Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: MyWebSearch, ShopAtHome, SelectRebates


  • This topic is locked This topic is locked
17 replies to this topic

#1 LLAMAMAMA

LLAMAMAMA

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 09 December 2010 - 07:31 PM

I am trying to help clean and update this computer. With instructions from your website I think I've removed Ultra Defragger. I have run and repaired/removed a ton of threats but MyWebSearch, SelectRebates, and ShopAtHome return when I reboot. I need help removing these and anything else I've overlooked. I am including the DDS logs but each time (3) I ran GMER it would start then freeze the entire system. Also many of the programs, etc. needed to be updated. Do I clean first or update first? I updated Windows Defender and installed service pack 1 for Vista so far but now the audio does not work (Realtak says it's unplugged). Please direct me to the resourse/forum to help with updating. I really appreciate the help and I will wait to hear from you before I do anything else. Thank you, Tina


DDS (Ver_10-12-05.01) - NTFSx86
Run by YOU at 13:53:13.35 on Thu 12/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1982.847 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MT288B\chk_mt288b.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\YOU\Desktop\Defogger.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\YOU\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://cox.net/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [chk_mt288b] c:\program files\mt288b\chk_mt288b
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-8 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-6 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-6 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-29 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

=============== Created Last 30 ================

2010-12-09 02:09:34 -------- d-----w- c:\users\you\appdata\roaming\SUPERAntiSpyware.com
2010-12-09 02:09:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-09 02:09:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 01:47:54 -------- d-----w- c:\users\you\{847ad0be-d96d-4dd0-ba4c-449da317103c}
2010-12-09 00:22:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-08 22:35:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-08 22:35:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 22:31:14 -------- d-----w- c:\users\you\appdata\local\Sunbelt Software
2010-12-08 22:30:44 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-08 22:30:13 -------- d-----w- c:\program files\Lavasoft
2010-12-08 22:19:40 -------- d-----w- c:\users\you\appdata\local\ElevatedDiagnostics
2010-12-08 21:28:10 -------- d-----w- c:\program files\Microsoft ATS
2010-12-08 20:29:32 -------- d-----w- C:\PerfLogs
2010-12-08 18:58:43 -------- d-----w- c:\users\you\appdata\local\WindowsUpdate
2010-12-08 17:01:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dc7f9007-efcf-4a27-9c59-b403b9e37aac}\mpengine.dll
2010-12-07 23:50:50 -------- d-----w- C:\382ff30160e3b05c5a
2010-12-07 02:51:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-07 02:51:31 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-07 02:35:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-07 02:35:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-07 01:32:13 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 01:31:17 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:30:51 -------- d-----w- c:\progra~2\Alwil Software
2010-12-06 22:59:46 -------- d-----w- c:\users\you\appdata\roaming\Malwarebytes
2010-12-06 22:59:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 22:59:41 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-06 22:59:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 22:59:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 22:22:59 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-26 22:21:59 328704 ----a-w- c:\windows\system32\BFE.DLL
2010-11-26 22:20:59 69120 ----a-w- c:\windows\system32\vsstrace.dll
2010-11-26 22:19:59 57856 ----a-w- c:\windows\system32\wbem\NCProv.dll
2010-11-26 22:18:59 97280 ----a-w- c:\windows\system32\powrprof.dll
2010-11-26 22:17:59 9216 ----a-w- c:\windows\system32\wship6.dll
2010-11-26 22:16:59 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-26 22:13:18 246784 ----a-w- c:\windows\system32\drvstore.dll
2010-11-26 22:13:16 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-11-26 22:13:16 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-11-26 22:13:16 258560 ----a-w- c:\windows\system32\dpx.dll
2010-11-21 22:36:17 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-11-21 22:35:07 269312 ----a-w- c:\windows\system32\es.dll
2010-11-21 22:33:31 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-21 22:33:31 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-11-21 22:33:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-19 11:41:01 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-11-19 11:41:00 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-19 11:41:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-19 11:41:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-19 11:41:00 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-19 11:41:00 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-19 11:36:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-19 11:36:28 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-11-19 11:36:28 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-11-19 11:36:27 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-19 11:35:25 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-19 11:35:24 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-19 11:33:45 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-19 11:33:45 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-19 11:33:45 17920 ----a-w- c:\windows\system32\netevent.dll
2010-11-19 11:33:45 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-19 11:33:45 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-19 11:33:44 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-19 11:33:44 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-19 11:33:44 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-19 11:33:44 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-19 11:31:11 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-19 11:31:10 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-19 11:31:10 64512 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-19 11:31:10 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-19 11:31:10 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-19 11:31:10 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-19 11:31:10 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-19 11:30:00 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-19 11:30:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-11-19 11:29:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-19 11:29:59 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-11-19 11:28:52 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-19 11:27:47 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-19 11:27:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-19 11:27:46 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-19 11:26:33 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-19 11:26:33 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-19 11:26:33 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-19 11:26:33 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-19 11:26:32 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-19 11:25:21 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-19 11:25:21 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-19 11:23:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-11-19 11:22:24 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-19 11:21:28 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-11-19 11:19:03 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-11-19 11:19:03 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-11-19 11:18:09 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-19 11:17:12 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-19 11:17:12 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-19 11:17:12 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-19 11:16:16 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-11-19 11:13:29 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2010-11-19 11:13:29 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-11-19 11:13:29 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-11-19 11:13:28 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2010-11-19 11:10:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-19 11:09:06 636928 ----a-w- c:\windows\system32\localspl.dll
2010-11-19 11:08:19 2927104 ----a-w- c:\windows\explorer.exe
2010-11-19 11:07:32 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-19 11:06:39 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-19 11:06:39 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-19 11:06:38 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-19 11:06:38 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-19 11:06:38 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-19 11:06:38 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-19 11:06:37 270848 ----a-w- c:\windows\system32\schannel.dll
2010-11-19 10:59:50 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-11-19 10:59:44 988216 ----a-w- c:\windows\system32\winload.exe
2010-11-19 10:59:44 927288 ----a-w- c:\windows\system32\winresume.exe
2010-11-19 10:59:43 40960 ----a-w- c:\windows\system32\srclient.dll
2010-11-19 10:59:43 378368 ----a-w- c:\windows\system32\srcore.dll
2010-11-19 10:59:43 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-11-19 10:59:43 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-11-19 10:59:43 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-11-19 10:59:42 615992 ----a-w- c:\windows\system32\ci.dll
2010-11-19 10:59:42 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-11-19 10:58:18 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-11-19 10:58:17 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-19 10:58:17 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-19 10:58:16 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-19 10:58:16 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-19 10:58:16 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-19 10:58:16 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-19 10:58:15 54784 ----a-w- c:\windows\system32\iasads.dll
2010-11-19 10:58:15 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-19 10:58:15 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-19 10:58:15 17408 ----a-w- c:\windows\system32\iashost.exe
2010-11-19 10:58:14 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-19 10:57:29 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-19 10:57:29 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-19 10:55:57 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-19 10:55:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-19 10:55:57 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-19 10:55:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-19 10:55:11 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-11-19 10:54:18 24064 ----a-w- c:\windows\system32\amxread.dll
2010-11-19 10:54:17 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-11-19 10:53:33 98304 ----a-w- c:\windows\system32\cabview.dll
2010-11-19 10:52:52 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-11-19 10:52:52 37888 ----a-w- c:\windows\system32\printcom.dll
2010-11-19 10:52:09 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-11-19 10:50:30 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-19 10:50:30 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-19 10:49:28 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-19 10:49:27 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-19 10:49:27 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-11-19 10:49:26 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-19 10:49:26 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-11-19 10:49:25 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-19 10:49:25 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-11-19 10:49:23 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-19 10:49:22 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-19 10:49:22 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-19 10:43:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-19 10:43:07 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-19 10:43:07 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-19 10:43:07 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-19 10:43:02 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-19 10:43:01 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-19 10:43:01 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-19 10:43:00 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-19 10:22:33 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-19 10:22:32 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-19 10:22:30 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-19 10:22:29 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-19 10:22:29 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-19 10:05:58 94720 ----a-w- c:\windows\system32\logagent.exe
2010-11-19 10:05:57 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-11-19 10:05:44 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-19 10:05:44 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-19 10:05:33 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-11-19 10:05:21 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-19 10:05:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-19 10:04:38 281600 ----a-w- c:\windows\system32\raschap.dll
2010-11-19 10:04:38 244224 ----a-w- c:\windows\system32\rastls.dll
2010-11-19 10:04:25 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-19 10:04:00 -------- d-----w- c:\program files\MSXML 4.0
2010-11-19 10:03:19 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-11-19 10:03:19 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-19 10:03:19 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-19 10:03:19 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-19 10:03:19 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-19 10:03:19 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-11-19 10:03:19 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-19 10:03:18 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-19 10:03:18 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-19 10:03:18 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-19 10:02:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-18 21:07:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-18 21:06:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-18 21:05:56 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-18 21:05:55 33792 ----a-w- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2010-12-08 19:48:42 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-08 19:48:41 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-19 11:38:36 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-19 11:38:33 833024 ----a-w- c:\windows\system32\wininet.dll
2010-11-19 11:38:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-19 11:38:27 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-11-19 11:38:27 389632 ----a-w- c:\windows\system32\html.iec
2010-11-19 11:38:25 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-19 11:38:21 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-19 10:54:17 40960 ----a-w- c:\windows\apppatch\apihex86.dll

============= FINISH: 13:54:14.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 12 December 2010 - 05:12 PM

Hello!? Can anyone help me?

