Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by some programs being disabled and/or deleted..multiple Administrators on PC


  • This topic is locked This topic is locked
11 replies to this topic

#1 MrGrinch75

MrGrinch75

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 28 June 2011 - 07:07 PM

some programs get disabled and some are deleted for no apparent reason. Recently I started looking around my PC and found that there is a administrator which should be myself and there is also a compaq_owner. Also I came across some more fishy things like there were a few different administrators active on my PC. My printer was uninstalled and I tried re-installing it 3 times and finally got it to load right. Other problems I have noticed is when I tried opening windows defender it said I did not have admin rights to it. From there I rebooted to see how many profiles are on my pc. On start up it shows administrator and my other account so then I opened up and searched the C drive but when I explored all users in C drive; documents and settings, it shows that I have 3 different administrators and 3 other users. Thank you for any help you may have.

DDS LOG...

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 11:59:06 on 2011-06-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.40 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxdrcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 4900 Series\lxdrMsdMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Page =
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [lxdrmon.exe] "c:\program files\lexmark 4900 series\lxdrmon.exe"
mRun: [lxdramon] "c:\program files\lexmark 4900 series\lxdramon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{46EE7460-7D85-4133-B7ED-41911628CD2E} : NameServer = 4.2.2.2,206.13.30.12
TCP: Interfaces\{8A4B3BD8-3DD6-444C-8D27-82114C57C8CD} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-17 810616]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-13 353168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-13 821080]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-14 1174152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-23 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110625.050\IDSXpx86.sys [2011-6-27 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110628.002\NAVENG.SYS [2011-6-28 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110628.002\NAVEX15.SYS [2011-6-28 1542392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2005-6-7 91520]
S2 SessionLauncher;SessionLauncher;c:\docume~1\compaq~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\compaq~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\compaq~1\locals~1\temp\ewdmaudn.sys --> c:\docume~1\compaq~1\locals~1\temp\ewdmaudn.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 38224]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-8-29 13184]
S3 TFilter;TFilter;\??\c:\progra~1\avanqu~1\system~1\tfilter.sys --> c:\progra~1\avanqu~1\system~1\TFilter.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\pcpitstopscheduleservice.exe --> c:\program files\pcpitstop\PCPitstopScheduleService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-27 02:27:59 -------- d-----w- c:\documents and settings\compaq_owner\application data\SUPERAntiSpyware.com
2011-06-27 02:27:59 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-27 02:27:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-26 23:50:47 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2011-06-26 23:50:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-26 23:50:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-26 23:50:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 23:50:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 13:26:25 -------- d-----w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-25 01:29:05 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{8fe4a590-9336-48cd-be9f-8a1ead6f2eee}\mpengine.dll
2011-06-24 20:24:33 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-24 20:24:27 -------- d-----w- c:\program files\Coupons
2011-06-15 18:19:45 40960 ----a-w- c:\windows\system32\lxdrvs.dll
2011-06-15 18:19:33 409600 ----a-w- c:\windows\system32\lxdrcoin.dll
2011-06-15 18:19:33 155648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdrdrpp.dll
2011-06-15 18:18:35 81920 ----a-w- c:\windows\system32\lxdrcaps.dll
2011-06-15 18:18:35 69632 ----a-w- c:\windows\system32\lxdrcnv4.dll
2011-06-15 18:18:35 1036288 ----a-w- c:\windows\system32\lxdrdrs.dll
2011-06-15 18:17:31 -------- d-----w- c:\program files\Lexmark Toolbar
2011-06-15 18:17:18 -------- d-----w- c:\program files\Lexmark Printable Web
2011-06-15 18:17:14 352256 ----a-w- c:\windows\system32\LXDRwupd.dll
2011-06-15 18:17:14 12288 ----a-w- c:\windows\system32\LXDRwupd.exe
2011-06-15 18:15:41 -------- d-----w- c:\program files\Lexmark 4900 Series
2011-06-15 07:10:37 -------- d-----w- c:\documents and settings\compaq_owner\application data\Windows Search
2011-06-15 07:05:44 -------- d-----w- c:\documents and settings\compaq_owner\application data\Windows Desktop Search
2011-06-15 07:04:45 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-15 04:15:02 -------- d-----w- c:\documents and settings\compaq_owner\AppData
2011-06-15 04:12:44 -------- d-----w- c:\program files\LSI SoftModem
2011-06-15 04:10:44 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-14 06:16:11 -------- d-----w- c:\windows\system32\winrm
2011-06-14 06:16:11 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-14 06:15:57 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-14 02:48:21 388096 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-14 02:48:19 -------- d-----w- c:\program files\HighJackThis
2011-06-13 23:09:07 -------- d-----w- c:\documents and settings\compaq_owner\application data\Registry Mechanic
2011-06-13 13:31:52 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\NPE
