Jump to content

Brian61

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I scanned again and it said no infection.
  2. Thank you. Thank you. Thank you. I followed your steps exactly and I can now open a browser and the svchost.exe debugger message no longer appears. I see no remaining problems. Below are the logs from your steps. You didn't specifically ask for the log from GooredFix but I put it in here anyway. I believe that I know where I clicked that brought all of this upon me and I'll be more careful. Additionally, I started working as a Limited User now rather than Administrator. I installed Comodo firewall rather than the Windows Firewall. I swapped AVG out and started using Avira (although I think AVG would have been fine to stay with). I removed IE7 during the debugging process and am now installing IE8. I had it installed previously but it is such a slow hog that I opted to stay with IE7. However, IE8 is supposed to be safer. Do you recommend other steps to keep me safe? GooredFix by jpshortstuff (03.07.10.1) Log created at 16:12 on 06/03/2011 (AldridgeAdmin) Firefox version 3.6.13 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [03:13 06/02/2009] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [11:28 09/05/2007] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [15:39 08/08/2007] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [16:08 14/11/2007] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [13:45 07/03/2008] {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [17:06 07/08/2008] {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [22:13 16/04/2009] {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [21:09 12/06/2009] {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [22:53 26/03/2010] {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [16:36 24/04/2010] {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [15:21 29/11/2010] {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [15:44 07/01/2011] C:\Documents and Settings\AldridgeAdmin\Application Data\Mozilla\Firefox\Profiles\yadat8vw.default\extensions\ {20a82645-c095-46ed-80e3-08825760534b} [17:53 25/02/2011] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:34 03/04/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:49 09/12/2008] -=E.O.F=- 2011/03/06 16:14:43.0140 4700 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30 2011/03/06 16:14:43.0578 4700 ================================================================================ 2011/03/06 16:14:43.0578 4700 SystemInfo: 2011/03/06 16:14:43.0578 4700 2011/03/06 16:14:43.0578 4700 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/06 16:14:43.0578 4700 Product type: Workstation 2011/03/06 16:14:43.0578 4700 ComputerName: BRIAN-DESKTOP 2011/03/06 16:14:43.0578 4700 UserName: AldridgeAdmin 2011/03/06 16:14:43.0578 4700 Windows directory: C:\WINDOWS 2011/03/06 16:14:43.0578 4700 System windows directory: C:\WINDOWS 2011/03/06 16:14:43.0578 4700 Processor architecture: Intel x86 2011/03/06 16:14:43.0578 4700 Number of processors: 2 2011/03/06 16:14:43.0578 4700 Page size: 0x1000 2011/03/06 16:14:43.0578 4700 Boot type: Normal boot 2011/03/06 16:14:43.0578 4700 ================================================================================ 2011/03/06 16:14:43.0765 4700 Initialize success 2011/03/06 16:14:49.0328 3444 ================================================================================ 2011/03/06 16:14:49.0328 3444 Scan started 2011/03/06 16:14:49.0328 3444 Mode: Manual; 2011/03/06 16:14:49.0328 3444 ================================================================================ 2011/03/06 16:14:50.0140 3444 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/03/06 16:14:50.0234 3444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/06 16:14:50.0296 3444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/06 16:14:50.0359 3444 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/03/06 16:14:50.0406 3444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/06 16:14:50.0453 3444 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/06 16:14:50.0515 3444 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/03/06 16:14:50.0546 3444 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/03/06 16:14:50.0578 3444 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/03/06 16:14:50.0609 3444 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/03/06 16:14:50.0625 3444 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/03/06 16:14:50.0671 3444 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/03/06 16:14:50.0703 3444 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/03/06 16:14:50.0718 3444 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/03/06 16:14:50.0765 3444 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/03/06 16:14:50.0796 3444 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/03/06 16:14:50.0812 3444 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/03/06 16:14:50.0828 3444 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/03/06 16:14:51.0000 3444 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/03/06 16:14:51.0062 3444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/06 16:14:51.0078 3444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/06 16:14:51.0140 3444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/06 16:14:51.0187 3444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/06 16:14:51.0296 3444 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/03/06 16:14:51.0359 3444 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/03/06 16:14:51.0421 3444 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/03/06 16:14:51.0484 3444 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys 2011/03/06 16:14:51.0546 3444 