Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 RustyHerms

RustyHerms

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 09 December 2010 - 09:16 AM

This is my first crack at one of these forums however the website been very helpful this far. I have followed the instructions on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and would greatly appreciate any help/advice that can be offered.


How the problem started:

I am typically pretty careful of the websites i visit but yesterday i was tripped up upon visiting a forum for a group trip i want to take.

What have i tried thus far:

I first ran windows defender which seemed to removed something but didn't solve the "google redirect issue" I then tried to run a system restore to a week ago however this only seemed to make matters worse because it uninstalled Malwarebyter. This then seemed to give more power to the virus disabling my internet/program functions and created another virus called "Anti Virus Action program. With the help of this forum "anti virus action" was successfully removed. However, i have still been unable to this point to remove the google redirect virus. I have since tried to run Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition which both discover viruses but do not seem to solve the issue.

Below is a list of logs i have created using DDS & GMER. Any help or advice that can be provided would be greatly, greatly appreciated.

- Rusty

DDS Log


DDS (Ver_10-12-05.01) - NTFSx86
Run by Rusty H at 8:34:05.67 on Thu 12/09/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3572.2181 [GMT -5:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Nortel\IP Softphone 2050 Licensing Server\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Nortel\IP Softphone 2050 Licensing Server\lmgrd.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\TgbStarter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Users\Rusty H\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Rusty H\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.bullexsafety.com/splendid/Users/Login.aspx?Redirect=%7e%2fDefault.aspx
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\users\rusty h\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RockMelt Update] "c:\users\rusty h\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 192.168.50.21 pedro
Hosts: 192.168.50.21 pedro.BDS.bullexsafety.com
Hosts: 192.168.50.22 focus
Hosts: 192.168.50.23 pablo
Hosts: 192.168.50.27 martin

================= FIREFOX ===================

FF - ProfilePath - c:\users\rustyh~1\appdata\roaming\mozilla\firefox\profiles\k7xd80vg.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\users\rusty h\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\rusty h\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\users\rusty h\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\rusty h\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\rusty h\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rusty h\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: XULRunner: {20A52CC4-EAA4-4213-A029-AA9D4D747C99} - c:\users\rusty h\appdata\local\{20A52CC4-EAA4-4213-A029-AA9D4D747C99}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\rusty h\appdata\roaming\Move Networks
FF - Extension: XULRunner: {20A52CC4-EAA4-4213-A029-AA9D4D747C99} - c:\users\rusty h\appdata\local\{20A52CC4-EAA4-4213-A029-AA9D4D747C99}

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-12-4 15172]
R1 ndistgb;TheGreenBow NDIS filter driver;c:\windows\system32\drivers\ndistgb.sys [2010-6-10 25656]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-12-9 67584]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 Nortel IP Softphone 2050 Licensing Server Service;Nortel IP Softphone 2050 Licensing Server Service;c:\program files\nortel\ip softphone 2050 licensing server\lmgrd --> c:\program files\nortel\ip softphone 2050 licensing server\lmgrd [?]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-8-12 668912]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-7-20 206120]
R2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2010-6-10 129592]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-7-20 185640]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-3 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-4 33832]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-6-3 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2009-11-3 134144]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-11-4 221912]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-29 30192]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-11-4 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-11-4 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-11-4 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]

=============== Created Last 30 ================

2010-12-09 12:56:56 -------- d-----w- c:\users\rustyh~1\appdata\local\Safe mirror
2010-12-09 12:56:22 -------- d-----w- c:\program files\Cobian Backup 10
2010-12-08 20:45:49 -------- d-sh--w- C:\found.000
2010-12-08 20:10:34 -------- d-----w- c:\users\rustyh~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-08 20:10:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-08 20:09:57 -------- d-----w- c:\users\rustyh~1\appdata\local\Secunia CSI
2010-12-08 20:05:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-08 15:49:58 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-12-08 15:38:43 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe
2010-12-08 15:25:44 -------- d-----w- c:\program files\Secunia
2010-12-08 14:15:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 14:15:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 13:23:10 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{17844f91-640f-420f-a211-c89a6a5eeed9}\mpengine.dll
2010-12-08 12:57:31 -------- d-----w- c:\users\rustyh~1\appdata\roaming\Malwarebytes
2010-12-08 12:57:25 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-08 12:57:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 19:19:46 -------- d-----w- c:\progra~2\Alwil Software
2010-12-07 14:29:44 -------- d-----w- c:\progra~2\boost_interprocess
2010-12-05 18:10:52 -------- d-----w- c:\program files\vShare
2010-12-03 00:25:38 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-30 17:26:11 -------- d-----w- c:\progra~2\Symantec
2010-11-30 17:26:11 -------- d-----w- c:\progra~2\Norton
2010-11-30 17:26:10 -------- d-----w- c:\progra~2\NortonInstaller
2010-11-30 14:26:04 -------- d-----w- c:\windows\system32\Adobe
2010-11-25 08:00:36 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-25 08:00:36 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-24 15:46:48 -------- d-----w- c:\users\rustyh~1\appdata\local\RockMelt
2010-11-24 12:36:17 -------- d-----w- c:\program files\Coupons