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 PM

Posted 16 December 2010 - 05:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#4 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 19 December 2010 - 03:50 PM

I am trying to help clean and update this computer. With instructions from your website I think I've removed Ultra Defragger. I have run and repaired/removed a ton of threats but MyWebSearch, SelectRebates, and ShopAtHome return when I reboot. I need help removing these and anything else I've overlooked. I am including the DDS logs but each time (3) I ran GMER it would start then freeze the entire system. Also many of the programs, etc. needed to be updated. Do I clean first or update first? I updated Windows Defender and installed service pack 1 for Vista so far but now the audio does not work (Realtek says it's unplugged). Please direct me to the resourse/forum to help with updating. I really appreciate the help and I will wait to hear from you before I do anything else. Thank you, Tina

The paragraph above is my original post and is still relevent. It would be helpful if my questions and concerns were addressed. After shutting down antivirus, all spyware programs and CD emulation, GMER will not run for more than three minutes and freezes the system. Below is new updated DDS log. Thank you, Tina


DDS (Ver_10-12-05.01) - NTFSx86
Run by YOU at 11:51:27.58 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1982.1177 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MT288B\chk_mt288b.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\YOU\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://cox.net/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [chk_mt288b] c:\program files\mt288b\chk_mt288b
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-8 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-6 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-6 1153368]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-29 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

=============== Created Last 30 ================

2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\vi-VN
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\eu-ES
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\ca-ES
2010-12-17 22:33:08 -------- d-----w- c:\windows\system32\EventProviders
2010-12-17 21:51:00 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-17 21:49:40 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-17 21:31:55 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-17 21:28:33 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ad859655-0c4a-466a-b5c2-3f73c1c14ba6}\mpengine.dll
2010-12-15 01:08:08 -------- d-----w- c:\users\you\appdata\roaming\AOL
2010-12-15 01:07:10 -------- d-----w- c:\program files\common files\Nullsoft
2010-12-15 01:06:41 -------- d-----w- c:\progra~2\Viewpoint
2010-12-15 01:06:39 -------- d-----w- c:\program files\Viewpoint
2010-12-15 01:00:59 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-12-15 01:00:29 -------- d-----w- c:\program files\common files\AOL
2010-12-15 01:00:12 -------- d--h--w- C:\TEMP
2010-12-13 00:22:23 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-13 00:14:58 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-13 00:14:58 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-13 00:14:58 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-13 00:14:58 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-13 00:14:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-13 00:12:30 -------- d-----w- c:\windows\CheckSur
2010-12-09 17:55:13 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-12-09 17:55:08 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-12-09 17:55:08 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-12-09 17:55:05 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-12-09 17:55:04 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-12-09 17:55:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-12-09 17:55:00 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-12-09 17:53:59 710144 ----a-w- c:\windows\system32\Magnify.exe
2010-12-09 17:52:56 107520 ----a-w- c:\windows\system32\imapi.dll
2010-12-09 17:51:59 615424 ----a-w- c:\windows\system32\themeui.dll
2010-12-09 17:50:33 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-12-09 17:50:33 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-12-09 17:50:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-12-09 17:50:33 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-12-09 17:50:33 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-12-09 17:50:33 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-12-09 17:50:33 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-12-09 17:50:26 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-12-09 17:50:15 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-12-09 17:50:15 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-12-09 17:49:40 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-12-09 17:45:18 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-12-09 17:45:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-09 17:44:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-09 17:44:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-09 17:44:44 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-09 17:44:44 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-09 17:44:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-09 17:44:23 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-09 17:43:33 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-09 17:43:29 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2010-12-09 17:43:26 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-12-09 17:43:17 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-09 17:43:13 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-09 17:43:13 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-09 17:43:07 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-09 17:43:02 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-09 17:41:40 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-09 17:41:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-09 17:41:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-09 17:37:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-12-09 17:34:59 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-09 17:34:59 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-09 17:34:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-09 17:34:56 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-09 17:34:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-09 17:34:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-09 17:34:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-09 17:34:51 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-09 17:34:51 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-09 17:28:51 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-12-09 17:28:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-12-09 02:09:34 -------- d-----w- c:\users\you\appdata\roaming\SUPERAntiSpyware.com
2010-12-09 02:09:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-09 02:09:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 01:47:54 -------- d-----w- c:\users\you\{847ad0be-d96d-4dd0-ba4c-449da317103c}
2010-12-09 00:22:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-08 22:35:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-08 22:35:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 22:31:14 -------- d-----w- c:\users\you\appdata\local\Sunbelt Software
2010-12-08 22:30:44 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-08 22:30:13 -------- d-----w- c:\program files\Lavasoft
2010-12-08 22:19:40 -------- d-----w- c:\users\you\appdata\local\ElevatedDiagnostics
2010-12-08 21:28:10 -------- d-----w- c:\program files\Microsoft ATS
2010-12-08 20:29:32 -------- d-----w- C:\PerfLogs
2010-12-08 18:58:43 -------- d-----w- c:\users\you\appdata\local\WindowsUpdate
2010-12-07 23:50:50 -------- d-----w- C:\382ff30160e3b05c5a
2010-12-07 02:51:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-07 02:51:31 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-07 02:35:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-07 02:35:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-07 01:32:13 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 01:31:17 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:30:51 -------- d-----w- c:\progra~2\Alwil Software
2010-12-06 22:59:46 -------- d-----w- c:\users\you\appdata\roaming\Malwarebytes
2010-12-06 22:59:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 22:59:41 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-06 22:59:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 22:59:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 22:23:22 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\default\MpEngine.dll
2010-11-26 22:23:11 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-11-26 22:23:07 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-11-26 22:23:05 175104 ----a-w- c:\windows\system32\winrscmd.dll
2010-11-26 22:23:00 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
2010-11-26 22:21:59 215096 ----a-w- c:\program files\windows defender\MsMpCom.dll
2010-11-26 22:20:59 69120 ----a-w- c:\windows\system32\vsstrace.dll
2010-11-26 22:19:59 135680 ----a-w- c:\windows\system32\wbem\wmipdskq.dll
2010-11-26 22:18:59 70144 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-11-26 22:17:59 9216 ----a-w- c:\windows\system32\wship6.dll
2010-11-26 22:16:59 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-26 22:14:43 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-11-26 22:14:42 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-11-26 22:14:24 129536 ----a-w- c:\windows\system32\sqmapi.dll
2010-11-26 22:14:23 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2010-11-26 22:13:16 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-11-26 22:13:16 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-11-26 22:13:16 258560 ----a-w- c:\windows\system32\dpx.dll
2010-11-21 22:36:17 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-21 22:33:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-21 22:33:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-21 22:33:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-19 11:41:02 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-19 11:41:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-19 11:36:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-19 11:36:27 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-19 11:33:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-19 11:33:50 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-19 11:33:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-19 11:33:50 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-19 11:33:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-19 11:33:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-19 11:33:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-19 11:33:49 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-19 11:31:15 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-19 11:31:14 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-19 11:31:13 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-19 11:31:13 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-19 11:31:13 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-19 11:31:13 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-19 11:31:10 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-19 11:30:01 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-19 11:30:00 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-19 11:29:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-19 11:28:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-19 11:27:48 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-19 11:27:48 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-19 11:27:47 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-19 11:26:37 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-19 11:26:36 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-19 11:26:36 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-19 11:26:36 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-19 11:26:36 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-19 11:22:24 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-19 11:18:09 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-19 11:17:14 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-19 11:17:14 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-19 11:17:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-19 11:13:32 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2010-11-19 11:13:32 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2010-11-19 11:09:06 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-19 11:07:32 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-19 11:06:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-19 11:06:41 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-19 11:06:40 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-19 11:06:40 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-19 11:06:40 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-19 11:06:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-19 10:59:50 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-11-19 10:57:29 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-19 10:57:29 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-19 10:55:58 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-11-19 10:55:58 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-19 10:55:58 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-19 10:55:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-19 10:53:33 98304 ----a-w- c:\windows\system32\cabview.dll
2010-11-19 10:52:52 37888 ----a-w- c:\windows\system32\printcom.dll
2010-11-19 10:50:30 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-19 10:49:37 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-19 10:49:37 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-19 10:49:37 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-19 10:49:35 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-19 10:49:34 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-19 10:49:34 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-11-19 10:49:33 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-19 10:49:33 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-11-19 10:05:44 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-19 10:05:33 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-19 10:05:21 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-19 10:04:38 243712 ----a-w- c:\windows\system32\rastls.dll
2010-11-19 10:04:25 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-19 10:04:00 -------- d-----w- c:\program files\MSXML 4.0
2010-11-19 10:03:21 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-11-19 10:03:21 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-19 10:03:21 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-19 10:03:21 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-19 10:03:21 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-19 10:03:21 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-19 10:03:20 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-19 10:03:20 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-19 10:03:20 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-11-19 10:03:19 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-19 10:02:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-18 21:07:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-18 21:06:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-18 21:05:56 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-18 21:05:55 33792 ----a-w- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2010-12-08 19:48:42 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-08 19:48:41 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 11:52:11.07 ===============