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys 2011/03/06 16:14:51.0562 3444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/06 16:14:51.0640 3444 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/03/06 16:14:51.0656 3444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/06 16:14:51.0703 3444 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/06 16:14:51.0734 3444 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/03/06 16:14:51.0781 3444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/06 16:14:51.0796 3444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/06 16:14:51.0828 3444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/06 16:14:51.0921 3444 cmdGuard (dd530ee7d9efbb0ec42aebe7226b8a93) C:\WINDOWS\system32\DRIVERS\cmdguard.sys 2011/03/06 16:14:51.0953 3444 cmdHlp (07cbbe993ed08a52dafac1e6cf27b6a5) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys 2011/03/06 16:14:51.0968 3444 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/03/06 16:14:52.0015 3444 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/03/06 16:14:52.0046 3444 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/03/06 16:14:52.0062 3444 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/03/06 16:14:52.0078 3444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/06 16:14:52.0140 3444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/06 16:14:52.0234 3444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/06 16:14:52.0312 3444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/06 16:14:52.0359 3444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/06 16:14:52.0406 3444 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/03/06 16:14:52.0468 3444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/06 16:14:52.0562 3444 dsdd (5fca1dfd89995f7aa7c39af4bc4fa5a5) C:\WINDOWS\system32\DRIVERS\dsvideo.sys 2011/03/06 16:14:52.0609 3444 dsload (5fbc62432f9b0d9c95d45594248c240e) C:\WINDOWS\system32\drivers\dsload.sys 2011/03/06 16:14:52.0765 3444 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 2011/03/06 16:14:52.0828 3444 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 2011/03/06 16:14:52.0890 3444 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/03/06 16:14:52.0968 3444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/06 16:14:53.0031 3444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/06 16:14:53.0062 3444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/06 16:14:53.0125 3444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/03/06 16:14:53.0171 3444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/06 16:14:53.0187 3444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/06 16:14:53.0265 3444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/06 16:14:53.0312 3444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/03/06 16:14:53.0390 3444 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys 2011/03/06 16:14:53.0437 3444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/06 16:14:53.0500 3444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/03/06 16:14:53.0640 3444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/06 16:14:53.0703 3444 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/03/06 16:14:53.0812 3444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/06 16:14:53.0828 3444 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/03/06 16:14:53.0859 3444 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/03/06 16:14:53.0906 3444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/06 16:14:53.0984 3444 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/03/06 16:14:54.0031 3444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/06 16:14:54.0093 3444 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/03/06 16:14:54.0156 3444 Inspect (8154a2c13b72b08db11157673c60c3eb) C:\WINDOWS\system32\DRIVERS\inspect.sys 2011/03/06 16:14:54.0218 3444 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys 2011/03/06 16:14:54.0265 3444 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys 2011/03/06 16:14:54.0281 3444 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys 2011/03/06 16:14:54.0343 3444 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/06 16:14:54.0406 3444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/06 16:14:54.0453 3444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/06 16:14:54.0500 3444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/06 16:14:54.0562 3444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/06 16:14:54.0609 3444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/06 16:14:54.0656 3444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/06 16:14:54.0750 3444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/06 16:14:54.0859 3444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/06 16:14:54.0968 3444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/06 16:14:55.0046 3444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/03/06 16:14:55.0109 3444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/06 16:14:55.0171 3444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/06 16:14:55.0359 3444 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2011/03/06 16:14:55.0406 3444 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 2011/03/06 16:14:55.0437 3444 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2011/03/06 16:14:55.0515 3444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/06 16:14:55.0531 3444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/06 16:14:55.0609 3444 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/03/06 16:14:55.0625 3444 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys 2011/03/06 16:14:55.0640 3444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/06 16:14:55.0687 