==================== Find3M ====================

2010-10-19 15:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST916041 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8749C555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x874a27b0]; MOV EAX, [0x874a282c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C78458] -> \Device\Harddisk0\DR0[0x874775F8]
3 CLASSPNP[0x8CC6F59E] -> ntkrnlpa!IofCallDriver[0x82C78458] -> [0x87690F08]
\Driver\iaStor[0x8747D030] -> IRP_MJ_CREATE -> 0x8749C555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9160412ASG____________________________0003SDM1#4&3341a3e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 8:34:58.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 16 December 2010 - 06:21 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Let's run TDSSKILLER:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.

Edited by Judicandus, 16 December 2010 - 06:21 AM.


#3 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 16 December 2010 - 03:56 PM

Hi Judicandus,

Running TDSSKILLER appears to have solved the issue. Thank you very much! Do you need any additional information that i have not enclosed? Additionally, given the virus(es) that affected my computer, should I have any concern regarding my personal data being compromised?

Please see below TDSS logs.


2010/12/16 15:41:17.0741 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/16 15:41:17.0741 ================================================================================
2010/12/16 15:41:17.0741 SystemInfo:
2010/12/16 15:41:17.0742
2010/12/16 15:41:17.0742 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/16 15:41:17.0742 Product type: Workstation
2010/12/16 15:41:17.0742 ComputerName: RUSTYH-PC
2010/12/16 15:41:17.0742 UserName: Rusty H
2010/12/16 15:41:17.0742 Windows directory: C:\Windows
2010/12/16 15:41:17.0742 System windows directory: C:\Windows
2010/12/16 15:41:17.0742 Processor architecture: Intel x86
2010/12/16 15:41:17.0742 Number of processors: 2
2010/12/16 15:41:17.0742 Page size: 0x1000
2010/12/16 15:41:17.0742 Boot type: Normal boot
2010/12/16 15:41:17.0742 ================================================================================
2010/12/16 15:41:17.0965 Initialize success
2010/12/16 15:41:20.0384 ================================================================================
2010/12/16 15:41:20.0384 Scan started
2010/12/16 15:41:20.0384 Mode: Manual;
2010/12/16 15:41:20.0384 ================================================================================
2010/12/16 15:41:20.0987 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/16 15:41:21.0036 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/16 15:41:21.0063 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/16 15:41:21.0148 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/12/16 15:41:21.0218 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/16 15:41:21.0263 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/16 15:41:21.0289 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/16 15:41:21.0356 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/16 15:41:21.0385 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/16 15:41:21.0422 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/16 15:41:21.0489 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/16 15:41:21.0538 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/16 15:41:21.0558 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/16 15:41:21.0584 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/16 15:41:21.0607 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/16 15:41:21.0647 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/16 15:41:21.0686 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/16 15:41:21.0713 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/16 15:41:21.0765 ApfiltrService (f45f2965c43cecfbd04b0d1674643522) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/16 15:41:21.0789 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/16 15:41:21.0865 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/16 15:41:21.0902 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/16 15:41:21.0934 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/16 15:41:21.0960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/16 15:41:22.0023 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/16 15:41:22.0071 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/16 15:41:22.0109 BCM42RLY (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
2010/12/16 15:41:22.0195 BCM43XX (5245ebbe39ed9010240c20d21f5a26a9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/16 15:41:22.0299 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/16 15:41:22.0344 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/16 15:41:22.0378 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/16 15:41:22.0394 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/16 15:41:22.0446 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/16 15:41:22.0475 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/16 15:41:22.0501 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/16 15:41:22.0526 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/16 15:41:22.0543 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/16 15:41:22.0583 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/16 15:41:22.0670 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/16 15:41:22.0717 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/16 15:41:22.0758 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/16 15:41:22.0800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/16 15:41:22.0848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/16 15:41:22.0880 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/16 15:41:22.0912 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/16 15:41:22.0959 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/16 15:41:22.0996 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/16 15:41:23.0036 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/16 15:41:23.0126 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/16 15:41:23.0181 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
2010/12/16 15:41:23.0223 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2010/12/16 15:41:23.0279 cvusbdrv (ee773b1806a93a86283b10facebe57db) C:\Windows\system32\Drivers\cvusbdrv.sys
2010/12/16 15:41:23.0348 dc3d (33e7ab50f87f97abd9057205e27cb182) C:\Windows\system32\DRIVERS\dc3d.sys
2010/12/16 15:41:23.0422 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/16 15:41:23.0470 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/16 15:41:23.0523 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/16 15:41:23.0579 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/16 15:41:23.0660 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/16 15:41:23.0734 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
2010/12/16 15:41:23.0857 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/16 15:41:24.0021 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/16 15:41:24.0086 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/16 15:41:24.0129 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/16 15:41:24.0161 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/16 15:41:24.0200 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/16 15:41:24.0268 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/16 15:41:24.0298 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/16 15:41:24.0389 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/16 15:41:24.0655 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/16 15:41:24.0745 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/16 15:41:24.0804 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/16 15:41:24.0877 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/16 15:41:24.0910 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/16 15:41:24.0960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/16 15:41:24.0991 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/16 15:41:25.0066 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