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:28 PM

Posted 21 December 2010 - 10:27 AM

Hi

Please run the following:


Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.


NEXT



Scan With RootKitUnHooker

  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 December 2010 - 08:47 PM

Scans requested are as follows:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 531s
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 146):
0x8200C000 \SystemRoot\system32\ntkrnlpa.exe
0x823C5000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\PSHED.dll
0x80419000 \SystemRoot\system32\BOOTVID.dll
0x80421000 \SystemRoot\system32\CLFS.SYS
0x80462000 \SystemRoot\system32\CI.dll
0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\System32\drivers\partmgr.sys
0x80697000 \SystemRoot\system32\drivers\volmgr.sys
0x806A6000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F0000 \SystemRoot\system32\drivers\pciide.sys
0x806F7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80705000 \SystemRoot\System32\drivers\mountmgr.sys
0x80715000 \SystemRoot\system32\drivers\atapi.sys
0x8071D000 \SystemRoot\system32\drivers\ataport.SYS
0x8073B000 \SystemRoot\system32\drivers\nvstor.sys
0x80748000 \SystemRoot\system32\drivers\storport.sys
0x80789000 \SystemRoot\system32\drivers\fltmgr.sys
0x807BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x807CB000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x807DA000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82608000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82679000 \SystemRoot\system32\drivers\ndis.sys
0x82784000 \SystemRoot\system32\drivers\msrpc.sys
0x827AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C0F000 \SystemRoot\System32\drivers\tcpip.sys
0x82CF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82E04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F14000 \SystemRoot\system32\drivers\volsnap.sys
0x82F4D000 \SystemRoot\System32\Drivers\spldr.sys
0x82F55000 \SystemRoot\System32\Drivers\mup.sys
0x82F64000 \SystemRoot\System32\drivers\ecache.sys
0x82F8B000 \SystemRoot\system32\drivers\disk.sys
0x82F9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82FBD000 \SystemRoot\system32\drivers\crcdisk.sys
0x82FEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82FF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82D14000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x82D24000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x82D2E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x82D6C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x82D7B000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x82DC5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B003000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8B106000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8B1BA000 \SystemRoot\system32\drivers\modem.sys
0x8B202000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B28F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8B391000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B804000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C122000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C124000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1C5000 \SystemRoot\System32\drivers\watchdog.sys
0x8C1D1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B3A9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B3B4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B3CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B3D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B1C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B1D6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B1EA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B3F9000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x82DEF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x82C00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x827EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x827F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807E3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C206000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C217000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C3C8000 \SystemRoot\system32\drivers\portcls.sys
0x8EA04000 \SystemRoot\system32\drivers\drmk.sys
0x8EA29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EA32000 \SystemRoot\System32\Drivers\Null.SYS
0x8EA39000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EA49000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EA50000 \SystemRoot\System32\drivers\vga.sys
0x8EA5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EA7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EA85000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EA8D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EA98000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EAA6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EAAF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EAC5000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8EACF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EAE3000 \SystemRoot\system32\drivers\afd.sys
0x8EB2B000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8EB30000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EB62000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EB78000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EB86000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EB99000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8EBBB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8EBC1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C3F5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EE0C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EE23000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8EE4A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8EE53000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EE63000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EE65000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EE6D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EE7A000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8EE84000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x8EE91000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EEA8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EEB1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x94080000 \SystemRoot\System32\win32k.sys
0x8EEC6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EED0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x942A0000 \SystemRoot\System32\TSDDD.dll
0x942C0000 \SystemRoot\System32\cdd.dll
0x8EEDF000 \SystemRoot\system32\drivers\luafv.sys
0x8EEFA000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8EF31000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8EF3C000 \SystemRoot\system32\drivers\spsys.sys
0x8EFEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82FC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C609000 \SystemRoot\system32\drivers\HTTP.sys
0x9C676000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C693000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C6AC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C6C1000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C6E2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C701000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C73A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C752000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C77A000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C7E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D00F000 \SystemRoot\system32\drivers\peauth.sys
0x9D0ED000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9D115000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D11F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D12B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9D133000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9D148000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9D15A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77A20000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
524 csrss.exe
572 C:\Windows\System32\wininit.exe
588 csrss.exe
624 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\audiodg.exe
1264 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\SLsvc.exe
1356 C:\Windows\servicing\TrustedInstaller.exe
1376 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\svchost.exe
1568 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1884 C:\Windows\System32\spoolsv.exe
1916 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1932 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2052 C:\Windows\System32\svchost.exe
2084 C:\Windows\System32\svchost.exe
2108 C:\Windows\System32\SearchIndexer.exe
2220 C:\Windows\System32\drivers\XAudio.exe
2272 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2400 WUDFHost.exe
3664 WmiPrvSE.exe
3796 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
216 C:\Windows\System32\taskeng.exe
3100 C:\Windows\System32\dwm.exe
3136 C:\Windows\explorer.exe
2832 C:\Program Files\Windows Defender\MSASCui.exe
3112 C:\Windows\RtHDVCpl.exe
3820 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1444 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3036 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3872 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1000 C:\Program Files\MT288B\chk_mt288b.exe
2808 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3588 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2140 C:\Program Files\Digital Line Detect\DLG.exe
3352 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4080 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3944 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
1300 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4000 C:\Windows\System32\svchost.exe
3172 C:\Program Files\Windows Media Player\wmpnscfg.exe
2376 C:\Program Files\Windows Media Player\wmpnetwk.exe
5680 C:\Windows\System32\UI0Detect.exe
5740 C:\Windows\System32\ctfmon.exe
2776 C:\Windows\System32\taskeng.exe
4336 MpCmdRun.exe
5568 C:\Users\YOU\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.AD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

----------------------------------------------------------------------------------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8B80A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9560064 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 190.38 )
0x82007000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82007000 PnpManager 3903488 bytes
0x82007000 RAW 3903488 bytes
0x82007000 WMIxWDM 3903488 bytes
0x94670000 Win32k 2109440 bytes
0x94670000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C44B000 C:\Windows\system32\drivers\RTKVHDA.sys 1773568 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x82E0E000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82677000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B40F000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8B695000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1056768 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x82C01000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8046B000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9AE6A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B512000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x98E0E000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C12A000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B608000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8054B000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82606000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x98EBE000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9AE00000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x82D6D000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806A3000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C71B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80607000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8042A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x80745000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x82D20000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C80B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x827AD000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98FB6000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x82F1E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C93F000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8C405000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x823C0000 ACPI_HAL 208896 bytes
0x823C0000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80786000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C768000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B7AF000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8C60F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82782000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x82DB7000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9AF48000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8C9BC000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C868000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x82F6E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8065E000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8C63C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B5D3000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C7D1000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x82FA6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x98F76000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8C694000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x98F97000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8071A000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x98F2B000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82CEB000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C924000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98F48000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B797000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8C9A4000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8C851000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C1E2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8C8C7000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9AFB5000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C79A000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C6E7000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x98F61000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x827E8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C8B2000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9AF8E000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x82DE1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C707000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C991000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C7BE000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9AFA3000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x82F95000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8C43A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80411000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82D06000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x807B8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8C898000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8C981000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80702000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x807E0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x807C8000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x8C915000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82F5F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80685000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B7E9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x82D5E000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80694000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x948B0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8C7B0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C6D0000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806F4000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C8E7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C8FE000 C:\Windows\System32\Drivers\dump_nvstor.sys 53248 bytes
0x8B5C6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x80738000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x807F0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805C7000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9AF7A000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C688000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C1CB000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8B400000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x82DF5000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C6C5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B7DE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C1D7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x82FF4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C6FD000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8C8F4000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8C90B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B5F6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C847000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9AF70000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x82D16000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x82FC7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8C661000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C88F000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8C8DE000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9AFCB000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807D7000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8C6DE000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94890000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x82E00000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8064D000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80712000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80422000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C8AA000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80656000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C6B5000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C6BD000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x82F57000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9AF86000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8C671000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8C681000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040A000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8C66A000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806ED000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C7F3000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8C1F9000 C:\Windows\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0x8C763000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9AE66000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8C976000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8C128000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 190.38 )
0x8B800000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C8A8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x019F0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x879B5AF8 ] PID: 3556, 28672 bytes
0x019D0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x879B5AF8 ] PID: 3556, 45056 bytes
0x008F0000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x879B5AF8 ] PID: 3556, 77824 bytes

