Jump to content

Ironicus

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I've spent the last two hours doing various things online without any unusual problems so it seems clear. Thank you for your help.
  2. ComboFix 11-01-21.03 - Alaina 01/22/2011 9:19.6.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.703 [GMT -6:00] Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Alaina\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 ))))))))))))))))))))))))))))))) . 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime 2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer 2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW 2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics 2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live 2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248] "MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752] "MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Irene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953] BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-22 09:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(784) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\mslbui.dll . Completion time: 2011-01-22 09:27:08 ComboFix-quarantined-files.txt 2011-01-22 15:26 Pre-Run: 63,699,103,744 bytes free Post-Run: 63,672,848,384 bytes free Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - 1306BFDBF0FDB2967ACC50F50E74E691
  3. ComboFix 11-01-19.04 - Alaina 01/21/2011 18:54:14.5.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.717 [GMT -6:00] Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Alaina\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 ))))))))))))))))))))))))))))))) . 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime 2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer 2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW 2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics 2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live 2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248] "MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752] "MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Irene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953] BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-21 19:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(1284) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll . Completion time: 2011-01-21 19:02:40 ComboFix-quarantined-files.txt 2011-01-22 01:02 ComboFix2.txt 2011-01-20 23:47 ComboFix3.txt 2011-01-16 17:31 Pre-Run: 63,718,137,856 bytes free Post-Run: 63,691,862,016 bytes free Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - 833ED66F60982D54063718127EDB4FA6
  4. New Combo-Fix log: ComboFix 11-01-19.04 - Alaina 01/20/2011 17:39:30.4.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.718 [GMT -6:00] Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 ))))))))))))))))))))))))))))))) . 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime 2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer 2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW 2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics 2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live 2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248] "MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752] "MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Irene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953] BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-20 17:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(1260) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\mslbui.dll . Completion time: 2011-01-20 17:47:24 ComboFix-quarantined-files.txt 2011-01-20 23:47 ComboFix2.txt 2011-01-16 17:31 Pre-Run: 63,628,443,648 bytes free Post-Run: 63,688,306,688 bytes free Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - 87693960FD696374DBC4B857743CA970
  5. Okay, done. Here's a new DDS log taken just after: DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Alaina at 7:06:28.86 on Thu 01/20/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.754 [GMT -6:00] AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Alaina\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} ============= SERVICES / DRIVERS =============== S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] =============== Created Last 30 ================ 2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons 2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix 2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll 2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures 2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-14 18:28:43 -------- d-----w- C:\dload 2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec 2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple 2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer 2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW 2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics 2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live 2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache ==================== Find3M ==================== 2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for 2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 7:07:37.13 ===============
  6. Combofix is still on the desktop, yes. I manually deleted all folders I could find named Symantec but could not find any folders for AVG10. Here is a new DDS log: DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Alaina at 17:45:55.15 on Wed 01/19/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.705 [GMT -6:00] AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Alaina\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} ============= SERVICES / DRIVERS =============== S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] =============== Created Last 30 ================ 2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons 2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix 2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll 2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures 2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-14 18:28:43 -------- d-----w- C:\dload 2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec 2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe 2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe 2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe 2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe 2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple 2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer 2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW 2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics 2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live 2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache ==================== Find3M ==================== 2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for 2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 17:46:53.86 ===============