2010/12/16 15:41:25.0085 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/16 15:41:25.0149 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/16 15:41:25.0182 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/16 15:41:25.0225 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/16 15:41:25.0262 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/16 15:41:25.0294 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/16 15:41:25.0332 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/16 15:41:25.0377 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/16 15:41:27.0851 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/16 15:41:31.0911 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/16 15:41:33.0968 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/16 15:41:35.0038 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/16 15:41:35.0078 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/16 15:41:35.0106 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/16 15:41:35.0143 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/16 15:41:35.0167 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/16 15:41:35.0208 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/16 15:41:35.0229 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/16 15:41:35.0270 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/16 15:41:35.0298 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/16 15:41:35.0339 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/16 15:41:35.0370 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/16 15:41:35.0432 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/16 15:41:35.0520 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/16 15:41:35.0612 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/16 15:41:35.0686 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/16 15:41:35.0744 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/16 15:41:35.0805 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/16 15:41:35.0938 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/16 15:41:36.0062 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/12/16 15:41:36.0226 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/16 15:41:36.0276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/16 15:41:36.0337 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/16 15:41:36.0375 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/16 15:41:36.0412 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/16 15:41:36.0439 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/16 15:41:36.0463 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/16 15:41:36.0490 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/16 15:41:36.0534 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/16 15:41:36.0609 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/16 15:41:36.0679 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/16 15:41:36.0760 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/16 15:41:36.0822 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/16 15:41:36.0888 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/16 15:41:36.0943 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/16 15:41:37.0035 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/16 15:41:37.0054 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/16 15:41:37.0077 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/16 15:41:37.0123 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/16 15:41:37.0150 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/16 15:41:37.0244 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/16 15:41:37.0298 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/16 15:41:37.0334 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/16 15:41:37.0354 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/16 15:41:37.0373 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/16 15:41:37.0400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/16 15:41:37.0448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/16 15:41:37.0500 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/16 15:41:37.0527 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/16 15:41:37.0554 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/16 15:41:37.0622 ndistgb (9a15289c95cef603e5458fb12ff5fd99) C:\Windows\system32\DRIVERS\ndistgb.sys
2010/12/16 15:41:37.0643 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/16 15:41:37.0667 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/16 15:41:37.0692 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/16 15:41:37.0725 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/16 15:41:37.0752 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/16 15:41:37.0808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/16 15:41:37.0849 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/16 15:41:37.0888 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/16 15:41:37.0939 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/16 15:41:38.0040 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/16 15:41:38.0072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/16 15:41:38.0304 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/16 15:41:38.0525 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/16 15:41:38.0549 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/16 15:41:38.0577 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/16 15:41:38.0619 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2010/12/16 15:41:38.0657 OA001Vid (438ffcb55b8ce39b0bc71afc0a059835) C:\Windows\system32\DRIVERS\OA001Vid.sys
2010/12/16 15:41:38.0698 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/16 15:41:38.0762 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/16 15:41:38.0790 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/16 15:41:38.0812 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/16 15:41:38.0860 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
2010/12/16 15:41:38.0895 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/16 15:41:38.0919 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/16 15:41:38.0973 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/16 15:41:39.0001 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/16 15:41:39.0046 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/16 15:41:39.0147 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/16 15:41:39.0176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/16 15:41:39.0224 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/16 15:41:39.0270 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/16 15:41:39.0331 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\Windows\system32\Drivers\PzWDM.sys