3444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/06 16:14:55.0765 3444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/06 16:14:55.0812 3444 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/03/06 16:14:55.0843 3444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/06 16:14:55.0906 3444 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/06 16:14:55.0968 3444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/06 16:14:56.0046 3444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/06 16:14:56.0078 3444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/06 16:14:56.0125 3444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/06 16:14:56.0250 3444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/06 16:14:56.0312 3444 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/06 16:14:56.0343 3444 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/06 16:14:56.0406 3444 MXOFX (ca68234d644aca94e7de0c90d2142f9d) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS 2011/03/06 16:14:56.0453 3444 MXOPSWD (e3dec7ca28a9870e24fff4e467af7328) C:\WINDOWS\system32\DRIVERS\mxopswd.sys 2011/03/06 16:14:56.0500 3444 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/06 16:14:56.0546 3444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/06 16:14:56.0593 3444 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/06 16:14:56.0687 3444 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/06 16:14:56.0765 3444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/06 16:14:56.0828 3444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/06 16:14:56.0875 3444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/06 16:14:56.0890 3444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/06 16:14:56.0906 3444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/06 16:14:56.0968 3444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/06 16:14:57.0078 3444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/06 16:14:57.0109 3444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/06 16:14:57.0218 3444 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/06 16:14:57.0250 3444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/06 16:14:57.0281 3444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/06 16:14:57.0343 3444 NWUSBModem (8c47b0eb3d4ab6e4705b409205b1cc85) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys 2011/03/06 16:14:57.0406 3444 NWUSBPort (8c47b0eb3d4ab6e4705b409205b1cc85) C:\WINDOWS\system32\DRIVERS\nwusbser.sys 2011/03/06 16:14:57.0500 3444 OVT511Plus (c5739be3a8eecdf951955a38e1741f45) C:\WINDOWS\system32\Drivers\omcamvid.sys 2011/03/06 16:14:57.0593 3444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/06 16:14:57.0625 3444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/06 16:14:57.0718 3444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/06 16:14:57.0765 3444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/06 16:14:57.0828 3444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/06 16:14:57.0890 3444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/03/06 16:14:58.0031 3444 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/03/06 16:14:58.0062 3444 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/03/06 16:14:58.0125 3444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/06 16:14:58.0140 3444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/06 16:14:58.0156 3444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/06 16:14:58.0218 3444 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/06 16:14:58.0250 3444 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/03/06 16:14:58.0265 3444 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/03/06 16:14:58.0312 3444 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/03/06 16:14:58.0328 3444 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/03/06 16:14:58.0343 3444 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/03/06 16:14:58.0406 3444 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys 2011/03/06 16:14:58.0437 3444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/06 16:14:58.0453 3444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/06 16:14:58.0484 3444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/06 16:14:58.0500 3444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/06 16:14:58.0531 3444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/06 16:14:58.0562 3444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/06 16:14:58.0640 3444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/06 16:14:58.0703 3444 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/06 16:14:58.0781 3444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/06 16:14:58.0875 3444 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys 2011/03/06 16:14:58.0937 3444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/06 16:14:59.0015 3444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/06 16:14:59.0093 3444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/06 16:14:59.0171 3444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/06 16:14:59.0265 3444 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/03/06 16:14:59.0281 3444 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/06 16:14:59.0343 3444 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/03/06 16:14:59.0390 3444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/06 16:14:59.0453 3444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/06 16:14:59.0515 3444 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/06 16:14:59.0578 3444 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 2011/03/06 16:14:59.0609 3444 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2011/03/06 16:14:59.0671 3444 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2011/03/06 