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:28 PM

Posted 21 December 2010 - 11:31 PM

Hi

Please do the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 22 December 2010 - 10:52 AM

ComboFix 10-12-21.04 - YOU 12/22/2010 8:25.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1982.1062 [GMT -7:00]
Running from: c:\users\YOU\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-21 22:46 . 2010-11-16 19:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A63415B0-C95A-438C-8373-27F2CE00B0A5}\mpengine.dll
2010-12-21 22:30 . 2010-12-21 22:30 -------- d-----w- c:\program files\Windows Portable Devices
2010-12-21 22:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-12-21 22:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-21 22:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-21 22:24 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-12-21 22:24 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-12-21 22:24 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-12-19 20:03 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-19 20:02 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-17 22:49 . 2010-12-17 22:50 -------- d-----w- c:\windows\system32\ca-ES
2010-12-17 22:49 . 2010-12-17 22:50 -------- d-----w- c:\windows\system32\eu-ES
2010-12-17 22:49 . 2010-12-17 22:50 -------- d-----w- c:\windows\system32\vi-VN
2010-12-17 22:33 . 2010-12-17 22:33 -------- d-----w- c:\windows\system32\EventProviders
2010-12-17 21:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-17 21:49 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-17 21:31 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 01:08 . 2010-12-18 00:07 -------- d-----w- c:\users\YOU\AppData\Roaming\AOL
2010-12-15 01:07 . 2010-12-15 01:07 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-12-15 01:06 . 2010-12-15 01:06 -------- d-----w- c:\programdata\Viewpoint
2010-12-15 01:06 . 2010-12-15 01:06 -------- d-----w- c:\program files\Viewpoint
2010-12-15 01:00 . 2006-11-01 20:18 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-12-15 01:00 . 2010-12-18 00:13 -------- d-----w- c:\programdata\AOL
2010-12-15 01:00 . 2010-12-18 00:21 -------- d-----w- c:\program files\Common Files\AOL
2010-12-15 01:00 . 2010-12-15 01:00 -------- d-----w- C:\TEMP
2010-12-13 00:22 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-13 00:14 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-13 00:14 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-13 00:14 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-13 00:14 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-13 00:14 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-13 00:12 . 2010-12-13 00:12 -------- d-----w- c:\windows\CheckSur
2010-12-09 17:55 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-12-09 17:55 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-12-09 17:55 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-12-09 17:55 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-12-09 17:55 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-12-09 17:55 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-12-09 17:55 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-12-09 17:53 . 2009-04-11 06:27 710144 ----a-w- c:\windows\system32\Magnify.exe
2010-12-09 17:52 . 2009-04-11 06:28 107520 ----a-w- c:\windows\system32\imapi.dll
2010-12-09 17:51 . 2009-04-11 06:28 615424 ----a-w- c:\windows\system32\themeui.dll
2010-12-09 17:50 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-12-09 17:50 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-12-09 17:50 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-12-09 17:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-12-09 17:50 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-12-09 17:50 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-12-09 17:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-12-09 17:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-12-09 17:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-12-09 17:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-12-09 17:49 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-12-09 17:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-09 17:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-09 17:44 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-09 17:44 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-09 17:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-09 17:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-09 17:44 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-09 17:44 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-09 17:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-09 17:43 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-12-09 17:43 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-12-09 17:43 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-09 17:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-09 17:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-09 17:43 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-09 17:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-09 17:41 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-09 17:41 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-09 17:41 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-09 17:37 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-12-09 17:34 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-09 17:34 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-09 17:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-09 17:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-09 17:34 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-09 17:34 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-09 17:34 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-09 17:34 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-09 17:34 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-09 17:28 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-12-09 17:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-12-09 02:09 . 2010-12-09 02:09 -------- d-----w- c:\users\YOU\AppData\Roaming\SUPERAntiSpyware.com
2010-12-09 02:09 . 2010-12-09 02:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-09 02:09 . 2010-12-18 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 01:47 . 2010-12-09 17:50 -------- d-----w- c:\users\YOU\{847ad0be-d96d-4dd0-ba4c-449da317103c}
2010-12-09 00:22 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-08 22:35 . 2010-12-08 22:35 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-08 22:35 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-08 22:35 . 2010-12-08 22:35 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 22:31 . 2010-12-08 22:31 -------- d-----w- c:\users\YOU\AppData\Local\Sunbelt Software
2010-12-08 22:30 . 2010-12-08 22:30 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-08 22:30 . 2010-12-08 22:35 -------- d-----w- c:\programdata\Lavasoft
2010-12-08 22:30 . 2010-12-08 22:30 -------- d-----w- c:\program files\Lavasoft
2010-12-08 22:19 . 2010-12-08 22:19 -------- d-----w- c:\users\YOU\AppData\Local\ElevatedDiagnostics
2010-12-08 21:28 . 2010-12-08 21:31 -------- d-----w- c:\program files\Microsoft ATS
2010-12-08 20:29 . 2010-12-08 20:29 -------- d-----w- C:\PerfLogs
2010-12-08 18:58 . 2010-12-08 18:58 -------- d-----w- c:\users\YOU\AppData\Local\WindowsUpdate
2010-12-07 23:50 . 2010-12-07 23:50 -------- d-----w- C:\382ff30160e3b05c5a
2010-12-07 02:51 . 2010-12-09 17:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-07 02:51 . 2010-12-07 02:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-07 02:35 . 2010-10-19 17:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-07 01:32 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-07 01:32 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-07 01:32 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-07 01:32 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-07 01:32 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 01:31 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:31 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-07 01:30 . 2010-12-07 01:30 -------- d-----w- c:\programdata\Alwil Software
2010-12-07 01:30 . 2010-12-07 01:30 -------- d-----w- c:\program files\Alwil Software
2010-12-06 22:59 . 2010-12-06 22:59 -------- d-----w- c:\users\YOU\AppData\Roaming\Malwarebytes
2010-12-06 22:59 . 2010-11-30 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 22:59 . 2010-12-06 22:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-06 22:59 . 2010-12-07 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 22:59 . 2010-11-30 18:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 20:42 . 2010-11-29 20:42 -------- d-----w- c:\programdata\HPSSUPPLY
2010-11-29 20:41 . 2010-11-29 20:41 -------- d-----w- c:\users\Guest\AppData\Roaming\HP
2010-11-26 22:23 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-11-26 22:23 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-11-26 22:23 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll
2010-11-26 22:23 . 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
2010-11-26 22:21 . 2008-01-19 07:38 215096 ----a-w- c:\program files\Windows Defender\MsMpCom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 19:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-08 19:48 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-21 22:36 . 2010-11-21 22:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-21 22:33 . 2010-11-21 22:33 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-21 22:33 . 2010-11-21 22:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-21 22:33 . 2010-11-21 22:33 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-21 22:33 . 2010-11-21 22:33 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-19 11:41 . 2010-11-19 11:41 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-19 11:41 . 2010-11-19 11:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-19 11:36 . 2010-11-19 11:36 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-19 11:36 . 2010-11-19 11:36 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-19 11:33 . 2010-11-19 11:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-19 11:33 . 2010-11-19 11:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-19 11:33 . 2010-11-19 11:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-19 11:33 . 2010-11-19 11:33 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-19 11:33 . 2010-11-19 11:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-19 11:33 . 2010-11-19 11:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-19 11:33 . 2010-11-19 11:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-19 11:33 . 2010-11-19 11:33 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-19 11:31 . 2010-11-19 11:31 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-19 11:31 . 2010-11-19 11:31 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-19 11:31 . 2010-11-19 11:31 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-19 11:31 . 2010-11-19 11:31 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-19 11:31 . 2010-11-19 11:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-19 11:31 . 2010-11-19 11:31 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-19 11:31 . 2010-11-19 11:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-19 11:30 . 2010-11-19 11:30 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-19 11:30 . 2010-11-19 11:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-19 11:29 . 2010-11-19 11:29 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-19 11:28 . 2010-11-19 11:28 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-19 11:27 . 2010-11-19 11:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-19 11:27 . 2010-11-19 11:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-19 11:27 . 2010-11-19 11:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-19 11:26 . 2010-11-19 11:26 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-19 11:26 . 2010-11-19 11:26 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-19 11:26 . 2010-11-19 11:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-19 11:26 . 2010-11-19 11:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-19 11:26 . 2010-11-19 11:26 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-19 11:22 . 2010-11-19 11:22 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-19 11:18 . 2010-11-19 11:18 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-19 11:17 . 2010-11-19 11:17 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-19 11:17 . 2010-11-19 11:17 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-19 11:17 . 2010-11-19 11:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-19 11:09 . 2010-11-19 11:09 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-19 11:07 . 2010-11-19 11:07 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-19 11:06 . 2010-11-19 11:06 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-19 11:06 . 2010-11-19 11:06 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-19 11:06 . 2010-11-19 11:06 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-19 11:06 . 2010-11-19 11:06 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-19 11:06 . 2010-11-19 11:06 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-19 11:06 . 2010-11-19 11:06 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-19 11:03 . 2010-11-19 11:03 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-11-19 11:03 . 2010-11-19 11:03 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-11-19 11:03 . 2010-11-19 11:03 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-11-19 11:03 . 2010-11-19 11:03 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-11-19 11:03 . 2010-11-19 11:03 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-11-19 11:03 . 2010-11-19 11:03 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-11-19 11:03 . 2010-11-19 11:03 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-11-19 11:03 . 2010-11-19 11:03 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-11-19 11:03 . 2010-11-19 11:03 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-11-19 11:03 . 2010-11-19 11:03 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-11-19 11:03 . 2010-11-19 11:03 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-11-19 11:03 . 2010-11-19 11:03 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-11-19 11:03 . 2010-11-19 11:03 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-11-19 11:03 . 2010-11-19 11:03 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-11-19 11:03 . 2010-11-19 11:03 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-11-19 11:03 . 2010-11-19 11:03 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-11-19 11:03 . 2010-11-19 11:03 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-11-19 11:03 . 2010-11-19 11:03 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-11-19 11:03 . 2010-11-19 11:03 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-11-19 11:03 . 2010-11-19 11:03 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-11-19 11:03 . 2010-11-19 11:03 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-11-19 11:03 . 2010-11-19 11:03 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-11-19 11:03 . 2010-11-19 11:03 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-11-19 11:03 . 2010-11-19 11:03 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-11-19 11:03 . 2010-11-19 11:03 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-11-19 11:03 . 2010-11-19 11:03 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-11-19 11:03 . 2010-11-19 11:03 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-11-19 11:03 . 2010-11-19 11:03 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-11-19 11:03 . 2010-11-19 11:03 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-11-19 11:03 . 2010-11-19 11:03 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-11-19 11:03 . 2010-11-19 11:03 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-11-19 11:03 . 2010-11-19 11:03 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-11-19 11:03 . 2010-11-19 11:03 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-11-19 11:03 . 2010-11-19 11:03 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-11-19 11:03 . 2010-11-19 11:03 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-11-19 11:03 . 2010-11-19 11:03 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-11-19 11:03 . 2010-11-19 11:03 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-11-19 11:03 . 2010-11-19 11:03 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-11-19 11:03 . 2010-11-19 11:03 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-11-19 11:03 . 2010-11-19 11:03 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-11-19 11:03 . 2010-11-19 11:03 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2010-11-19 11:03 . 2010-11-19 11:03 2657280 ----a-w- c:\windows\system32\NlsData0011.dll
2010-11-19 11:03 . 2010-11-19 11:03 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-18 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chk_mt288b"="c:\program files\MT288B\chk_mt288b" [X]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-29 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:50]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:50]