  7. DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Alaina at 17:42:06.85 on Tue 01/18/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.675 [GMT -6:00] AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Alaina\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} ============= SERVICES / DRIVERS =============== S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] =============== Created Last 30 ================ 2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons 2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix 2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll 2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures 2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-14 18:28:43 -------- d-----w- C:\dload 2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec 2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe 2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe 2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe 2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe 2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple 2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer 2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW 2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics 2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live 2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache ==================== Find3M ==================== 2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for 2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 17:43:30.00 ===============
  8. Using the latest version did help, thank you. Here's the new log: 2011/01/17 17:58:20.0244 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11 2011/01/17 17:58:20.0244 ================================================================================ 2011/01/17 17:58:20.0244 SystemInfo: 2011/01/17 17:58:20.0244 2011/01/17 17:58:20.0244 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/17 17:58:20.0244 Product type: Workstation 2011/01/17 17:58:20.0244 ComputerName: ANDZELEWSKI 2011/01/17 17:58:20.0244 UserName: Alaina 2011/01/17 17:58:20.0244 Windows directory: C:\WINDOWS 2011/01/17 17:58:20.0244 System windows directory: C:\WINDOWS 2011/01/17 17:58:20.0244 Processor architecture: Intel x86 2011/01/17 17:58:20.0244 Number of processors: 1 2011/01/17 17:58:20.0244 Page size: 0x1000 2011/01/17 17:58:20.0244 Boot type: Safe boot with network 2011/01/17 17:58:20.0244 ================================================================================ 2011/01/17 17:58:20.0695 Initialize success 2011/01/17 17:58:23.0859 ================================================================================ 2011/01/17 17:58:23.0859 Scan started 2011/01/17 17:58:23.0859 Mode: Manual; 2011/01/17 17:58:23.0859 ================================================================================ 2011/01/17 17:58:26.0233 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/01/17 17:58:26.0473 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/17 17:58:26.0643 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/17 17:58:26.0854 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/01/17 17:58:27.0014 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/17 17:58:27.0254 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/17 17:58:27.0485 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/17 17:58:27.0645 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/01/17 17:58:27.0795 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/01/17 17:58:27.0975 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/01/17 17:58:28.0226 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/01/17 17:58:28.0436 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/01/17 17:58:28.0586 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/01/17 17:58:28.0746 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/01/17 17:58:28.0927 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/01/17 17:58:29.0107 ApfiltrService (2aa99fd81693729da66e38dbc108a704) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/01/17 17:58:29.0327 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/01/17 17:58:29.0518 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/17 17:58:29.0658 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/01/17 17:58:29.0758 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/01/17 17:58:29.0848 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/01/17 17:58:29.0968 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/01/17 17:58:30.0249 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/01/17 17:58:30.0559 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/17 17:58:30.0739 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/17 17:58:30.0970 ati2mtag (e7b57742d0db9d8c33e956b1f2256557) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/01/17 17:58:31.0120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/17 17:58:31.0410 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/17 17:58:31.0621 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/01/17 17:58:31.0731 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2011/01/17 17:58:31.0891 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/17 17:58:32.0151 btaudio (a59c3b28077058837bb7e6f07a8ec2ca) C:\WINDOWS\system32\drivers\btaudio.sys 2011/01/17 17:58:32.0362 BTDriver (8a3b16e145818a0136b317d4acac0890) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/01/17 17:58:32.0452 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/01/17 17:58:32.0542 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/01/17 17:58:32.0672 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/01/17 17:58:32.0812 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/01/17 17:58:33.0123 BTKRNL (a8dcd3c1081728847046fa86d9a69370) C:\WINDOWS\system32\drivers\btkrnl.sys 2011/01/17 17:58:33.0503 BTWDNDIS (b18d52e117198950ce0aeabe99700730) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/01/17 17:58:33.0654 BTWUSB (2adcad7828e9cd53ff28c59f24ce4a10) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/01/17 17:58:33.0984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/01/17 17:58:34.0164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/17 17:58:34.0294 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/01/17 17:58:34.0535 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/17 17:58:34.0825 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/17 17:58:35.0506 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/17 17:58:37.0078 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/17 17:58:37.0820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/01/17 17:58:38.0430 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/17 17:58:39.0292 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/01/17 17:58:40.0433 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/01/17 17:58:41.0515 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/01/17 17:58:42.0666 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/17 17:58:43.0438 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/17 17:58:44.0429 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/17 17:58:45.0450 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/17 17:58:46.0121 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/17 17:58:46.0792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/01/17 17:58:47.0273 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/17 17:58:47.0934 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/01/17 17:58:48.0495 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/01/17 