16:14:59.0750 3444 sscdserd (18b3f4ac9f5a7706159152412113a372) C:\WINDOWS\system32\DRIVERS\sscdserd.sys 2011/03/06 16:14:59.0812 3444 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/03/06 16:14:59.0890 3444 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/03/06 16:14:59.0968 3444 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys 2011/03/06 16:15:00.0031 3444 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/06 16:15:00.0078 3444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/06 16:15:00.0140 3444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/06 16:15:00.0203 3444 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/03/06 16:15:00.0234 3444 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/03/06 16:15:00.0250 3444 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/03/06 16:15:00.0296 3444 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/03/06 16:15:00.0359 3444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/06 16:15:00.0406 3444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/06 16:15:00.0453 3444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/06 16:15:00.0500 3444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/06 16:15:00.0562 3444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/06 16:15:00.0609 3444 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/03/06 16:15:00.0671 3444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/06 16:15:00.0734 3444 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/03/06 16:15:00.0781 3444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/06 16:15:00.0843 3444 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/06 16:15:00.0859 3444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/06 16:15:00.0906 3444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/06 16:15:00.0921 3444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/06 16:15:00.0968 3444 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/06 16:15:01.0078 3444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/06 16:15:01.0156 3444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/06 16:15:01.0234 3444 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 2011/03/06 16:15:01.0281 3444 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys 2011/03/06 16:15:01.0359 3444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/06 16:15:01.0375 3444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/06 16:15:01.0421 3444 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/03/06 16:15:01.0468 3444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/06 16:15:01.0531 3444 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/03/06 16:15:01.0562 3444 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/06 16:15:01.0593 3444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/06 16:15:01.0687 3444 w300bus (d4baa1ac8dcea1382e81aa6fe48cdd7c) C:\WINDOWS\system32\DRIVERS\w300bus.sys 2011/03/06 16:15:01.0750 3444 w300mdfl (12d415ab0ddd86c42cdc5f120a381f24) C:\WINDOWS\system32\DRIVERS\w300mdfl.sys 2011/03/06 16:15:01.0796 3444 w300mdm (f470d5e61ee7f951883f70d676551c89) C:\WINDOWS\system32\DRIVERS\w300mdm.sys 2011/03/06 16:15:01.0843 3444 w300mgmt (1b575b7384e22f5b278d3d7fc1bae682) C:\WINDOWS\system32\DRIVERS\w300mgmt.sys 2011/03/06 16:15:01.0890 3444 w300obex (a2bc36924ae02ca1e01ec39c99afea09) C:\WINDOWS\system32\DRIVERS\w300obex.sys 2011/03/06 16:15:01.0968 3444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/06 16:15:02.0031 3444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/06 16:15:02.0156 3444 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/03/06 16:15:02.0171 3444 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/03/06 16:15:02.0234 3444 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/06 16:15:02.0281 3444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/06 16:15:02.0328 3444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/06 16:15:02.0390 3444 WUSB54GPV4SRV (790d0a1eff8ca30776051445d0487cdb) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys 2011/03/06 16:15:02.0453 3444 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/03/06 16:15:02.0468 3444 ================================================================================ 2011/03/06 16:15:02.0468 3444 Scan finished 2011/03/06 16:15:02.0468 3444 ================================================================================ 2011/03/06 16:15:02.0468 4732 Detected object count: 1 2011/03/06 16:15:49.0828 4732 \HardDisk0 - will be cured after reboot 2011/03/06 16:15:49.0828 4732 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/06 16:15:56.0843 4488 Deinitialize success
  3. Please help remove malware from PC. Let me know if I failed to provide something. GMER Rootkit Scanner won't finish. Threw a blue screen of death twice in safe mode with networking and then when in normal mode it forced a unassisted reboot. I've been scanning for the past few days with Spybot, Avira, and others (with current definition files). Some issues have been found and supposedly resolved, but the problem lingers. Thank you for your help. I really appreciate it. . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by AldridgeAdmin at 13:13:09.67 on Sun 03/06/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1739 [GMT -6:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\AldridgeAdmin\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig/dell?hl=en uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MXOBG] c:\windows\MXOALDR.EXE mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe" mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNDc5NDc2MTM0LVQ0LVU4NSsxLUtWMys3LUJBKzEtWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsx"&"prod=90"&"ver=10.0.1204 dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://219.117.194.183:84/SysCamInst.cab DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://sakura777.miemasu.net/kxhcm10.ocx DPF: {395E58B9-090C-461A-8F27-087D1C727945} - hxxp://cobhamls.epopcentral.com/joinie.