2011-06-12 06:54:09 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-06-12 06:54:02 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-06-12 06:54:00 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-06-12 06:53:55 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-06-12 06:53:50 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-06-12 06:53:39 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-06-12 06:53:31 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-06-12 06:53:28 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-06-12 06:53:20 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-06-12 06:53:18 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-06-12 06:52:43 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-06-12 06:52:35 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-06-12 06:52:30 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-06-12 06:52:10 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-06-12 06:50:59 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-06-12 06:50:54 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-06-12 06:50:48 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-06-12 06:50:44 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-06-12 06:50:38 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-06-12 06:50:25 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-06-12 06:50:19 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-06-12 06:50:14 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-06-12 06:50:10 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-06-12 06:50:03 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-06-12 06:50:00 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-06-12 06:48:58 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-06-12 06:48:54 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-06-12 06:48:50 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-06-12 06:48:44 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-06-12 06:48:23 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-06-12 06:48:19 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-06-12 06:48:15 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-06-12 06:48:11 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-06-12 06:48:06 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-06-12 06:48:02 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-06-12 06:47:56 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-06-12 06:47:52 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-06-12 06:47:50 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-06-12 06:47:47 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-06-12 06:47:35 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-06-12 06:47:30 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-06-12 06:47:27 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-06-12 06:47:23 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-06-12 06:47:16 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-06-12 06:47:08 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-06-12 06:47:04 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-06-12 06:47:02 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-06-12 06:46:53 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-06-12 06:46:50 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-06-12 06:46:42 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-06-12 06:46:35 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-06-12 06:46:32 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-06-12 06:46:28 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-06-12 06:46:15 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-06-12 06:46:11 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-06-12 06:46:08 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-06-12 06:46:04 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-06-12 06:46:00 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-06-12 06:45:56 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-06-12 06:45:53 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-06-12 06:45:49 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-06-12 06:45:46 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-06-12 06:45:42 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-06-12 06:45:38 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-06-12 06:45:32 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-06-12 06:45:28 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-06-12 06:45:24 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-06-12 06:45:19 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-06-12 06:45:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-06-12 06:45:06 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-06-12 06:44:56 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-06-12 06:44:49 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-06-12 06:44:46 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-06-12 06:44:42 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-06-12 06:44:37 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-06-12 06:44:34 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-06-12 06:44:30 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-06-12 06:44:27 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-06-12 06:44:23 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-06-12 06:44:22 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-06-12 06:44:21 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2011-06-12 06:44:17 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-06-12 06:43:56 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-06-12 06:43:51 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-06-12 06:43:47 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-06-12 06:43:43 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-06-12 06:43:40 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-06-12 06:43:36 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-06-12 06:43:34 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-06-12 06:43:29 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-06-12 06:43:24 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-06-12 06:43:21 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-06-12 06:43:17 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-06-12 06:43:05 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-06-12 06:42:53 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-06-12 06:42:49 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-06-12 06:42:45 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-06-12 06:42:41 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-06-12 06:42:37 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-06-12 06:42:29 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-06-12 06:42:22 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-06-12 06:42:18 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-06-12 06:42:14 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-06-12 06:41:54 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-06-12 06:40:24 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-06-12 06:40:20 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-06-12 06:40:17 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-06-12 