17:58:49.0076 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/17 17:58:49.0857 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/17 17:58:50.0498 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/17 17:58:51.0179 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/17 17:58:52.0210 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/17 17:58:53.0943 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/17 17:58:54.0924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/17 17:58:55.0946 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/17 17:58:56.0576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/17 17:58:57.0498 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys 2011/01/17 17:58:57.0738 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/17 17:58:58.0329 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/01/17 17:58:58.0639 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/01/17 17:58:58.0990 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/01/17 17:58:59.0280 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/01/17 17:58:59.0851 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 2011/01/17 17:59:00.0712 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/01/17 17:59:01.0664 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 2011/01/17 17:59:02.0535 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/17 17:59:03.0106 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/01/17 17:59:03.0727 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/01/17 17:59:04.0298 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/17 17:59:05.0019 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/17 17:59:05.0519 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/01/17 17:59:06.0140 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/01/17 17:59:06.0691 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/17 17:59:07.0182 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/17 17:59:07.0702 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/17 17:59:08.0363 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/17 17:59:09.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/17 17:59:09.0836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/17 17:59:10.0927 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/17 17:59:11.0518 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/17 17:59:11.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/17 17:59:12.0279 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/17 17:59:12.0880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/17 17:59:13.0841 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/01/17 17:59:14.0342 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/17 17:59:14.0833 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/17 17:59:15.0193 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/17 17:59:15.0734 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/17 17:59:16.0255 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/17 17:59:16.0906 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/01/17 17:59:17.0537 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/01/17 17:59:18.0117 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/17 17:59:19.0009 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/17 17:59:20.0010 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/17 17:59:20.0881 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/17 17:59:21.0542 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/17 17:59:22.0113 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/17 17:59:22.0684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/17 17:59:23.0465 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/17 17:59:24.0096 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys 2011/01/17 17:59:24.0577 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys 2011/01/17 17:59:25.0308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/17 17:59:26.0530 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/17 17:59:26.0750 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/17 17:59:27.0231 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/17 17:59:27.0491 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/17 17:59:27.0972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/17 17:59:28.0683 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/17 17:59:29.0404 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/17 17:59:30.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/17 17:59:30.0676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/17 17:59:31.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/17 17:59:32.0288 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/01/17 17:59:33.0710 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/17 17:59:34.0161 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/17 17:59:34.0831 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/17 17:59:35.0422 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/01/17 17:59:36.0063 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/17 17:59:37.0085 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/17 17:59:37.0615 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/17 17:59:37.0986 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/17 17:59:38.0617 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/17 17:59:39.0378 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/01/17 17:59:40.0980 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/01/17 17:59:41.0972 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/01/17 17:59:42.0643 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/17 17:59:43.0053 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/17 17:59:43.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/17 17:59:44.0075 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/17 17:59:44.0375 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/01/17 17:59:45.0136 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/01/17 17:59:45.0797 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/01/17 17:59:46.0508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/01/17 17:59:46.0939 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/01/17 17:59:47.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/17 17:59:48.0221 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/17 17:59:48.0701 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/17 17:59:48.0932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/17 17:59:49.0422 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/17 17:59:50.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/17 17:59:51.0125 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/17 17:59:51.0896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/17 17:59:52.0327 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/17 17:59:52.0847 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/01/17 17:59:53.0188 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/01/17 17:59:54.0079 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/17 17:59:54.0710 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/17 17:59:55.