2010/12/16 15:41:39.0377 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/16 15:41:39.0448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/16 15:41:39.0482 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/16 15:41:39.0506 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/16 15:41:39.0527 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/16 15:41:39.0555 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/16 15:41:39.0592 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/16 15:41:39.0619 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/16 15:41:39.0643 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/16 15:41:39.0667 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/16 15:41:39.0710 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/16 15:41:39.0751 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/16 15:41:39.0782 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/16 15:41:39.0801 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/16 15:41:39.0843 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/16 15:41:39.0890 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/16 15:41:39.0935 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/16 15:41:39.0960 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
2010/12/16 15:41:39.0983 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/16 15:41:40.0079 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/16 15:41:40.0113 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
2010/12/16 15:41:40.0137 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/16 15:41:40.0165 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
2010/12/16 15:41:40.0187 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/16 15:41:40.0249 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/16 15:41:40.0286 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/16 15:41:40.0398 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/16 15:41:40.0442 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/16 15:41:40.0475 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/16 15:41:40.0514 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/16 15:41:40.0564 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/16 15:41:40.0603 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/16 15:41:40.0679 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/16 15:41:40.0702 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/16 15:41:40.0730 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/16 15:41:40.0787 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/16 15:41:40.0812 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/16 15:41:40.0829 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/16 15:41:40.0850 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/16 15:41:40.0882 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/16 15:41:40.0921 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/16 15:41:40.0946 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/16 15:41:40.0989 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/16 15:41:41.0025 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/16 15:41:41.0122 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/16 15:41:41.0153 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/16 15:41:41.0186 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/16 15:41:41.0238 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/16 15:41:41.0275 STHDA (666954876b4c973eee61b1b2332b58c4) C:\Windows\system32\DRIVERS\stwrt.sys
2010/12/16 15:41:41.0333 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/16 15:41:41.0362 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/16 15:41:41.0383 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/16 15:41:41.0493 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/16 15:41:41.0584 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/16 15:41:41.0620 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/16 15:41:41.0674 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/16 15:41:41.0697 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/16 15:41:41.0722 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/16 15:41:41.0754 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/16 15:41:41.0863 TgbHook (3a1ba70745378561a5711db1d9a5c5d6) C:\Windows\system32\Drivers\vistahook.sys
2010/12/16 15:41:41.0896 TgbIpSec (bdcb1643aa1137214c3c5a60e8ac8f0f) C:\Windows\system32\Drivers\dfiltervpn.sys
2010/12/16 15:41:41.0972 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/16 15:41:42.0017 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/16 15:41:42.0042 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/16 15:41:42.0066 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/16 15:41:42.0102 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/16 15:41:42.0129 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/16 15:41:42.0155 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/16 15:41:42.0211 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/12/16 15:41:42.0233 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/16 15:41:42.0262 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/16 15:41:42.0282 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/16 15:41:42.0308 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/16 15:41:42.0339 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/16 15:41:42.0379 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/16 15:41:42.0431 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/16 15:41:42.0477 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/16 15:41:42.0505 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/16 15:41:42.0545 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/16 15:41:42.0576 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/16 15:41:42.0621 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/16 15:41:42.0647 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/16 15:41:42.0674 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/16 15:41:42.0698 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/16 15:41:42.0720 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/16 15:41:42.0738 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/16 15:41:42.0778 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/16 15:41:42.0804 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/16 15:41:42.0845 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/16 15:41:42.0877 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/16 15:41:42.0906 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/16 15:41:42.0948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/16 15:41:42.0978 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/16 15:41:43.0015 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/16 15:41:43.0051 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/12/16 15:41:43.0086 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/16 15:41:43.0123 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/16 15:41:43.0141 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/16 15:41:43.0197 WavxDMgr (4011d285c449dd833040045cb0f0e3fe) C:\Windows\system32\DRIVERS\WavxDMgr.sys
2010/12/16 15:41:43.0236 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/16 15:41:43.0273 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/16 15:41:43.0337 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/16 15:41:43.0363 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/16 15:41:43.0444 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/12/16 15:41:43.0525 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/16 15:41:43.0601 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/16 15:41:43.0660 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/16 15:41:43.0712 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/16 15:41:43.0767 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/16 15:41:43.0772 ================================================================================
2010/12/16 15:41:43.0772 Scan finished
2010/12/16 15:41:43.0772 ================================================================================
2010/12/16 15:41:43.0792 Detected object count: 1
2010/12/16 15:41:50.0188 \HardDisk0 - will be cured after reboot
2010/12/16 15:41:50.0188 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/16 15:42:31.0537 Deinitialize success