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} - hxxp://71.40.152.194/hdweb/ggw-activex.cab DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://128.175.99.120/activex/AxisCamControl.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://netsuitemeeting.webex.com/client/T25LSP41EP1/support/ieatgpc.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.arkansashighways.com/road/acgm.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://networksolutionsemailpopwizard.com/TrueSwitchEC.exe Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll Notify: PCANotify - PCANotify.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" Hosts: 74.208.10.249 gs.apple.com . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\aldrid~1\applic~1\mozilla\firefox\profiles\yadat8vw.default\ FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576] S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-25 11608] S1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-25 135336] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-25 267944] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-25 61960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-27 47640] S2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\mssql\binn\msftesql.exe [2007-6-22 95592] S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080] S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2009-5-27 13672] S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496] S3 dsdd;dsdd;c:\windows\system32\drivers\dsvideo.sys [2008-8-14 2111] S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?] S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 13408] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-1-21 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-1-21 85696] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000] UnknownUnknown dsload;dsload; [x] . =============== File Associations =============== . .txt=Notepad++_file . =============== Created Last 30 ================ . 2011-03-06 14:08:00 -------- d-----w- c:\program files\COMODO 2011-03-06 14:06:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo 2011-03-05 22:59:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2011-03-05 21:49:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero 2011-03-05 21:48:51 -------- d-----w- c:\program files\Nero 2011-03-05 21:47:52 -------- d-----w- c:\program files\Ask.com 2011-03-05 21:34:33 -------- d-----w- c:\program files\msn gaming zone 2011-03-05 15:30:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2011-03-05 15:30:16 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-03-04 02:54:37 -------- d-----w- c:\program files\Drop Down Deals 2011-03-04 02:54:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-02-25 19:29:19 -------- d-----w- c:\docume~1\aldrid~1\applic~1\Avira 2011-02-25 19:22:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-25 19:22:37 -------- d-----w- c:\program files\Avira 2011-02-25 19:22:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-25 16:20:31 -------- d-----w- c:\docume~1\aldrid~1\applic~1\Malwarebytes 2011-02-25 02:55:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\pJkBeIc08200 2011-02-21 22:51:23 1589248 ----a-w- c:\windows\system32\libmysql_d.dll 2011-02-21 22:51:19 -------- d-----w- c:\program files\PremiumSoft 2011-02-21 22:32:33 -------- d-----w- c:\program files\WinSCP 2011-02-21 21:36:17 -------- d-----w- c:\program files\iPhoneBrowser . ==================== Find3M ==================== . 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-29 07:42:04 285480 ----a-w- c:\windows\system32\guard32.dll 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-08 19:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-08 19:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2010-12-08 19:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-12-08 19:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD1600JS-75NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8EB439]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a8f17b8]; MOV EAX, [0x8a8f1834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A943AB8] 3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A869798] \Driver\atapi[0x8A91B2E8] -> IRP_MJ_CREATE -> 0x8A8EB439 kernel: MBR read successfully _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8A8EB27F user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 13:13:42.06 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5967 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 3/6/2011 2:15:03 PM mbam-log-2011-03-06 (14-15-03).txt Scan type: Quick scan Objects scanned: 200670 Time elapsed: 11 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
  4. For the past few days Symantec wouldn't complete a scan. Kept saying that it was stopped by user. So something was preventing it from doing its job. Maybe that is why it didn't find those files. Obviously I'm just guessing. I removed ComboFix as you requested. I'm running Symantec scan now. Guess I'll run MBAM scan next. Early on in this infection we had lots of pop ups as is pretty common with this. But after I thought I had it all cleaned off my ISP started reporting that we were relaying SPAM emails and that they were getting notification from SPAMCOP and other places. My IP has been temporarily blacklisted for email at a couple places. I've been warned twice by my ISP, so I'm very cautious about re-introducing this PC back on-line. So my question is, since I never saw these SPAM emails, don't know how I could have known that it was happening, how do I know that my PC is no longer behaving this way? I've installed ZoneAlarm now so that I can get better notification and control. Other than that it still feels risky. Any suggestions? Any further steps we can take to be certain that the PC is clean? Thanks again for your help.