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/17 17:59:56.0002 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/01/17 17:59:57.0063 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/01/17 17:59:57.0374 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/01/17 17:59:57.0925 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/01/17 17:59:58.0215 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/17 17:59:59.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/17 18:00:00.0098 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/17 18:00:00.0258 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/01/17 18:00:00.0428 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/01/17 18:00:00.0909 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys 2011/01/17 18:00:01.0280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/17 18:00:01.0350 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/17 18:00:01.0780 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/01/17 18:00:02.0131 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/01/17 18:00:02.0291 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/01/17 18:00:02.0381 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/01/17 18:00:02.0872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/17 18:00:04.0304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/17 18:00:04.0945 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/17 18:00:05.0235 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/17 18:00:05.0395 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/17 18:00:06.0086 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/01/17 18:00:06.0147 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/01/17 18:00:06.0227 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/01/17 18:00:06.0327 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys 2011/01/17 18:00:06.0417 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/01/17 18:00:06.0527 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/01/17 18:00:06.0597 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/01/17 18:00:06.0677 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/01/17 18:00:06.0737 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/01/17 18:00:06.0968 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/01/17 18:00:07.0138 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/17 18:00:07.0358 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/01/17 18:00:07.0649 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/17 18:00:07.0879 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/01/17 18:00:08.0049 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/17 18:00:08.0209 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/17 18:00:08.0360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/17 18:00:08.0470 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/17 18:00:08.0690 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/17 18:00:08.0780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/17 18:00:08.0900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/17 18:00:09.0081 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/17 18:00:09.0231 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/01/17 18:00:09.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/01/17 18:00:09.0411 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/17 18:00:09.0581 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/17 18:00:09.0722 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/01/17 18:00:09.0932 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/01/17 18:00:10.0152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/17 18:00:10.0323 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/01/17 18:00:10.0853 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/01/17 18:00:11.0144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/17 18:00:11.0294 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/17 18:00:11.0564 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/17 18:00:11.0584 ================================================================================ 2011/01/17 18:00:11.0584 Scan finished 2011/01/17 18:00:11.0584 ================================================================================ 2011/01/17 18:00:11.0634 Detected object count: 1 2011/01/17 18:00:24.0843 \HardDisk0 - will be cured after reboot 2011/01/17 18:00:24.0843 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/17 18:00:31.0082 Deinitialize success
  9. That explains it. Thank you. I'll take care of that once I get out of work this afternoon. Thank you for being so patient and helpful.
  10. I uninstalled Norton and ran the AVG uninstaller. Here is the new DDS log: DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Alaina at 16:32:18.85 on Sun 01/16/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.502 [GMT -6:00] AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Alaina\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} ============= SERVICES / DRIVERS =============== S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] =============== Created Last 30 ================ 2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons 2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix 2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll 2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures 2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-14 18:28:43 -------- d-----w- C:\dload 2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec 2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe 2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe 2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe 2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe 2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple 2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer 2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW 2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics 2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live 2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache 2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for 2010-12-18 19:37:04 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Temp 2010-12-18 19:36:56 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Google 2010-12-18 19:15:04 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2010-12-18 19:15:03 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-12-18 19:15:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-12-18 19:14:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2010-12-18 19:12:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-18 19:05:40 45568 ------w- c:\windows\system32\dllcache\wab.exe ==================== Find3M ==================== 2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87317555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8731d7b0]; MOV EAX, [0x8731d82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8732F030] 3 CLASSPNP[0xF75AFFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x872BB920] \Driver\atapi[0x872D3230] -> IRP_MJ_CREATE -> 0x87317555 kernel: MBR read successfully _asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHU2100AT_______________________00000008#5&355805a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8731739B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 16:35:09.26 ===============