#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 16 December 2010 - 04:59 PM

Hi RustyHerms,

please post the DDS log I requested. There might other infections still lurking on your PC.

#5 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 16 December 2010 - 05:25 PM

Sorry about that. It didn't save for some reason, so i just ran it again. Please see attached and below. I have copies from 12/14 as well that i ran by mistake if it would help to compare. Thanks.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Rusty H at 17:21:34.70 on Thu 12/16/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3572.1707 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Nortel\IP Softphone 2050 Licensing Server\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Nortel\IP Softphone 2050 Licensing Server\lmgrd.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\TgbStarter.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Users\Rusty H\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Rusty H\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.bullexsafety.com/splendid/Users/Login.aspx?Redirect=%7e%2fDefault.aspx
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\users\rusty h\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RockMelt Update] "c:\users\rusty h\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
dRun: [eulxwwrp] c:\windows\temp\uhosblvlf\hudtqkhaffm.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 192.168.50.21 pedro
Hosts: 192.168.50.21 pedro.BDS.bullexsafety.com
Hosts: 192.168.50.22 focus
Hosts: 192.168.50.23 pablo
Hosts: 192.168.50.27 martin

================= FIREFOX ===================

FF - ProfilePath - c:\users\rustyh~1\appdata\roaming\mozilla\firefox\profiles\k7xd80vg.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\users\rusty h\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\rusty h\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\users\rusty h\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\rusty h\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\rusty h\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rusty h\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\rusty h\appdata\roaming\Move Networks
FF - Ext: XULRunner: {20A52CC4-EAA4-4213-A029-AA9D4D747C99} - c:\users\rusty h\appdata\local\{20A52CC4-EAA4-4213-A029-AA9D4D747C99}

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-12-4 15172]
R1 ndistgb;TheGreenBow NDIS filter driver;c:\windows\system32\drivers\ndistgb.sys [2010-6-10 25656]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-12-9 67584]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 Nortel IP Softphone 2050 Licensing Server Service;Nortel IP Softphone 2050 Licensing Server Service;c:\program files\nortel\ip softphone 2050 licensing server\lmgrd --> c:\program files\nortel\ip softphone 2050 licensing server\lmgrd [?]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-8-12 668912]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-7-20 206120]
R2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2010-6-10 129592]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-7-20 185640]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-3 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-4 33832]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-6-3 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2009-11-3 134144]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-11-4 221912]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-29 30192]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-11-4 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-11-4 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-11-4 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]