06:40:13 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-06-12 06:40:10 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-06-12 06:40:03 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-06-12 06:38:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-06-12 06:37:46 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-06-12 06:37:40 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-06-12 06:37:37 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-06-12 06:37:32 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-06-12 06:37:29 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-06-12 06:37:21 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-06-12 06:37:18 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2011-06-12 06:37:14 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2011-06-12 06:37:11 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-06-12 06:37:08 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2011-06-12 06:37:07 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-06-12 06:35:59 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2011-06-12 06:34:56 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-06-12 06:34:53 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-06-12 06:34:50 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-06-12 06:34:47 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-06-12 06:34:44 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-06-12 06:34:41 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-06-12 06:34:38 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-06-12 06:34:34 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-06-12 06:34:31 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-06-12 06:34:28 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-06-12 06:34:25 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-06-12 06:34:21 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-06-12 06:33:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-06-12 06:33:53 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-06-12 06:33:39 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-06-12 06:33:34 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-06-12 06:33:31 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-06-12 06:33:30 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-06-12 06:33:23 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-06-12 06:33:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-06-12 06:33:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-06-12 06:33:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-06-12 06:33:03 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-06-12 06:31:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-06-12 06:31:40 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-06-12 06:31:19 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-06-12 06:31:12 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-06-12 06:31:11 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-06-12 06:30:40 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-06-12 06:30:36 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-06-12 06:30:35 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-12 06:30:23 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-06-12 06:30:19 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-06-12 06:30:00 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-06-12 06:29:51 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-06-12 06:29:48 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-06-12 06:29:46 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-06-12 06:29:43 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-06-12 06:29:38 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-06-12 06:29:34 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-06-12 06:29:28 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2011-06-12 06:29:23 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2011-06-12 06:29:20 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2011-06-12 06:29:16 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2011-06-12 06:29:13 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2011-06-12 06:29:12 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2011-06-12 06:27:59 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-06-12 06:27:42 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-06-12 06:27:39 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-06-12 06:27:10 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-06-12 06:27:08 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-06-12 06:27:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-06-12 06:27:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-06-12 06:25:48 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-06-12 06:24:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-06-12 06:23:57 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2011-06-12 06:22:57 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-06-12 06:21:55 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-06-12 06:20:59 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2011-06-12 06:19:59 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-06-12 06:18:59 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2011-06-12 06:17:56 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-06-12 06:16:20 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-06-12 06:15:57 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2011-06-12 06:14:59 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2011-06-12 06:13:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-12 01:30:09 -------- d-----w- c:\documents and settings\compaq_owner\application data\Application Updater
2011-05-31 13:35:43 -------- d-----w- c:\documents and settings\all users\application data\Lexmark 4900 Series
.
==================== Find3M ====================
.
2011-06-15 14:56:04 3649 -c--a-w- c:\windows\viassary-hp.reg
2011-05-25 02:14:10 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-05-02 22:09:47 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-02 22:09:47 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 06:05:55 363080 -c--a-w- c:\program files\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 14:37:18 48128 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2011-03-31 03:00:09 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-03-31 03:00:09 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
.
============= FINISH: 12:00:24.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:31 PM

