\CAT4 Outage Support\MJL\Corrosion Monitoring Results (MPD)\20100418 - Between GV1-4 and GV2-3\7. Photos\1. GV1&4\1. Pre-cleaning coupons holder and probes\2. GV2&3\Coupons holder\IMG_0533.jpg 3629554 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Autoclave Testing\Autoclave Test 1\Photographs\Organized Pics\3. Post-Test\2. Crevice Specimens\2. Disassembled\DEI Crevice Specimens\9?16? Crevice\Without Light\Tube\DSCN4302.JPG 1083569 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Autoclave Testing\Autoclave Test 1\Photographs\Organized Pics\3. Post-Test\2. Crevice Specimens\2. Disassembled\DEI Crevice Specimens\9?16? Crevice\Without Light\Tube\DSCN4305.JPG 1072895 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Autoclave Testing\Autoclave Test 1\Photographs\Organized Pics\3. Post-Test\2. Crevice Specimens\2. Disassembled\DEI Crevice Specimens\9?16? Crevice\Without Light\Tube\DSCN4306.JPG 1077647 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Autoclave Testing\Autoclave Test 1\Photographs\Organized Pics\3. Post-Test\2. Crevice Specimens\2. Disassembled\DEI Crevice Specimens\9?16? Crevice\Without Light\Tube\DSCN4309.JPG 1101331 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\1. Cu Step Initial\16hr Tests 10,12 Initial Cu Drain\._D2X_4634.JPG 49056 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\1. Cu Step Initial\16hr Tests 10,12 Initial Cu Drain\._D2X_4635.JPG 48893 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\1. Cu Step Initial\16hr Tests 10,12 Initial Cu Drain\D2X_4634.JPG 4780226 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\1. Cu Step Initial\16hr Tests 10,12 Initial Cu Drain\D2X_4635.JPG 4859722 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\1. Cu Step Initial\16hr Tests 10,12 Initial Cu Drain\Thumbs.db 7680 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\3. Cu Step Final\8hr Tests 10,12 Final Cu Step Drain\._D2X_4662.JPG 49155 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\3. Cu Step Final\8hr Tests 10,12 Final Cu Step Drain\._D2X_4663.JPG 49322 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\3. Cu Step Final\8hr Tests 10,12 Final Cu Step Drain\D2X_4662.JPG 4855191 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\3. Cu Step Final\8hr Tests 10,12 Final Cu Step Drain\D2X_4663.JPG 4939372 bytes
File C:\Windows\CSC\v2.0.6\namespace\pcserver\Projects\61-30 Bettis Crev Clng\Part 2 Testing\Preliminary Testing (T-6130-02-01)\Preliminary Test Runs #1 and #2\Pics from ATP\Process Pics\Run 2 (Tests 7-10, 12)\3. Cu Step Final\8hr Tests 10,12 Final Cu Step Drain\Thumbs.db 7680 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 jslim1999

jslim1999
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 03 December 2010 - 02:20 AM

I found info about the DDS script issue...I have AutoCAD installed and I guess that was causing a conflict. I ran the fix you posted in another thread and everything worked okay. I'll probably need to reverse things to reassociate the script files with AutoCAD though, since unlike the thread poster, I still have it installed on my computer.

DDS File:

DDS (Ver_10-11-27.01) - NTFSx86
Run by Josh Luszcz at 2:16:05.85 on Fri 12/03/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3318.1609 [GMT -5:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\mobsync.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\windows\system32\lkcitdl.exe
C:\windows\system32\lkads.exe
C:\windows\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\windows\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
C:\Program Files\Retrospect\Retrospect Client\retroclient.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\bitsigd32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\winsockhc32.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\windows\system32\nipalsm.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\VXIPNP\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\rundll32.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\aswDisp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\KBDBLRwow.exe
C:\Windows\KBDBLRwow.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Josh Luszcz\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: {14f9cda0-9a03-4126-82df-bd68f6f3c670} - c:\windows\system32\api-ms-win-core-console-l1-1-032.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: dc75249e: {3d0a50d3-a6af-7d89-f9ed-893bc6b3f20f} - c:\programdata\api-ms-win-core-console-l1-1-032.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [KBDBLRwow.exe] c:\windows\KBDBLRwow.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellBtrEvent] d:\program files\dell\reader 2.0\DellBtrEvent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [avast!] "c:\program files\alwil software\avast4\aswDisp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBDBLRwow.exe] c:\windows\KBDBLRwow.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\programdata\api-ms-win-core-console-l1-1-032.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\joshlu~1\appdata\roaming\mozilla\firefox\profiles\50ituawq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2008-8-21 15448]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-5-21 17072]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-6-18 114768]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.0\dvmio.sys [2009-7-10 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe [2010-5-22 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-18 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\aswServ.exe [2010-6-18 138680]
R2 avast! NetAgent;avast! NetAgent;c:\program files\alwil software\avast4\AvAgent.exe [2010-6-18 52160]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-6 35691]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.0\DVMExportService.exe [2009-8-3 327680]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-21 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-5-21 60928]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2008-8-21 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\vxipnp\winnt\nivisa\niLxiDiscovery.exe [2008-6-20 129144]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2008-6-18 192112]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2008-12-18 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-6-20 11360]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 Retrospect Client;Retrospect Client;c:\program files\retrospect\retrospect client\RemotSvc.exe [2009-11-10 61440]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-5-22 59392]
R2 UxSms32;Desktop Window Manager Session Manager ;c:\windows\system32\bitsigd32.exe [2010-12-2 1381888]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-5-21 42672]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\aswMaiSv.exe [2010-6-18 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\aswWebSv.exe [2010-6-18 352920]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-5-22 274472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-5-22 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-5-22 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-5-22 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-22 125696]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-6-13 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-11-24 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-12-29 11360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-5-22 68200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-21 33320]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks2010\solidworks\swscheduler\DTSCoordinatorService.exe [2010-1-20 87336]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-5-22 134144]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-5 20104]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2008-11-11 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2008-11-11 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2008-11-11 22608]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-1-2 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2009-2-6 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2008-12-29 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2009-1-5 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2009-2-6 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2009-2-6 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2009-1-6 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-12-29 11392]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2008-12-29 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2008-7-30 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-12-16 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-12-16 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-6-25 20568]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-1-5 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2009-2-10 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2008-7-30 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-1-5 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2009-2-6 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-1-2 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-1-2 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-7-28 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2009-1-2 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2009-2-6 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2008-6-20 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-6-20 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2009-2-6 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2009-2-6 11336]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-5-22 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-5-22 38912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2010-12-03 05:33:35 -------- d-----w- c:\progra~2\506729388
2010-12-03 04:32:31 1152 ----a-w- c:\windows\system32\windrv.sys
2010-12-03 04:32:27 -------- d-----w- c:\program files\SpyNoMore
2010-12-03 04:29:16 -------- d-----w- c:\users\joshlu~1\appdata\roaming\GetRightToGo
2010-12-03 01:58:37 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-03 01:58:30 -------- d-----w- c:\users\joshlu~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-03 01:58:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-03 01:58:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-12-03 00:31:11 -------- d-sh--w- c:\progra~2\SysWoW32
2010-12-03 00:30:56 203776 --sh--w- c:\progra~2\unrar.exe
2010-12-03 00:30:53 505856 --sh--w- c:\windows\KBDBLRwow.exe
2010-12-03 00:30:53 -------- d-sh--w- c:\progra~2\DC40480B6F7EFDF90CD03AF7B283F842
2010-12-03 00:30:39 1381888 ----a-w- c:\progra~2\winsockhc32.exe
2010-12-03 00:30:38 260608 ----a-w- c:\progra~2\api-ms-win-core-console-l1-1-032.dll
2010-12-03 00:30:37 188928 ----a-w- c:\windows\system32\winsockhc32.exe
2010-12-03 00:30:37 1381888 ----a-w- c:\windows\system32\bitsigd32.exe
2010-12-03 00:30:36 414208 ----a-w- c:\windows\system32\api-ms-win-core-console-l1-1-032.dll
2010-12-03 00:25:34 -------- d-----w- c:\users\joshlu~1\appdata\roaming\LimeWire
2010-12-03 00:25:07 -------- d-----w- c:\program files\360Share Pro
2010-11-30 11:07:04 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b6437d02-ef28-4b6d-b562-f65358820ff7}\mpengine.dll
2010-11-24 08:12:42 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-19 21:00:18 -------- d-----w- c:\program files\MediaInfo
2010-11-19 18:42:44 -------- d-----w- C:\_swagelok_downloads
2010-11-19 15:33:34 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-11-14 20:20:54 -------- d-----w- c:\program files\iPod
2010-11-14 20:20:53 -------- d-----w- c:\program files\iTunes
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-22 22:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 12:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST932042 rev.D005 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x83018000]<< >>UNKNOWN [0x8C867000]<< >>UNKNOWN [0x8C856000]<< >>UNKNOWN [0x8C600000]<< >>UNKNOWN [0x8C020000]<< >>UNKNOWN [0x83428000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83054458] -> \Device\Harddisk0\DR0[0x88488AC8]
\Driver\Disk[0x88487DF0] -> IRP_MJ_CREATE -> 0x8C86B39F
3 [0x8C86B59E] -> ntkrnlpa!IofCallDriver[0x83054458] -> [0x88488020]
\Driver\stdflt[0x883DA4E0] -> IRP_MJ_CREATE -> 0x8C60052E
5 [0x8C60170C] -> ntkrnlpa!IofCallDriver[0x83054458] -> \Device\Ide\IAAStorageDevice-1[0x85AED028]
\Driver\iaStor[0x85BAD610] -> IRP_MJ_CREATE -> 0x8C046C54
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 2:16:39.07 ===============

#3 jslim1999

jslim1999
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 03 December 2010 - 02:22 AM

I am having trouble figuring out how to attach the attach.txt file. Please advise. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users