=============== Created Last 30 ================

2010-12-09 12:56:56 -------- d-----w- c:\users\rustyh~1\appdata\local\Safe mirror
2010-12-09 12:56:22 -------- d-----w- c:\program files\Cobian Backup 10
2010-12-08 20:45:49 -------- d-sh--w- C:\found.000
2010-12-08 20:10:34 -------- d-----w- c:\users\rustyh~1\appdata\roaming\SUPERAntiSpyware.com
2010-12-08 20:10:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-08 20:09:57 -------- d-----w- c:\users\rustyh~1\appdata\local\Secunia CSI
2010-12-08 20:05:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-08 15:49:58 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-12-08 15:38:43 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe
2010-12-08 15:25:44 -------- d-----w- c:\program files\Secunia
2010-12-08 14:15:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 14:15:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 13:23:10 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{17844f91-640f-420f-a211-c89a6a5eeed9}\mpengine.dll
2010-12-08 12:57:31 -------- d-----w- c:\users\rustyh~1\appdata\roaming\Malwarebytes
2010-12-08 12:57:25 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-08 12:57:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 19:19:46 -------- d-----w- c:\progra~2\Alwil Software
2010-12-07 14:29:44 -------- d-----w- c:\progra~2\boost_interprocess
2010-12-05 18:10:52 -------- d-----w- c:\program files\vShare
2010-12-03 00:25:38 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-30 17:26:11 -------- d-----w- c:\progra~2\Symantec
2010-11-30 17:26:11 -------- d-----w- c:\progra~2\Norton
2010-11-30 17:26:10 -------- d-----w- c:\progra~2\NortonInstaller
2010-11-30 14:26:04 -------- d-----w- c:\windows\system32\Adobe
2010-11-25 08:00:36 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-25 08:00:36 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-24 15:46:48 -------- d-----w- c:\users\rustyh~1\appdata\local\RockMelt
2010-11-24 12:36:17 -------- d-----w- c:\program files\Coupons

==================== Find3M ====================

2010-10-19 15:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe

============= FINISH: 17:22:12.03 ===============

#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 16 December 2010 - 05:57 PM

Hi RustyHerms,

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


*******************************************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


*******************************************


Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.

#7 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 17 December 2010 - 09:42 AM

Good Morning Judicandus,

Please see below/attached for the following as per your request...

1) Malwarebytes Log


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5342

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

12/17/2010 8:24:21 AM
mbam-log-2010-12-17 (08-24-21).txt

Scan type: Quick scan
Objects scanned: 171912
Time elapsed: 16 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eulxwwrp (Trojan.FakeAV.Gen) -> Value: eulxwwrp -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\uhosblvlf\hudtqkhaffm.exe (Trojan.FakeAV.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\1.2604323525765032e8.exe (Trojan.FakeAV.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\application data\syssvc.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.


2) Security Check

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 9.0.289.0
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




3)Hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:00 AM, on 12/17/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Users\Rusty H\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Rusty H\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Rusty H\Desktop\SecurityCheck.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Users\Rusty H\Downloads\HijackThis.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.bullexsafety.com/splendid/Users/Login.aspx?Redirect=%7e%2fDefault.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:23012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rusty H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\Rusty H\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Nortel IP Softphone 2050 Licensing Server Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TgbIke Starter - TheGreenBow - C:\Windows\system32\TgbStarter.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

--
End of file - 13646 bytes

Attached Files



#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 17 December 2010 - 10:25 AM

Hi RustyHerms,

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

*******************************************

You are missing one important program on that computer: An antivirus.

You need to install an antivirus program and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

AVAST Home Edition User Guide
http://www.avast.com/eng/download-avast-home.html

Alvira AntiVir User Manual
http://www.free-av.com/en/documentation/index.html

AVG antivirus User Manual
http://free.avg.com/ww.download?prd=afe#tba3

Let me know if the antivirus found anything on your computer.

#9 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 17 December 2010 - 02:14 PM

I updated my java then ran AVAST and no threat was found. Does that mean we are all set?

#10 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 17 December 2010 - 11:55 PM

Hi RustyHerms,

Please post a fresh Hijackthis log.

#11 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 20 December 2010 - 08:13 AM

Good Morning Judicandus,

Please see below for the new HiJackThis Log...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:12:42 AM, on 12/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Users\Rusty H\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Windows\system32\taskeng.exe
C:\Users\Rusty H\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Rusty H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Rusty H\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

#12 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 20 December 2010 - 09:30 AM

Hi RustyHerms,

It doesn't seem like your log is complete. Please post the complete log.

#13 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 20 December 2010 - 10:04 AM

Sorry about that...



'Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:16 AM, on 12/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Users\Rusty H\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Rusty H\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rusty H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rusty H\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.bullexsafety.com/splendid/Users/Login.aspx?Redirect=%7e%2fDefault.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:23012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rusty H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\Rusty H\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Nortel IP Softphone 2050 Licensing Server Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TgbIke Starter - TheGreenBow - C:\Windows\system32\TgbStarter.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

--
End of file - 14268 bytes

#14 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:30 AM

Posted 20 December 2010 - 12:00 PM

Hi RustyHerms,

Is the google redirecting still going on?

#15 RustyHerms

RustyHerms
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 20 December 2010 - 12:07 PM

Judicandus,

No, my google is working fine now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users