Posted 06 July 2011 - 08:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 06 July 2011 - 08:50 PM

hello there and thank you for all of your help and hope we can figure this out. Here is the results you asked for.

DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 12:50:11 on 2011-07-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.68 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdrcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files\Lexmark 4900 Series\lxdrMsdMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Page =
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [lxdrmon.exe] "c:\program files\lexmark 4900 series\lxdrmon.exe"
mRun: [lxdramon] "c:\program files\lexmark 4900 series\lxdramon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: Interfaces\{46EE7460-7D85-4133-B7ED-41911628CD2E} : NameServer = 4.2.2.2,206.13.30.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-7-5 810616]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-13 353168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-13 821080]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-14 1174152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-23 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110704.050\IDSXpx86.sys [2011-7-4 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110706.003\NAVENG.SYS [2011-7-6 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110706.003\NAVEX15.SYS [2011-7-6 1542392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2005-6-7 91520]
S2 SessionLauncher;SessionLauncher;c:\docume~1\compaq~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\compaq~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\compaq~1\locals~1\temp\ewdmaudn.sys --> c:\docume~1\compaq~1\locals~1\temp\ewdmaudn.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 38224]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-8-29 13184]
S3 TFilter;TFilter;\??\c:\progra~1\avanqu~1\system~1\tfilter.sys --> c:\progra~1\avanqu~1\system~1\TFilter.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\pcpitstopscheduleservice.exe --> c:\program files\pcpitstop\PCPitstopScheduleService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-27 02:27:59 -------- d-----w- c:\documents and settings\compaq_owner\application data\SUPERAntiSpyware.com
2011-06-27 02:27:59 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-27 02:27:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-26 23:50:47 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes
2011-06-26 23:50:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-26 23:50:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-26 23:50:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 23:50:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 13:26:25 -------- d-----w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-25 01:29:05 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{8fe4a590-9336-48cd-be9f-8a1ead6f2eee}\mpengine.dll
2011-06-24 20:24:33 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-24 20:24:27 -------- d-----w- c:\program files\Coupons
2011-06-15 18:19:45 40960 ----a-w- c:\windows\system32\lxdrvs.dll
2011-06-15 18:19:33 409600 ----a-w- c:\windows\system32\lxdrcoin.dll
2011-06-15 18:19:33 155648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdrdrpp.dll
2011-06-15 18:18:35 81920 ----a-w- c:\windows\system32\lxdrcaps.dll
2011-06-15 18:18:35 69632 ----a-w- c:\windows\system32\lxdrcnv4.dll
2011-06-15 18:18:35 1036288 ----a-w- c:\windows\system32\lxdrdrs.dll
2011-06-15 18:17:31 -------- d-----w- c:\program files\Lexmark Toolbar
2011-06-15 18:17:18 -------- d-----w- c:\program files\Lexmark Printable Web
2011-06-15 18:17:14 352256 ----a-w- c:\windows\system32\LXDRwupd.dll
2011-06-15 18:17:14 12288 ----a-w- c:\windows\system32\LXDRwupd.exe
2011-06-15 18:15:41 -------- d-----w- c:\program files\Lexmark 4900 Series
2011-06-15 07:10:37 -------- d-----w- c:\documents and settings\compaq_owner\application data\Windows Search
2011-06-15 07:05:44 -------- d-----w- c:\documents and settings\compaq_owner\application data\Windows Desktop Search
2011-06-15 07:04:45 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-15 04:15:02 -------- d-----w- c:\documents and settings\compaq_owner\AppData
2011-06-15 04:12:44 -------- d-----w- c:\program files\LSI SoftModem
2011-06-15 04:10:44 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-14 06:16:11 -------- d-----w- c:\windows\system32\winrm
2011-06-14 06:16:11 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-14 06:15:57 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-14 02:48:21 388096 ----a-r- c:\documents and settings\compaq_owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-14 02:48:19 -------- d-----w- c:\program files\HighJackThis
2011-06-13 23:09:07 -------- d-----w- c:\documents and settings\compaq_owner\application data\Registry Mechanic
2011-06-13 13:31:52 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\NPE
2011-06-12 06:54:09 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-06-12 06:54:02 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-06-12 06:54:00 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-06-12 06:53:55 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-06-12 06:53:50 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-06-12 06:53:39 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-06-12 06:53:31 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-06-12 06:53:28 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-06-12 06:53:20 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-06-12 06:53:18 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-06-12 06:52:43 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-06-12 06:52:35 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-06-12 06:52:30 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-06-12 06:52:10 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-06-12 06:50:59 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-06-12 06:50:54 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-06-12 06:50:48 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-06-12 06:50:44 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-06-12 06:50:38 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-06-12 06:50:25 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-06-12 06:50:19 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-06-12 06:50:14 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-06-12 06:50:10 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-06-12 06:50:03 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-06-12 06:50:00 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-06-12 06:48:58 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-06-12 06:48:54 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-06-12 06:48:50 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-06-12 06:48:44 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-06-12 06:48:23 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-06-12 06:48:19 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-06-12 06:48:15 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-06-12 06:48:11 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-06-12 06:48:06 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-06-12 06:48:02 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-06-12 06:47:56 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-06-12 06:47:52 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-06-12 06:47:50 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-06-12 06:47:47 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-06-12 06:47:35 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-06-12 06:47:30 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-06-12 06:47:27 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-06-12 06:47:23 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-06-12 06:47:16 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-06-12 06:47:08 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-06-12 06:47:04 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-06-12 06:47:02 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-06-12 06:46:53 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-06-12 06:46:50 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-06-12 06:46:42 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-06-12 06:46:35 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-06-12 06:46:32 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-06-12 06:46:28 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-06-12 06:46:15 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-06-12 06:46:11 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-06-12 06:46:08 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-06-12 06:46:04 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-06-12 06:46:00 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-06-12 06:45:56 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-06-12 06:45:53 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-06-12 06:45:49 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-06-12 06:45:46 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-06-12 06:45:42 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-06-12 