2010-12-07 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-12-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cox.net/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 08:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-22 08:34:33
ComboFix-quarantined-files.txt 2010-12-22 15:34

Pre-Run: 114,051,162,112 bytes free
Post-Run: 113,990,148,096 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4,7
- - End Of File - - 97E2F504C347740FD5DF867709796DB1

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:28 PM

Posted 22 December 2010 - 11:10 AM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]

FixCSet::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 23 December 2010 - 09:37 PM

ComboFix 10-12-21.04 - YOU 12/23/2010 16:53:09.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1982.993 [GMT -7:00]
Running from: c:\users\YOU\Desktop\ComboFix.exe
Command switches used :: c:\users\YOU\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 00:05 . 2010-12-24 00:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-24 00:05 . 2010-12-24 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 22:46 . 2010-11-16 19:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A63415B0-C95A-438C-8373-27F2CE00B0A5}\mpengine.dll
2010-12-21 22:30 . 2010-12-21 22:30 -------- d-----w- c:\program files\Windows Portable Devices
2010-12-21 22:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-12-21 22:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-21 22:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-21 22:24 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-12-21 22:24 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-12-21 22:24 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-12-19 20:03 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-19 20:02 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-17 22:49 . 2010-12-17 22:50 -------- d-----w- c:\windows\system32\ca-ES
2010-12-17 22:49 . 2010-12-17 22:50 -------- d-----w- c:\windows\system32\eu-ES
2010-12-17 22:49 . 2010-12-17 22:50 -------- d-----w- c:\windows\system32\vi-VN
2010-12-17 22:33 . 2010-12-17 22:33 -------- d-----w- c:\windows\system32\EventProviders
2010-12-17 21:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-17 21:49 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-17 21:31 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 01:08 . 2010-12-18 00:07 -------- d-----w- c:\users\YOU\AppData\Roaming\AOL
2010-12-15 01:07 . 2010-12-15 01:07 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-12-15 01:06 . 2010-12-15 01:06 -------- d-----w- c:\programdata\Viewpoint
2010-12-15 01:06 . 2010-12-15 01:06 -------- d-----w- c:\program files\Viewpoint
2010-12-15 01:00 . 2006-11-01 20:18 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-12-15 01:00 . 2010-12-18 00:13 -------- d-----w- c:\programdata\AOL
2010-12-15 01:00 . 2010-12-18 00:21 -------- d-----w- c:\program files\Common Files\AOL
2010-12-15 01:00 . 2010-12-15 01:00 -------- d-----w- C:\TEMP
2010-12-13 00:22 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-13 00:14 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-13 00:14 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-13 00:14 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-13 00:14 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-13 00:14 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-13 00:12 . 2010-12-13 00:12 -------- d-----w- c:\windows\CheckSur
2010-12-09 17:55 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-12-09 17:55 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-12-09 17:55 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-12-09 17:55 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-12-09 17:55 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-12-09 17:55 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-12-09 17:55 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-12-09 17:53 . 2009-04-11 06:27 710144 ----a-w- c:\windows\system32\Magnify.exe
2010-12-09 17:52 . 2009-04-11 06:28 107520 ----a-w- c:\windows\system32\imapi.dll
2010-12-09 17:51 . 2009-04-11 06:28 615424 ----a-w- c:\windows\system32\themeui.dll
2010-12-09 17:50 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-12-09 17:50 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-12-09 17:50 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-12-09 17:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-12-09 17:50 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-12-09 17:50 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-12-09 17:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-12-09 17:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-12-09 17:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-12-09 17:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-12-09 17:49 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-12-09 17:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-09 17:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-09 17:44 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-09 17:44 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-09 17:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-09 17:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-09 17:44 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-09 17:44 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-09 17:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-09 17:43 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-12-09 17:43 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-12-09 17:43 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-09 17:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-09 17:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-09 17:43 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-09 17:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-09 17:41 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-09 17:41 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-09 17:41 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-09 17:37 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-12-09 17:34 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-09 17:34 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-09 17:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-09 17:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-09 17:34 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-09 17:34 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-09 17:34 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-09 17:34 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-09 17:34 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-09 17:28 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-12-09 17:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-12-09 02:09 . 2010-12-09 02:09 -------- d-----w- c:\users\YOU\AppData\Roaming\SUPERAntiSpyware.com
2010-12-09 02:09 . 2010-12-09 02:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-09 02:09 . 2010-12-18 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 01:47 . 2010-12-09 17:50 -------- d-----w- c:\users\YOU\{847ad0be-d96d-4dd0-ba4c-449da317103c}
2010-12-09 00:22 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-08 22:35 . 2010-12-08 22:35 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-08 22:35 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-08 22:35 . 2010-12-08 22:35 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 22:31 . 2010-12-08 22:31 -------- d-----w- c:\users\YOU\AppData\Local\Sunbelt Software
2010-12-08 22:30 . 2010-12-08 22:30 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-08 22:30 . 2010-12-08 22:35 -------- d-----w- c:\programdata\Lavasoft
2010-12-08 22:30 . 2010-12-08 22:30 -------- d-----w- c:\program files\Lavasoft
2010-12-08 22:19 . 2010-12-08 22:19 -------- d-----w- c:\users\YOU\AppData\Local\ElevatedDiagnostics
2010-12-08 21:28 . 2010-12-08 21:31 -------- d-----w- c:\program files\Microsoft ATS
2010-12-08 20:29 . 2010-12-08 20:29 -------- d-----w- C:\PerfLogs
2010-12-08 18:58 . 2010-12-08 18:58 -------- d-----w- c:\users\YOU\AppData\Local\WindowsUpdate
2010-12-07 23:50 . 2010-12-07 23:50 -------- d-----w- C:\382ff30160e3b05c5a
2010-12-07 02:51 . 2010-12-09 17:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-07 02:51 . 2010-12-07 02:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-07 02:35 . 2010-10-19 17:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-07 01:32 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-07 01:32 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-07 01:32 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-07 01:32 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-07 01:32 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 01:31 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:31 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-07 01:30 . 2010-12-07 01:30 -------- d-----w- c:\programdata\Alwil Software
2010-12-07 01:30 . 2010-12-07 01:30 -------- d-----w- c:\program files\Alwil Software
2010-12-06 22:59 . 2010-12-06 22:59 -------- d-----w- c:\users\YOU\AppData\Roaming\Malwarebytes
2010-12-06 22:59 . 2010-11-30 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 22:59 . 2010-12-06 22:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-06 22:59 . 2010-12-07 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 22:59 . 2010-11-30 18:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 20:42 . 2010-11-29 20:42 -------- d-----w- c:\programdata\HPSSUPPLY
2010-11-29 20:41 . 2010-11-29 20:41 -------- d-----w- c:\users\Guest\AppData\Roaming\HP