  11. Here's the combofix log: ComboFix 11-01-15.01 - Alaina 01/16/2011 10:57:54.3.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.709 [GMT -6:00] Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Alaina\Application Data\Sun\mxd1.txt c:\documents and settings\Alaina\Application Data\Sun\vlsd8.dll c:\windows\system32\6to4ex.dll c:\windows\system32\Drivers\wntpo.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 ))))))))))))))))))))))))))))))) . 2011-01-15 02:01 . 2011-01-15 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-15 01:54 . 2011-01-15 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-01-14 19:02 . 2010-11-16 18:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47261E04-880B-43D1-A4A4-6FDB8E1678C3}\mpengine.dll 2011-01-14 18:33 . 2011-01-14 18:33 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures 2011-01-14 18:33 . 2011-01-14 18:36 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-14 18:28 . 2011-01-14 18:28 -------- d-----w- C:\dload 2011-01-12 00:58 . 2011-01-12 13:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-01-12 00:25 . 2011-01-12 00:25 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Symantec 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime 2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer 2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW 2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics 2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live 2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache 2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for 2010-12-18 19:37 . 2011-01-16 17:13 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Temp 2010-12-18 19:36 . 2010-12-18 19:38 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Google 2010-12-18 19:15 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2010-12-18 19:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-12-18 19:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-12-18 19:14 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2010-12-18 19:12 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-18 19:05 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys 2010-10-19 16:41 . 2010-04-29 22:45 222080 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248] "MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752] "MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Irene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953] BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736] --- Other Services/Drivers In Memory --- *Deregistered* - eeCtrl [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job - c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36] 2011-01-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} . - - - - ORPHANS REMOVED - - - - HKLM_ActiveSetup-{6138DD97-CAF8-42EC-98FE-2DAC32A555E1} - c:\documents and settings\Alaina\Application Data\Sun\vlsd8.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-16 11:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(916) c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'lsass.exe'(980) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(5340) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Dell\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\SearchIndexer.exe c:\program files\Zune\ZuneNss.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Apoint\Apntex.exe c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe c:\windows\system32\rundll32.exe c:\windows\system32\SearchProtocolHost.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2011-01-16 11:31:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-16 17:31 ComboFix2.txt 2011-01-12 23:54 ComboFix3.txt 2011-01-12 00:53 Pre-Run: 63,853,772,800 bytes free Post-Run: 62,481,661,952 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - A4C83A29141F8AAD5B177EB4E263BF12
  12. Thank you for your help. Only viewpoint media player was present on the add/remove programs list so I removed it. TDSSKiller didn't find anything in its scan. Here are the new logs you requested: 2011/01/14 20:15:39.0645 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41 2011/01/14 20:15:39.0645 ================================================================================ 2011/01/14 20:15:39.0645 SystemInfo: 2011/01/14 20:15:39.0645 2011/01/14 20:15:39.0645 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/14 20:15:39.0645 Product type: Workstation 2011/01/14 20:15:39.0645 ComputerName: ANDZELEWSKI 2011/01/14 20:15:39.0645 UserName: Alaina 2011/01/14 20:15:39.0645 Windows directory: C:\WINDOWS 2011/01/14 20:15:39.0645 System windows directory: C:\WINDOWS 2011/01/14 20:15:39.0645 Processor architecture: Intel x86 2011/01/14 20:15:39.0645 Number of processors: 1 2011/01/14 20:15:39.0645 Page size: 0x1000 2011/01/14 20:15:39.0645 Boot type: Safe boot with network 2011/01/14 20:15:39.0645 ================================================================================ 2011/01/14 20:15:40.0076 Initialize success 2011/01/14 20:15:42.0249 ================================================================================ 2011/01/14 20:15:42.0249 Scan started 2011/01/14 20:15:42.0249 Mode: Manual; 2011/01/14 20:15:42.0249 ================================================================================ 2011/01/14 20:15:45.0944 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/01/14 20:15:46.0124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/14 20:15:46.0255 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/14 20:15:46.0415 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/01/14 20:15:46.0545 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/14 20:15:46.0725 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/14 20:15:46.0905 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/14 20:15:47.0036 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/01/14 20:15:47.0146 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/01/14 20:15:47.0286 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/01/14 20:15:47.0436 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/01/14 20:15:47.0636 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/01/14 20:15:47.0767 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/01/14 20:15:47.0927 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/01/14 20:15:48.0067 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/01/14 20:15:48.0167 ApfiltrService (2aa99fd81693729da66e38dbc108a704) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/01/14 20:15:48.0358 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/01/14 20:15:48.0508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/14 20:15:48.0638 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/01/14 20:15:48.0708 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/01/14 20:15:48.0768 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/01/14 20:15:48.0968 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/01/14 20:15:49.0179 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/01/14 20:15:49.0269 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/14 20:15:49.0369 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/14 20:15:49.0669 ati2mtag (e7b57742d0db9d8c33e956b1f2256557) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/01/14 20:15:49.0880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/14 20:15:50.0010 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/14 20:15:50.0260 