  5. ...and here's the ComboFix log: ComboFix 09-05-15.03 - Administrator 05/16/2009 3:49.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1544 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\WinXP_EN_PRO_BF.EXE AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . J:\Autorun.inf Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - The cat ate it . ((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 ))))))))))))))))))))))))))))))) . 2009-05-13 18:38 . 2009-05-13 18:38 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-05-13 18:26 . 2009-05-13 18:26 -------- d-----w c:\program files\Trend Micro 2009-05-13 15:02 . 2009-05-13 15:02 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-05-13 14:25 . 2009-05-13 14:25 -------- d-----w c:\program files\Zone Labs 2009-05-13 14:23 . 2009-05-16 08:54 -------- d-----w c:\windows\Internet Logs 2009-05-13 14:14 . 2009-05-13 14:14 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-05-13 14:13 . 2009-05-13 14:13 60688 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-13 00:12 . 2008-04-14 12:42 221184 ----a-w c:\windows\system32\wmpns.dll 2009-05-12 17:41 . 2009-05-12 17:43 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-12 17:41 . 2009-05-12 17:43 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-11 22:16 . 2009-05-11 22:17 -------- d-----w c:\program files\QuickTime 2009-05-11 22:16 . 2009-05-11 22:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-05-11 22:16 . 2009-05-11 22:16 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Apple 2009-05-11 22:16 . 2009-05-11 22:16 -------- d-----w c:\program files\Apple Software Update 2009-05-11 22:16 . 2009-05-11 22:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-05-11 22:16 . 2009-05-11 22:16 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Apple Computer 2009-05-10 23:09 . 2009-05-10 23:09 -------- d-----w c:\program files\2BrightSparks 2009-05-10 23:07 . 2009-05-10 23:08 -------- d-----w c:\windows\system32\NtmsData 2009-05-10 22:25 . 2009-05-10 22:25 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-05-10 22:19 . 2009-05-13 00:12 -------- d-----w c:\program files\NOS 2009-05-10 22:19 . 2009-05-13 00:12 -------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-05-10 20:47 . 2009-05-10 20:47 -------- d-----w c:\documents and settings\User\Application Data\Talkback 2009-05-10 20:46 . 2009-05-10 20:46 -------- d-----w c:\documents and settings\User\Application Data\Thunderbird 2009-05-10 20:46 . 2009-05-10 20:47 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Thunderbird 2009-05-10 20:45 . 2009-05-11 20:58 -------- d-----w c:\program files\Mozilla Thunderbird 2009-05-10 02:18 . 2009-05-12 17:48 -------- d-----w c:\windows\system32\config\systemprofile\Tracing 2009-05-05 14:25 . 2009-05-05 14:25 -------- d-----w c:\documents and settings\User\Application Data\Malwarebytes 2009-05-05 14:25 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-05 14:25 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-05 14:25 . 2009-05-05 14:25 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-05 14:25 . 2009-05-05 14:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-04 20:41 . 2009-05-16 08:51 578560 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-05-02 22:03 . 2009-05-02 22:03 0 ----a-w c:\windows\nsreg.dat 2009-05-02 22:03 . 2009-05-02 22:03 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Mozilla 2009-05-01 16:56 . 2007-08-14 01:52 66048 ----a-w c:\windows\ieResetIcons.exe 2009-05-01 07:44 . 2009-05-05 15:05 -------- d-----w c:\windows\system32\456131 2009-05-01 07:13 . 2008-04-14 12:42 26112 ----a-w c:\windows\system32\stu2.exe 2009-04-30 13:38 . 2009-04-30 13:38 5179 --sh--w c:\windows\system32\niwazuba.dll 2009-04-30 01:26 . 2009-05-10 22:03 -------- d-----w c:\documents and settings\User\Application Data\Lavasoft 2009-04-29 16:32 . 2009-04-29 16:32 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 08:51 . 2007-01-01 00:00 578560 ----a-w c:\windows\system32\user32.dll 2009-05-16 08:48 . 2007-01-01 00:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-05-13 14:48 . 2009-05-13 14:25 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-05-10 22:24 . 2008-06-05 10:46 -------- d-----w c:\program files\Common Files\Adobe 2009-05-05 14:06 . 2007-01-01 00:00 14336 ----a-w c:\windows\system32\svchost.exe 2009-05-04 03:46 . 2009-05-04 03:46 43 ----a-w c:\documents and settings\User\Application Data\~ygw.tmp 2009-05-02 13:03 . 2008-06-05 11:16 -------- d-----w c:\program files\Common Files\Ahead 2009-05-01 17:25 . 2008-06-04 23:27 -------- d-----w c:\program files\Google 2009-04-27 22:41 . 2008-06-05 11:21 -------- d-----w c:\program files\Symantec AntiVirus 2009-04-15 08:00 . 2008-06-05 10:53 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-02 17:26 . 2009-04-02 17:25 -------- d-----w c:\program files\Canon 2009-04-02 17:22 . 2009-04-02 17:22 -------- d-----w c:\program files\Common Files\Canon 2009-03-25 14:09 . 2008-12-09 01:10 60688 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT 2009-03-20 02:12 . 2009-03-20 02:13 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-20 02:12 . 2009-03-20 02:12 -------- d-----w c:\program files\Java 2009-03-17 13:31 . 2008-06-04 22:54 60688 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-17 13:06 . 2009-03-17 13:03 -------- d-----w c:\program files\Microsoft 2009-03-17 13:06 . 2008-06-11 12:06 -------- d-----w c:\program files\Windows Live 2009-03-17 13:05 . 