2010-11-26 22:23 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-11-26 22:23 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-11-26 22:23 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 19:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-08 19:48 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-21 22:36 . 2010-11-21 22:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-21 22:33 . 2010-11-21 22:33 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-21 22:33 . 2010-11-21 22:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-21 22:33 . 2010-11-21 22:33 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-21 22:33 . 2010-11-21 22:33 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-19 11:41 . 2010-11-19 11:41 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-19 11:41 . 2010-11-19 11:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-19 11:36 . 2010-11-19 11:36 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-19 11:36 . 2010-11-19 11:36 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-19 11:33 . 2010-11-19 11:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-19 11:33 . 2010-11-19 11:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-19 11:33 . 2010-11-19 11:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-19 11:33 . 2010-11-19 11:33 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-19 11:33 . 2010-11-19 11:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-19 11:33 . 2010-11-19 11:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-19 11:33 . 2010-11-19 11:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-19 11:33 . 2010-11-19 11:33 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-19 11:31 . 2010-11-19 11:31 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-19 11:31 . 2010-11-19 11:31 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-19 11:31 . 2010-11-19 11:31 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-19 11:31 . 2010-11-19 11:31 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-19 11:31 . 2010-11-19 11:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-19 11:31 . 2010-11-19 11:31 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-19 11:31 . 2010-11-19 11:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-19 11:30 . 2010-11-19 11:30 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-19 11:30 . 2010-11-19 11:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-19 11:29 . 2010-11-19 11:29 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-19 11:28 . 2010-11-19 11:28 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-19 11:27 . 2010-11-19 11:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-19 11:27 . 2010-11-19 11:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-19 11:27 . 2010-11-19 11:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-19 11:26 . 2010-11-19 11:26 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-19 11:26 . 2010-11-19 11:26 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-19 11:26 . 2010-11-19 11:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-19 11:26 . 2010-11-19 11:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-19 11:26 . 2010-11-19 11:26 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-19 11:22 . 2010-11-19 11:22 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-19 11:18 . 2010-11-19 11:18 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-19 11:17 . 2010-11-19 11:17 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-19 11:17 . 2010-11-19 11:17 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-19 11:17 . 2010-11-19 11:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-19 11:09 . 2010-11-19 11:09 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-19 11:07 . 2010-11-19 11:07 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-19 11:06 . 2010-11-19 11:06 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-19 11:06 . 2010-11-19 11:06 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-19 11:06 . 2010-11-19 11:06 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-19 11:06 . 2010-11-19 11:06 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-19 11:06 . 2010-11-19 11:06 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-19 11:06 . 2010-11-19 11:06 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-19 11:03 . 2010-11-19 11:03 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-11-19 11:03 . 2010-11-19 11:03 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-11-19 11:03 . 2010-11-19 11:03 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-11-19 11:03 . 2010-11-19 11:03 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-11-19 11:03 . 2010-11-19 11:03 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-11-19 11:03 . 2010-11-19 11:03 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-11-19 11:03 . 2010-11-19 11:03 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-11-19 11:03 . 2010-11-19 11:03 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-11-19 11:03 . 2010-11-19 11:03 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-11-19 11:03 . 2010-11-19 11:03 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-11-19 11:03 . 2010-11-19 11:03 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-11-19 11:03 . 2010-11-19 11:03 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-11-19 11:03 . 2010-11-19 11:03 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-11-19 11:03 . 2010-11-19 11:03 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-11-19 11:03 . 2010-11-19 11:03 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-11-19 11:03 . 2010-11-19 11:03 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-11-19 11:03 . 2010-11-19 11:03 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-11-19 11:03 . 2010-11-19 11:03 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-11-19 11:03 . 2010-11-19 11:03 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-11-19 11:03 . 2010-11-19 11:03 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-11-19 11:03 . 2010-11-19 11:03 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-11-19 11:03 . 2010-11-19 11:03 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-11-19 11:03 . 2010-11-19 11:03 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-11-19 11:03 . 2010-11-19 11:03 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-11-19 11:03 . 2010-11-19 11:03 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-11-19 11:03 . 2010-11-19 11:03 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-11-19 11:03 . 2010-11-19 11:03 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-11-19 11:03 . 2010-11-19 11:03 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-11-19 11:03 . 2010-11-19 11:03 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-11-19 11:03 . 2010-11-19 11:03 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-11-19 11:03 . 2010-11-19 11:03 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-11-19 11:03 . 2010-11-19 11:03 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-11-19 11:03 . 2010-11-19 11:03 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-11-19 11:03 . 2010-11-19 11:03 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-11-19 11:03 . 2010-11-19 11:03 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-11-19 11:03 . 2010-11-19 11:03 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-11-19 11:03 . 2010-11-19 11:03 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-11-19 11:03 . 2010-11-19 11:03 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-11-19 11:03 . 2010-11-19 11:03 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-11-19 11:03 . 2010-11-19 11:03 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-11-19 11:03 . 2010-11-19 11:03 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-11-19 11:03 . 2010-11-19 11:03 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2010-11-19 11:03 . 2010-11-19 11:03 2657280 ----a-w- c:\windows\system32\NlsData0011.dll
2010-11-19 11:03 . 2010-11-19 11:03 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-18 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chk_mt288b"="c:\program files\MT288B\chk_mt288b" [X]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-29 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:50]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:50]

2010-12-07 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-12-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cox.net/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 17:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\MT288B\chk_mt288b.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-23 17:16:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 00:16
ComboFix2.txt 2010-12-22 15:34

Pre-Run: 113,995,091,968 bytes free
Post-Run: 112,864,579,584 bytes free

- - End Of File - - CCDEECAC55FF062BC9F5E5F5979AA274


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5386

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

12/23/2010 5:25:51 PM
mbam-log-2010-12-23 (17-25-51).txt

Scan type: Quick scan
Objects scanned: 153347
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------------------------------------------


C:\Users\YOU\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5d96a4d2-723b2439 multiple threats

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:28 PM

Posted 23 December 2010 - 10:54 PM

Hi

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 23 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 23 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u23 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 24 December 2010 - 09:28 PM

Computer seems to be much better but a little slow (too many start up programs?), Still no sound since updating windows. Any further help/recommendations would be appreciated. Thank you so much for the assist. Happy Holidays!! Tina


DDS (Ver_10-12-12.02) - NTFSx86
Run by YOU at 19:20:12.31 on Fri 12/24/2010
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1982.837 [GMT -7:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MT288B\chk_mt288b.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\YOU\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://cox.net/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [chk_mt288b] c:\program files\mt288b\chk_mt288b
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-8 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-6 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-6 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-11-26 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-29 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