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/01/14 20:15:50.0441 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2011/01/14 20:15:50.0561 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/14 20:15:50.0781 btaudio (a59c3b28077058837bb7e6f07a8ec2ca) C:\WINDOWS\system32\drivers\btaudio.sys 2011/01/14 20:15:50.0971 BTDriver (8a3b16e145818a0136b317d4acac0890) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/01/14 20:15:51.0061 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/01/14 20:15:51.0101 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/01/14 20:15:51.0202 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/01/14 20:15:51.0362 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/01/14 20:15:51.0943 BTKRNL (a8dcd3c1081728847046fa86d9a69370) C:\WINDOWS\system32\drivers\btkrnl.sys 2011/01/14 20:15:53.0064 BTWDNDIS (b18d52e117198950ce0aeabe99700730) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/01/14 20:15:53.0235 BTWUSB (2adcad7828e9cd53ff28c59f24ce4a10) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/01/14 20:15:53.0815 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/01/14 20:15:53.0926 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/14 20:15:53.0986 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/01/14 20:15:54.0066 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/14 20:15:54.0146 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/14 20:15:54.0346 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/14 20:15:54.0627 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/14 20:15:54.0777 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/01/14 20:15:54.0937 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/14 20:15:55.0167 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/01/14 20:15:55.0418 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/01/14 20:15:55.0518 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/01/14 20:15:55.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/14 20:15:55.0928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/14 20:15:56.0159 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/14 20:15:56.0269 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/14 20:15:56.0449 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/14 20:15:56.0569 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/01/14 20:15:56.0609 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/14 20:15:56.0740 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/01/14 20:15:57.0050 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/01/14 20:15:57.0270 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/14 20:15:57.0531 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/01/14 20:15:57.0581 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/01/14 20:15:57.0871 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/14 20:15:58.0051 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/14 20:15:58.0172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/14 20:15:58.0332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/14 20:15:58.0512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/14 20:15:58.0662 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/14 20:15:58.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/14 20:15:59.0063 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/14 20:15:59.0213 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys 2011/01/14 20:15:59.0383 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/14 20:15:59.0634 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/01/14 20:15:59.0724 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/01/14 20:15:59.0804 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/01/14 20:15:59.0914 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/01/14 20:16:00.0104 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 2011/01/14 20:16:00.0215 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/01/14 20:16:00.0475 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 2011/01/14 20:16:00.0735 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/14 20:16:00.0936 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/01/14 20:16:01.0056 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/01/14 20:16:01.0266 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/14 20:16:01.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/14 20:16:01.0627 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/01/14 20:16:01.0797 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/01/14 20:16:01.0927 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/14 20:16:02.0087 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/14 20:16:02.0217 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/14 20:16:02.0348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/14 20:16:02.0568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/14 20:16:02.0738 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/14 20:16:02.0898 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/14 20:16:03.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/14 20:16:03.0249 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/14 20:16:03.0399 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/14 20:16:03.0539 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/14 20:16:04.0471 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/01/14 20:16:04.0541 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/14 20:16:04.0681 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/14 20:16:04.0761 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/14 20:16:04.0831 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/14 20:16:05.0011 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/14 20:16:05.0152 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/01/14 20:16:05.0322 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/01/14 20:16:05.0452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/14 20:16:05.0632 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/14 20:16:05.0873 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/14 20:16:06.0063 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/14 20:16:06.0223 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/14 20:16:06.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/14 20:16:06.0504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/14 20:16:06.0704 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/14 20:16:06.0854 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys 2011/01/14 20:16:06.0994 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys 2011/01/14 20:16:07.0205 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/14 20:16:07.0405 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/14 20:16:07.