2009-03-17 13:05 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-17 13:03 . 2009-03-17 13:03 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-17 12:41 . 2009-03-17 12:41 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-06 14:22 . 2007-01-01 00:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-20 18:09 . 2007-01-01 00:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 08:10 . 2007-01-01 00:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-16 05:10 . 2009-05-13 14:48 1221512 ----a-w c:\windows\system32\zpeng25.dll . Infected c:\windows\system32\user32.dll hex repaired ((((((((((((((((((((((((((((( SnapShot@2009-05-10_03.30.30 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-16 08:53 . 2009-05-16 08:53 16384 c:\windows\temp\Perflib_Perfdata_618.dat + 2009-05-13 14:48 . 2009-02-16 05:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll + 2009-05-13 14:48 . 2008-11-17 07:24 51688 c:\windows\system32\ZoneLabs\srescan.sys + 2009-05-13 14:48 . 2009-02-16 05:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll + 2009-05-13 14:48 . 2009-02-16 05:10 98184 c:\windows\system32\ZoneLabs\fbl.dll + 2009-05-13 14:48 . 2009-02-16 05:10 74632 c:\windows\system32\ZoneLabs\camupd.dll + 2009-05-13 14:48 . 2009-02-16 05:10 69000 c:\windows\system32\zlcomm.dll + 2009-05-13 14:48 . 2009-02-16 05:10 35208 c:\windows\system32\vswmi.dll + 2009-05-13 14:48 . 2009-02-16 05:10 58248 c:\windows\system32\vsregexp.dll + 2009-05-10 21:13 . 2009-05-10 21:13 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll + 2009-05-13 13:12 . 2009-05-13 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009051320090514\index.dat + 2009-05-12 10:33 . 2009-05-13 02:21 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009051220090513\index.dat + 2009-05-11 10:32 . 2009-05-11 22:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009051120090512\index.dat + 2009-05-10 18:32 . 2009-05-11 10:32 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009051020090511\index.dat + 2009-05-11 10:32 . 2009-05-11 10:32 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009050420090511\index.dat + 2008-06-05 10:32 . 2009-05-13 14:45 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-06-05 10:32 . 2009-05-13 14:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-06-05 10:32 . 2009-05-10 03:28 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-06-05 10:53 . 2009-04-15 08:01 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2008-06-05 10:53 . 2009-05-15 16:42 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2008-06-05 10:53 . 2009-05-15 16:42 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2008-06-05 10:53 . 2009-04-15 08:01 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2008-06-05 10:53 . 2009-04-15 08:01 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2008-06-05 10:53 . 2009-05-15 16:42 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2008-06-05 10:53 . 2009-04-15 08:01 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2008-06-05 10:53 . 2009-05-15 16:42 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2008-06-05 10:53 . 2009-05-15 16:42 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2008-06-05 10:53 . 2009-04-15 08:01 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2008-06-05 10:53 . 2009-05-15 16:42 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2008-06-05 10:53 . 2009-04-15 08:01 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe + 2009-05-11 22:16 . 2009-05-11 22:16 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2009-05-13 14:48 . 2009-02-16 05:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll + 2008-06-05 10:53 . 2009-05-15 16:42 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2008-06-05 10:53 . 2009-04-15 08:01 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2008-06-05 10:53 . 2009-04-15 08:01 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2008-06-05 10:53 . 2009-05-15 16:42 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2008-06-05 10:53 . 2009-04-15 08:01 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2008-06-05 10:53 . 2009-05-15 16:42 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 10:23 . 2008-07-29 10:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll + 2008-07-29 10:23 . 2008-07-29 10:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll + 2008-07-29 08:51 . 2008-07-29 08:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll + 2009-05-13 14:48 . 2009-02-16 05:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll + 2009-05-13 14:48 . 2009-02-16 05:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll + 2009-05-13 14:48 . 2009-02-16 05:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll + 2009-05-13 14:48 . 2009-02-16 05:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll + 2009-05-13 14:47 . 2009-02-16 05:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll + 2009-05-13 14:48 . 2009-02-16 05:10 176520 c:\windows\system32\ZoneLabs\updclient.exe + 2009-05-13 14:48 . 2007-10-11 21:51 832984 c:\windows\system32\ZoneLabs\updating.dll + 2009-05-13 14:48 . 2009-02-16 05:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll + 2009-05-13 14:48 . 2009-02-16 05:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll + 2009-05-13 14:48 . 2008-11-17 07:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll + 2009-05-13 14:48 . 2008-11-17 07:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll + 2009-05-13 14:48 . 2009-02-16 05:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll + 2009-05-13 14:48 . 2009-02-16 05:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll + 2009-05-13 14:47 . 2009-02-04 23:27 548128 c:\windows\system32\ZoneLabs\icslta.dll + 2009-05-13 14:48 . 2009-02-16 05:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll + 2009-05-13 14:48 . 