=============== Created Last 30 ================

2010-12-25 02:11:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 01:40:40 -------- d-----w- c:\users\you\appdata\local\Adobe
2010-12-25 01:37:29 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1ab50248-0c5a-4da7-aa62-6397c5b545f0}\mpengine.dll
2010-12-24 01:08:55 -------- d-----w- c:\program files\ESET
2010-12-24 00:15:00 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-22 15:24:28 98816 ----a-w- c:\windows\sed.exe
2010-12-22 15:24:28 89088 ----a-w- c:\windows\MBR.exe
2010-12-22 15:24:28 256512 ----a-w- c:\windows\PEV.exe
2010-12-22 15:24:28 161792 ----a-w- c:\windows\SWREG.exe
2010-12-21 22:30:01 -------- d-----w- c:\program files\Windows Portable Devices
2010-12-21 22:26:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-12-21 22:26:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-21 22:26:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-21 22:24:09 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-12-21 22:24:09 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-12-21 22:24:09 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-12-19 20:03:35 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-19 20:02:44 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\vi-VN
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\eu-ES
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\ca-ES
2010-12-17 22:33:08 -------- d-----w- c:\windows\system32\EventProviders
2010-12-17 21:51:00 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-17 21:49:40 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-17 21:31:55 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 01:08:08 -------- d-----w- c:\users\you\appdata\roaming\AOL
2010-12-15 01:07:10 -------- d-----w- c:\program files\common files\Nullsoft
2010-12-15 01:06:41 -------- d-----w- c:\progra~2\Viewpoint
2010-12-15 01:06:39 -------- d-----w- c:\program files\Viewpoint
2010-12-15 01:00:59 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-12-15 01:00:29 -------- d-----w- c:\program files\common files\AOL
2010-12-15 01:00:12 -------- d-----w- C:\TEMP
2010-12-13 00:22:23 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-13 00:14:58 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-13 00:14:58 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-13 00:14:58 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-13 00:14:58 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-13 00:14:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-13 00:12:30 -------- d-----w- c:\windows\CheckSur
2010-12-09 17:55:13 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-12-09 17:55:08 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-12-09 17:55:08 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-12-09 17:55:05 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-12-09 17:55:04 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-12-09 17:55:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-12-09 17:55:00 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-12-09 17:53:59 710144 ----a-w- c:\windows\system32\Magnify.exe
2010-12-09 17:52:56 107520 ----a-w- c:\windows\system32\imapi.dll
2010-12-09 17:51:59 615424 ----a-w- c:\windows\system32\themeui.dll
2010-12-09 17:50:33 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-12-09 17:50:33 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-12-09 17:50:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-12-09 17:50:33 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-12-09 17:50:33 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-12-09 17:50:33 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-12-09 17:50:33 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-12-09 17:50:26 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-12-09 17:50:15 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-12-09 17:50:15 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-12-09 17:49:40 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-12-09 17:45:18 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-12-09 17:45:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-09 17:44:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-09 17:44:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-09 17:44:44 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-09 17:44:44 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-09 17:44:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-09 17:44:23 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-09 17:43:33 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-09 17:43:29 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2010-12-09 17:43:26 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-12-09 17:43:17 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-09 17:43:13 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-09 17:43:13 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-09 17:43:07 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-09 17:43:02 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-09 17:41:40 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-09 17:41:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-09 17:41:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-09 17:37:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-12-09 17:34:59 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-09 17:34:59 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-09 17:34:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-09 17:34:56 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-09 17:34:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-09 17:34:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-09 17:34:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-09 17:34:51 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-09 17:34:51 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-09 17:28:51 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-12-09 17:28:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-12-09 02:09:34 -------- d-----w- c:\users\you\appdata\roaming\SUPERAntiSpyware.com
2010-12-09 02:09:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-09 02:09:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 01:47:54 -------- d-----w- c:\users\you\{847ad0be-d96d-4dd0-ba4c-449da317103c}
2010-12-09 00:22:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-08 22:35:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-08 22:35:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 22:31:14 -------- d-----w- c:\users\you\appdata\local\Sunbelt Software
2010-12-08 22:30:44 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-08 22:30:13 -------- d-----w- c:\program files\Lavasoft
2010-12-08 22:19:40 -------- d-----w- c:\users\you\appdata\local\ElevatedDiagnostics
2010-12-08 21:28:10 -------- d-----w- c:\program files\Microsoft ATS
2010-12-08 20:29:32 -------- d-----w- C:\PerfLogs
2010-12-08 18:58:43 -------- d-----w- c:\users\you\appdata\local\WindowsUpdate
2010-12-07 23:50:50 -------- d-----w- C:\382ff30160e3b05c5a
2010-12-07 02:51:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-07 02:51:31 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-07 02:35:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-07 02:35:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-07 01:32:13 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 01:31:17 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:30:51 -------- d-----w- c:\progra~2\Alwil Software
2010-12-06 22:59:46 -------- d-----w- c:\users\you\appdata\roaming\Malwarebytes
2010-12-06 22:59:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 22:59:41 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-06 22:59:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 22:59:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 22:23:22 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\default\MpEngine.dll
2010-11-26 22:23:11 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-11-26 22:23:07 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-11-26 22:23:05 175104 ----a-w- c:\windows\system32\winrscmd.dll
2010-11-26 22:23:00 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
2010-11-26 22:21:59 215096 ----a-w- c:\program files\windows defender\MsMpCom.dll
2010-11-26 22:20:59 69120 ----a-w- c:\windows\system32\vsstrace.dll
2010-11-26 22:19:59 135680 ----a-w- c:\windows\system32\wbem\wmipdskq.dll
2010-11-26 22:18:59 64512 ----a-w- c:\windows\system32\findnetprinters.dll
2010-11-26 22:17:59 9216 ----a-w- c:\windows\system32\wship6.dll
2010-11-26 22:16:59 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-26 22:14:43 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-11-26 22:14:42 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-11-26 22:14:24 129536 ----a-w- c:\windows\system32\sqmapi.dll
2010-11-26 22:14:23 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2010-11-26 22:13:16 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-11-26 22:13:16 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-11-26 22:13:16 258560 ----a-w- c:\windows\system32\dpx.dll

==================== Find3M ====================

2010-12-08 19:48:42 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-08 19:48:41 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-21 22:36:18 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-21 22:33:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-21 22:33:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-19 11:41:02 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-19 11:41:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-19 11:36:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-19 11:36:27 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-19 11:33:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-19 11:33:50 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-19 11:33:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-19 11:33:50 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-19 11:33:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-19 11:33:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-19 11:33:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-19 11:33:49 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-19 11:31:15 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-19 11:31:14 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-19 11:31:14 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-19 11:31:13 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-19 11:31:13 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-19 11:31:13 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-19 11:31:10 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-19 11:30:01 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-19 11:30:00 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-19 11:29:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-19 11:28:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-19 11:26:37 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-19 11:26:37 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-19 11:26:36 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-19 11:26:36 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-19 11:26:36 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-19 11:22:24 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-19 11:18:09 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-19 11:17:14 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-19 11:17:14 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-19 11:17:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-19 11:09:06 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-19 11:07:32 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-19 11:06:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-19 11:06:41 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-19 11:06:40 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-19 11:06:40 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-19 11:06:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-19 10:59:50 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-11-19 10:57:29 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-19 10:57:29 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-19 10:55:58 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-19 10:53:33 98304 ----a-w- c:\windows\system32\cabview.dll
2010-11-19 10:52:52 37888 ----a-w- c:\windows\system32\printcom.dll
2010-11-19 10:50:30 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-19 10:49:37 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-19 10:49:37 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-19 10:49:37 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-19 10:49:35 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-19 10:49:34 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-19 10:49:34 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-19 10:05:44 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-19 10:05:33 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-19 10:05:21 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-19 10:04:38 243712 ----a-w- c:\windows\system32\rastls.dll
2010-11-19 10:04:25 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-19 10:03:21 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-11-19 10:03:21 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-19 10:03:21 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-19 10:03:21 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-19 10:03:21 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-19 10:03:21 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-19 10:03:20 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-19 10:03:20 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-19 10:03:20 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-11-19 10:03:19 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-19 10:02:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-18 21:07:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-18 21:06:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-18 21:05:56 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-18 21:05:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 19:21:13.87 ===============

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:28 PM

Posted 24 December 2010 - 09:39 PM

Try the following steps for the audio

Set the "startup type" for Plug and Play to Automatic.
To do so, follow these steps:
  • Click WinKey + R to open a run box, type services.msc into the open run box and then click OK.
  • Double-click Plug and Play.
    If you receive a Configuration Manager message, click OK.
  • In the "Startup Type" list, click Automatic, and then click OK.
  • Close Services.
  • Restart the computer.