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/14 20:16:07.0575 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/14 20:16:07.0685 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/14 20:16:07.0785 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/14 20:16:08.0016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/14 20:16:08.0176 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/14 20:16:08.0376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/14 20:16:08.0456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/14 20:16:08.0647 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/14 20:16:08.0817 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/01/14 20:16:09.0047 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/14 20:16:09.0157 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/14 20:16:09.0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/14 20:16:09.0478 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/01/14 20:16:09.0648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/14 20:16:09.0768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/14 20:16:09.0888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/14 20:16:10.0029 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/14 20:16:10.0169 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/14 20:16:10.0349 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/01/14 20:16:10.0670 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/01/14 20:16:10.0760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/01/14 20:16:11.0080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/14 20:16:11.0230 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/14 20:16:11.0381 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/14 20:16:11.0521 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/14 20:16:11.0691 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/01/14 20:16:11.0781 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/01/14 20:16:11.0951 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/01/14 20:16:12.0102 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/01/14 20:16:12.0242 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/01/14 20:16:12.0362 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/14 20:16:12.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/14 20:16:12.0672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/14 20:16:12.0733 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/14 20:16:12.0903 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/14 20:16:13.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/14 20:16:13.0263 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/14 20:16:13.0454 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/14 20:16:13.0624 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/14 20:16:13.0904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/01/14 20:16:14.0165 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/01/14 20:16:14.0305 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/14 20:16:14.0485 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/14 20:16:14.0685 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/14 20:16:14.0956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/01/14 20:16:15.0306 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/01/14 20:16:15.0467 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/01/14 20:16:15.0647 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/01/14 20:16:15.0827 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/14 20:16:16.0107 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/14 20:16:16.0358 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/14 20:16:16.0488 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/01/14 20:16:16.0718 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/01/14 20:16:16.0869 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys 2011/01/14 20:16:17.0049 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/14 20:16:17.0189 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/14 20:16:17.0329 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/01/14 20:16:17.0469 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/01/14 20:16:17.0650 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/01/14 20:16:17.0820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/01/14 20:16:17.0940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/14 20:16:18.0210 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/14 20:16:18.0481 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/14 20:16:18.0651 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/14 20:16:18.0791 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/14 20:16:19.0012 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/01/14 20:16:19.0172 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/01/14 20:16:19.0362 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/01/14 20:16:19.0542 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys 2011/01/14 20:16:19.0733 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/01/14 20:16:19.0903 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/01/14 20:16:20.0073 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/01/14 20:16:20.0193 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/01/14 20:16:20.0384 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/01/14 20:16:20.0744 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/01/14 20:16:20.0964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/14 20:16:21.0285 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/01/14 20:16:21.0505 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/14 20:16:21.0766 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/01/14 20:16:21.0996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/14 20:16:22.0226 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/14 20:16:22.0457 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/14 20:16:22.0667 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/14 20:16:22.0837 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/14 20:16:23.0037 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/14 20:16:23.0238 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/14 20:16:23.0498 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/14 20:16:23.0718 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/01/14 20:16:23.0949 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/01/14 20:16:24.0169 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/14 20:16:24.0479 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/14 20:16:24.0670 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/01/14 20:16:24.0920 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/01/14 20:16:25.0371 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/14 20:16:25.0771 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/01/14 20:16:26.0252 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/01/14 20:16:26.0593 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/14 20:16:26.0863 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/14 20:16:27.0133 ================================================================================ 2011/01/14 20:16:27.0133 Scan finished 2011/01/14 20:16:27.0133 ================================================================================ DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Alaina at 20:18:50.37 on Fri 01/14/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.719 [GMT -6:00] AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Alaina\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {6138DD97-CAF8-42EC-98FE-2DAC32A555E1} - rundll32.exe "c:\documents and settings\alaina\application data\sun\vlsd8.dll", UnregisterDll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} ============= SERVICES / DRIVERS =============== S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] =============== Created