06:45:38 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-06-12 06:45:32 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-06-12 06:45:28 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-06-12 06:45:24 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-06-12 06:45:19 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-06-12 06:45:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-06-12 06:45:06 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-06-12 06:44:56 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-06-12 06:44:49 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-06-12 06:44:46 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-06-12 06:44:42 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-06-12 06:44:37 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-06-12 06:44:34 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-06-12 06:44:30 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-06-12 06:44:27 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-06-12 06:44:23 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-06-12 06:44:22 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-06-12 06:44:21 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2011-06-12 06:44:17 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-06-12 06:43:56 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-06-12 06:43:51 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-06-12 06:43:47 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-06-12 06:43:43 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-06-12 06:43:40 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-06-12 06:43:36 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-06-12 06:43:34 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-06-12 06:43:29 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-06-12 06:43:24 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-06-12 06:43:21 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-06-12 06:43:17 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-06-12 06:43:05 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-06-12 06:42:53 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-06-12 06:42:49 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-06-12 06:42:45 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-06-12 06:42:41 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-06-12 06:42:37 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-06-12 06:42:29 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-06-12 06:42:22 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-06-12 06:42:18 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-06-12 06:42:14 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-06-12 06:41:54 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-06-12 06:40:24 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-06-12 06:40:20 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-06-12 06:40:17 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-06-12 06:40:13 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-06-12 06:40:10 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-06-12 06:40:03 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-06-12 06:38:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-06-12 06:37:46 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-06-12 06:37:40 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-06-12 06:37:37 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-06-12 06:37:32 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-06-12 06:37:29 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-06-12 06:37:21 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-06-12 06:37:18 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2011-06-12 06:37:14 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2011-06-12 06:37:11 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-06-12 06:37:08 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2011-06-12 06:37:07 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-06-12 06:35:59 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2011-06-12 06:34:56 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-06-12 06:34:53 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-06-12 06:34:50 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-06-12 06:34:47 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-06-12 06:34:44 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-06-12 06:34:41 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-06-12 06:34:38 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-06-12 06:34:34 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-06-12 06:34:31 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-06-12 06:34:28 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-06-12 06:34:25 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-06-12 06:34:21 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-06-12 06:33:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-06-12 06:33:53 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-06-12 06:33:39 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-06-12 06:33:34 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-06-12 06:33:31 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-06-12 06:33:30 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-06-12 06:33:23 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-06-12 06:33:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-06-12 06:33:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-06-12 06:33:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-06-12 06:33:03 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-06-12 06:31:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-06-12 06:31:40 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-06-12 06:31:19 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-06-12 06:31:12 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-06-12 06:31:11 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-06-12 06:30:40 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-06-12 06:30:36 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-06-12 06:30:35 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-12 06:30:23 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-06-12 06:30:19 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-06-12 06:30:00 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-06-12 06:29:51 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-06-12 06:29:48 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-06-12 06:29:46 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-06-12 06:29:43 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-06-12 06:29:38 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-06-12 06:29:34 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-06-12 06:29:28 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2011-06-12 06:29:23 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2011-06-12 06:29:20 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2011-06-12 06:29:16 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2011-06-12 06:29:13 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2011-06-12 06:29:12 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2011-06-12 06:27:59 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-06-12 06:27:42 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-06-12 06:27:39 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-06-12 06:27:10 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-06-12 06:27:08 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-06-12 06:27:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-06-12 06:27:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-06-12 06:25:48 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-06-12 06:24:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-06-12 06:23:57 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2011-06-12 06:22:57 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-06-12 06:21:55 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-06-12 06:20:59 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2011-06-12 06:19:59 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-06-12 06:18:59 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2011-06-12 06:17:56 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-06-12 06:16:20 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-06-12 06:15:57 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2011-06-12 06:14:59 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2011-06-12 06:13:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-12 01:30:09 -------- d-----w- c:\documents and settings\compaq_owner\application data\Application Updater
.
==================== Find3M ====================
.
2011-06-15 14:56:04 3649 -c--a-w- c:\windows\viassary-hp.reg
2011-05-25 02:14:10 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-05-02 22:09:47 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-02 22:09:47 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 06:05:55 363080 -c--a-w- c:\program files\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 12:51:10.12 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 08 July 2011 - 03:16 AM