NEXT

Go into device manager

  • Click WinKey + R to open a run box, type devmgmt.msc into the open run box and then click OK.
  • expand the sound, video and game controllers tree
  • see if there are any warning triangles beside any of the devices.
  • update the drivers if there are any warnings


NEXT

open the sound control panel
  • Press the WinKey + R to open a run box, type control mmsys.cpl sounds into the open run box and then click OK
  • make sure the mute box is unchecked

let me know how you make out with that.

Edited by CatByte, 26 December 2010 - 10:03 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 LLAMAMAMA

LLAMAMAMA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 26 December 2010 - 09:31 PM

As for audio, all settings were good, no warnings in device manager but still no sound. Sound is working perfectly, now that I've plugged in the speakers(duh).

Thinking we were finished cleaning but before signing off on this topic, I ran full scans with the programs I have installed. Avast, Malwarebytes, and Spybot S&D ssshowed clean. SuperAntiSpyware showed six tracking cookies. AdAware found four tracking cookies and one malware (Trojan.Win32.Generic/BT). I quarantined everything and ran a new DDS scan. What do you think?


DDS (Ver_10-12-12.02) - NTFSx86
Run by YOU at 18:56:00.95 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1982.934 [GMT -7:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MT288B\chk_mt288b.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\YOU\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://cox.net/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [chk_mt288b] c:\program files\mt288b\chk_mt288b
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-8 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-6 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-6 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-11-26 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-29 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-25 02:11:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 01:37:29 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1ab50248-0c5a-4da7-aa62-6397c5b545f0}\mpengine.dll
2010-12-24 01:08:55 -------- d-----w- c:\program files\ESET
2010-12-24 00:15:00 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-22 15:24:28 98816 ----a-w- c:\windows\sed.exe
2010-12-22 15:24:28 89088 ----a-w- c:\windows\MBR.exe
2010-12-22 15:24:28 256512 ----a-w- c:\windows\PEV.exe
2010-12-22 15:24:28 161792 ----a-w- c:\windows\SWREG.exe
2010-12-21 22:30:01 -------- d-----w- c:\program files\Windows Portable Devices
2010-12-21 22:26:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-12-21 22:26:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-21 22:26:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-21 22:24:09 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-12-21 22:24:09 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-12-21 22:24:09 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-12-19 20:03:35 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-19 20:02:44 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\vi-VN
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\eu-ES
2010-12-17 22:49:52 -------- d-----w- c:\windows\system32\ca-ES
2010-12-17 22:33:08 -------- d-----w- c:\windows\system32\EventProviders
2010-12-17 21:51:00 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-17 21:49:40 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-17 21:31:55 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 01:08:08 -------- d-----w- c:\users\you\appdata\roaming\AOL
2010-12-15 01:07:10 -------- d-----w- c:\program files\common files\Nullsoft
2010-12-15 01:06:41 -------- d-----w- c:\progra~2\Viewpoint
2010-12-15 01:06:39 -------- d-----w- c:\program files\Viewpoint
2010-12-15 01:00:59 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-12-15 01:00:29 -------- d-----w- c:\program files\common files\AOL
2010-12-15 01:00:12 -------- d-----w- C:\TEMP
2010-12-13 00:22:23 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-13 00:14:58 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-13 00:14:58 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-13 00:14:58 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-13 00:14:58 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-13 00:14:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-13 00:12:30 -------- d-----w- c:\windows\CheckSur
2010-12-09 17:55:13 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-12-09 17:55:08 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-12-09 17:55:08 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-12-09 17:55:05 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-12-09 17:55:04 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-12-09 17:55:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-12-09 17:55:00 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-12-09 17:53:59 710144 ----a-w- c:\windows\system32\Magnify.exe
2010-12-09 17:52:56 107520 ----a-w- c:\windows\system32\imapi.dll
2010-12-09 17:51:59 615424 ----a-w- c:\windows\system32\themeui.dll
2010-12-09 17:50:33 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-12-09 17:50:33 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-12-09 17:50:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-12-09 17:50:33 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-12-09 17:50:33 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-12-09 17:50:33 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-12-09 17:50:33 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-12-09 17:50:26 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-12-09 17:50:15 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-12-09 17:50:15 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-12-09 17:49:40 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-12-09 17:45:18 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-12-09 17:45:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-09 17:44:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-09 17:44:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-09 17:44:44 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-09 17:44:44 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-09 17:44:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-09 17:44:23 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-09 17:43:33 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-09 17:43:29 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2010-12-09 17:43:26 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-12-09 17:43:17 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-09 17:43:13 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-09 17:43:13 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-09 17:43:07 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-09 17:43:02 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-09 17:41:40 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-09 17:41:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-09 17:41:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-09 17:37:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-12-09 17:34:59 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-09 17:34:59 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-09 17:34:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-09 17:34:56 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-09 17:34:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-09 17:34:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-09 17:34:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-09 17:34:51 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-09 17:34:51 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-09 17:28:51 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-12-09 17:28:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-12-09 02:09:34 -------- d-----w- c:\users\you\appdata\roaming\SUPERAntiSpyware.com
2010-12-09 02:09:34 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-09 02:09:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 01:47:54 -------- d-----w- c:\users\you\{847ad0be-d96d-4dd0-ba4c-449da317103c}
2010-12-09 00:22:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-08 22:35:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-08 22:35:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 22:31:14 -------- d-----w- c:\users\you\appdata\local\Sunbelt Software
2010-12-08 22:30:44 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-08 22:30:13 -------- d-----w- c:\program files\Lavasoft
2010-12-08 22:19:40 -------- d-----w- c:\users\you\appdata\local\ElevatedDiagnostics
2010-12-08 21:28:10 -------- d-----w- c:\program files\Microsoft ATS
2010-12-08 20:29:32 -------- d-----w- C:\PerfLogs
2010-12-08 18:58:43 -------- d-----w- c:\users\you\appdata\local\WindowsUpdate
2010-12-07 23:50:50 -------- d-----w- C:\382ff30160e3b05c5a
2010-12-07 02:51:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-07 02:51:31 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-07 02:35:57 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-07 02:35:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-07 01:32:13 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-07 01:31:17 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 01:30:51 -------- d-----w- c:\progra~2\Alwil Software
2010-12-06 22:59:46 -------- d-----w- c:\users\you\appdata\roaming\Malwarebytes
2010-12-06 22:59:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 22:59:41 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-06 22:59:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 22:59:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-12-08 19:48:42 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-08 19:48:41 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-21 22:36:18 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-21 22:33:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-21 22:33:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-19 11:41:02 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-19 11:41:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-19 11:36:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-19 11:36:27 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-19 11:33:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-19 11:33:50 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-19 11:33:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-19 11:33:50 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-19 11:33:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-19 11:33:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-19 11:33:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-19 11:33:49 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-19 11:31:15 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-19 11:31:14 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-19 11:31:14 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-19 11:31:13 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-19 11:31:13 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-19 11:31:13 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-19 11:31:10 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-19 11:30:01 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-19 11:30:00 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-19 11:29:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-19 11:28:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-19 11:26:37 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-19 11:26:37 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-19 11:26:36 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-19 11:26:36 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-19 11:26:36 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-19 11:22:24 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-19 11:18:09 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-19 11:17:14 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-19 11:17:14 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-19 11:17:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-19 11:09:06 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-19 11:07:32 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-19 11:06:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-19 11:06:41 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-19 11:06:40 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-19 11:06:40 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-19 11:06:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-19 10:59:50 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-11-19 10:57:29 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-19 10:57:29 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-19 10:55:58 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-19 10:53:33 98304 ----a-w- c:\windows\system32\cabview.dll
2010-11-19 10:52:52 37888 ----a-w- c:\windows\system32\printcom.dll
2010-11-19 10:50:30 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-19 10:49:37 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-19 10:49:37 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-19 10:49:37 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-19 10:49:35 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-19 10:49:34 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-19 10:49:34 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-19 10:05:44 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-19 10:05:33 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-19 10:05:21 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-19 10:04:38 243712 ----a-w- c:\windows\system32\rastls.dll
2010-11-19 10:04:25 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-19 10:03:21 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-11-19 10:03:21 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-19 10:03:21 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-19 10:03:21 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-19 10:03:21 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-19 10:03:21 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-19 10:03:20 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-19 10:03:20 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-19 10:03:20 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-11-19 10:03:19 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-19 10:02:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-18 21:07:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-18 21:06:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-18 21:05:56 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-18 21:05:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 18:56:44.33 ===============

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:28 PM

Posted 26 December 2010 - 10:15 PM

Hi

the log appears to be clean

the tracking cookies are nothing to be concerned about, every time you go n the internet, you will get them.

What is the path of the file found by adaware?

It is likely something already in quarantine or an old restore point

how is the computer running?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users