2008-03-17 21:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll + 2009-05-13 14:48 . 2009-02-16 05:10 103816 c:\windows\system32\zlcommdb.dll + 2009-05-13 14:48 . 2009-02-16 05:10 109960 c:\windows\system32\vsxml.dll + 2009-05-13 14:47 . 2009-02-16 05:10 482184 c:\windows\system32\vsutil.dll + 2009-05-13 14:48 . 2009-02-16 05:10 309128 c:\windows\system32\vspubapi.dll + 2009-05-13 14:48 . 2009-02-16 05:10 107912 c:\windows\system32\vsmonapi.dll + 2009-05-13 14:47 . 2009-02-16 05:10 229256 c:\windows\system32\vsinit.dll + 2009-05-13 14:48 . 2009-02-16 05:10 353672 c:\windows\system32\vsdatant.sys + 2009-05-13 14:47 . 2009-02-16 05:10 110472 c:\windows\system32\vsdata.dll + 2007-01-01 00:00 . 2009-02-20 08:10 619520 c:\windows\system32\urlmon.dll - 2007-01-01 00:00 . 2008-04-14 12:42 619520 c:\windows\system32\urlmon.dll + 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-02-20 08:10 . 2009-02-20 08:10 666112 c:\windows\system32\dllcache\wininet.dll + 2009-02-20 08:10 . 2009-02-20 08:10 619520 c:\windows\system32\dllcache\urlmon.dll + 2007-01-01 00:00 . 2008-04-14 07:50 182656 c:\windows\system32\dllcache\ndis.sys + 2009-05-09 19:28 . 2009-05-13 14:45 245760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-06-05 10:53 . 2009-04-15 08:01 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2008-06-05 10:53 . 2009-05-15 16:42 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2008-06-05 10:53 . 2009-05-15 16:42 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe - 2008-06-05 10:53 . 2009-04-15 08:01 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe + 2009-05-13 14:48 . 2009-02-16 05:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll + 2009-05-13 14:48 . 2009-02-16 05:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe + 2009-05-13 14:48 . 2008-11-17 07:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll + 2009-05-13 14:48 . 2009-02-16 05:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll - 2007-01-01 00:00 . 2008-04-14 12:42 1499136 c:\windows\system32\shdocvw.dll + 2007-01-01 00:00 . 2009-03-02 23:04 1499136 c:\windows\system32\shdocvw.dll + 2007-01-01 00:00 . 2009-02-20 08:11 3068416 c:\windows\system32\mshtml.dll + 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2009-03-02 23:04 . 2009-03-02 23:04 1499136 c:\windows\system32\dllcache\shdocvw.dll + 2009-02-20 08:11 . 2009-02-20 08:11 3068416 c:\windows\system32\dllcache\mshtml.dll + 2009-05-13 14:48 . 2008-12-15 06:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat + 2009-05-13 14:48 . 2008-12-15 06:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat + 2009-05-15 16:41 . 2009-05-07 05:16 24699336 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-10 8597586] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 9:02 PM 101936] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 8:34 AM 115952] . Contents of the 'Scheduled Tasks' folder 2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-05-10 c:\windows\Tasks\SyncBack Trudy Backup.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-10 17:00] . - - - - ORPHANS REMOVED - - - - HKLM-Run-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe HKLM-Run-SigmatelSysTrayApp - sttray.exe . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5lcen25.default\ FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 03:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2652) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe . ************************************************************************** . Completion time: 2009-05-16 3:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-16 08:56 ComboFix2.txt 2009-05-10 03:31 ComboFix3.txt 2009-05-09 17:56 Pre-Run: 214,977,294,336 bytes free Post-Run: 215,107,674,112 bytes free WinXP_EN_PRO_BF.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 312 --- E O F --- 2009-05-15 16:42
  6. Hey, thanks for helping. Sorry for the delayed response; I assumed that I would get an email when I got a forum reply so I was watching my email client instead of the forum post. Did as you requested. I don't dare connect this pc to the internet for downloads so I downloaded the update to another PC and moved it via USB drive. Here are the logs: Malwarebytes' Anti-Malware 1.36 Database version: 2110 Windows 5.1.2600 Service Pack 3 5/15/2009 3:09:50 PM mbam-log-2009-05-15 (15-09-50).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Objects scanned: 155216 Time elapsed: 53 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:37:42 PM, on 5/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\gopisuge.dll c:\windows\system32\nifarake.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6456 bytes
  7. I have evidently been relaying spam email around the world without my knowledge. My ISP wants me to clean up my act. I've been chasing viruses for a couple weeks and could really use some help. Symantec anti-virus won't complete a scan any longer. MalwareBytes, Ad-Aware, and Spybot seem to cleaned the majority of the issues, but I'm left with something that is behaving badly by relaying spam and I can't find it. Below are my MBAM and HJT logs. Any help you can provide would be greatly appreciated. Malwarebytes' Anti-Malware 1.36 Database version: 2078 Windows 5.1.2600 Service Pack 3 5/13/2009 1:59:11 PM mbam-log-2009-05-13 (13-59-11).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Objects scanned: 135005 Time elapsed: 20 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:02:44 PM, on 5/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\User\Application Data\Smilebox\SmileboxTray.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\gopisuge.dll c:\windows\system32\nifarake.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6688 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.