Hello, I do not think this is malware related; can you listed all profiles you see?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 July 2011 - 09:11 PM

Hello and thank you for your response. Here is the story on my PC. When I turn my PC on it only shows one Administrator and one guest log-on. But when I open the C drive and explore all users it shows Administrator, Administrator.TDUNKS, Administrator.TDUNKS.000, All Users, Compaq_Owner, Default User, Application Data, LocalService, NetworkService and Owner. What ever is going on is not right and some files and folders I try and open wont let me saying access is denied. Another thing going on is any and most files I open contain a folder called "Desktop.ini". Not sure if that is normal or not. Hope I am not confusing you on this situation but I am for sure confused. Just came across another suspicious file and I will add it as an attachment if you can see what you think of it?

#6 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 08 July 2011 - 09:13 PM

Here is the file I mentioned.....

Attached Files



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 09 July 2011 - 03:27 AM

That file is perfectly legit and related to the installation of some windows updates.

The Users are also normal: you will see double folders for the active account (one is the normal profile folder, and the other is the "active" folder in which changes will be autosaved). Many of these folders and subfolders have System permissions only; this is to prevent unauthorized access and is actually a good thing; it is used to protect important data. It is not recommended to change this.

Administrator, Administrator.TDUNKS, Administrator.TDUNKS.000

This looks like the Administrator profile has been corrupt in the past and had to be recovered. When that happens, Windows will rename the profile as <original profile name>.<computer name>. I assume TDUNKS is the computer name. The 000 extensions gives an indication that this happened during a disk check.

Compaq_Owner, Default User, Application Data, LocalService, NetworkService and Owner.

All these are standard on Compaq computers: Compaq_Owner and Owner are specific for Compaq, and LocalService, NetworkService and Default user are seen on every windows isntallation and necessary for the correct functioning of Windows.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 09 July 2011 - 07:17 PM

hello and once again thank you for your time and help. Ok I do understand what you are saying and makes sense but for what other reason I dont know, My PC has been acting very suspicious but could be from past corruptions. If I use my recovery disc, will that wipe away everything and in sense make my PC like new?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 10 July 2011 - 01:59 AM

What other suspicious behavior do you notice?

What type of Recovery disk do you have? Usually it should indeed wipe everything, but it depends a bit on which disk you are using.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 16 July 2011 - 08:15 PM

Hello and sorry I haven't responded for a while. Well I did reformat my PC and used the Recovery disk after all. So far it seems to be a fine running machine once again. Thank you to you and your entire team for all of the support you gave me. For sure I will recommend your web site to all of my friends!!!

Thank You Again,

MrGrinch75

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 17 July 2011 - 07:59 AM

I am glad to hear things are running okay now. :)

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 24 July 2011 - 04:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users