Last 30 ================ 2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll 2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures 2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-14 18:28:43 -------- d-----w- C:\dload 2011-01-14 00:09:05 54016 ----a-w- c:\windows\system32\drivers\wntpo.sys 2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec 2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe 2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe 2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe 2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe 2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple 2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer 2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW 2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics 2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live 2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache 2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for 2010-12-18 19:37:04 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Temp 2010-12-18 19:36:56 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Google 2010-12-18 19:15:04 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2010-12-18 19:15:03 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-12-18 19:15:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-12-18 19:14:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2010-12-18 19:12:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-18 19:05:40 45568 ------w- c:\windows\system32\dllcache\wab.exe ==================== Find3M ==================== 2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8734F555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873557b0]; MOV EAX, [0x8735582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87328968] 3 CLASSPNP[0xF75AFFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x872C46F0] \Driver\atapi[0x872D6128] -> IRP_MJ_CREATE -> 0x8734F555 kernel: MBR read successfully _asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHU2100AT_______________________00000008#5&355805a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8734F39B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 20:20:48.69 ===============
  13. Early this week my fiance's laptop began acting strangely, it turns out she had been infected by the whitesmoke toolbar. Ive spent the last few days looking at fixes and decided that it would be best to ask for expert help. I'm posting these logs from my work computer because the infection has slowed the machine too much to work effectively. Here are the DDS log nad the most recent MBAM log. DDS (Ver_10-12-12.02) - NTFSx86 Run by Alaina at 17:48:56.35 on Thu 01/13/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.376 [GMT -6:00] AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe svchost.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\AOL\1240244075\ee\AOLSoftware.exe C:\Program Files\Carbonite\CarbonitePreinstaller.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\America Online 9.0a\aoltray.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Alaina\Desktop\dds.com C:\WINDOWS\system32\SearchProtocolHost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster uInternet Settings,ProxyServer = http=127.0.0.1:8075 uInternet Settings,ProxyOverride = <local> TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {6138DD97-CAF8-42EC-98FE-2DAC32A555E1} - rundll32.exe "c:\documents and settings\alaina\application data\sun\vlsd8.dll", UnregisterDll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} ============= SERVICES / DRIVERS =============== R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736] R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-24 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\symefa.sys --> c:\windows\system32\drivers\n360\0308000.029\SYMEFA.SYS [?] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\bhdrvx86.sys --> c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [?] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys --> c:\windows\system32\drivers\n360\0308000.029\ccHPx86.sys [?] S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100728.001\IDSXpx86.sys [2010-7-29 331640] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100729.002\NAVENG.SYS [2010-7-29 85424] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100729.002\NAVEX15.SYS [2010-7-29 1362608] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] =============== Created Last 30 ================ 2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec 2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe 2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe 2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe 2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe 2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client 2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-01-10 17:19:09 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{515313f8-d8d0-4a5c-89fd-81c08bff1152}\mpengine.dll 2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple 2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer 2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner 2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW 2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics 2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live 2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm 2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll 2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe 2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache 2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for 2010-12-18 19:37:04 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Temp 2010-12-18 19:36:56 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Google 2010-12-18 19:15:04 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2010-12-18 19:15:03 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-12-18 19:15:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-12-18 19:14:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2010-12-18 19:12:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-18 19:05:40 45568 ------w- c:\windows\system32\dllcache\wab.exe ==================== Find3M ==================== 2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87323555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873297b0]; MOV EAX, [0x8732982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8733D030] 3 CLASSPNP[0xF766FFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x872DAB88] \Driver\atapi[0x872F23E8] -> IRP_MJ_CREATE -> 0x87323555 kernel: MBR read successfully _asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHU2100AT_______________________00000008#5&355805a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8732339B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 17:52:28.92 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5508 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/12/2011 9:50:23 PM mbam-log-2011-01-12 (21-50-23).txt Scan type: Full scan (C:\|) Objects scanned: 284170 Time elapsed: 1 hour(s), 31 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Alaina\application data\Sun\cetw.txt (Malware.Trace) -> Quarantined and deleted successfully. Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.