Jump to content

Windows AntiVirus Pro & maybe others...


Recommended Posts

Hello,

I'm having trouble with Windows AntiVirus Pro 2010. I was able to get the task manager back, and run mbam. It found several problems, and fixed them. However, it seems to keep coming back. I keep running mbam, and it keeps finding and fixing problems...I just ran it one more time. It may have gotten everything this time, but I doubt it.

Any help would be great. Logs below:

MBAM Log:

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 3

8/31/2009 2:00:01 PM

mbam-log-2009-08-31 (14-00-01).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 179218

Time elapsed: 1 hour(s), 13 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 29

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC Antispyware 2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe (Rogue.WindowsAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP828\A0202409.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP828\A0205409.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP829\A0205426.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP829\A0206424.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP830\A0210454.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP830\A0210476.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP834\A0210707.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sarah Hough\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\AVR09.exe (Adware.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:54:20 PM, on 8/31/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email3.uncg.edu/iNotes6W.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150920326487

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Filter hijack: text/html - {8799e2df-6416-4b1b-a41a-173d26d668ac} - C:\WINDOWS\system32\mst122.dll

O20 - AppInit_DLLs: cru629.dat

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

--

End of file - 11746 bytes

Link to post
Share on other sites

Hello and welcome to the forum!

My name is Extremeboy, and I will help you with your log.

Please continue with running a scan with RootRepeal, followed by DDS, a scanner tool.

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.

  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the reportTab.png tab at the bottom.
  • Now press the btnScan.png button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    RR_checkbox.jpg
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. saveReport.png
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results soon.

    [*]Follow the instructions that pop up for posting the results and then click Ok.

    [*]The black and message box window shall then disappear.

    [*]Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Also, please provide a description of any remaining problems or symptoms you may still have please.

With Regards,

Extremeboy

Link to post
Share on other sites

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites

How's everything coming along so far?

Sorry for the delay. Here are the logs:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/08 09:48

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF761D000 Size: 57344 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF748E000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -

Status: -

Name: AegisP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys

Address: 0xF795D000 Size: 19360 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xAA2BA000 Size: 138496 File Visible: - Signed: -

Status: -

Name: APPDRV.SYS

Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

Address: 0xAA19E000 Size: 16128 File Visible: - Signed: -

Status: -

Name: arp1394.sys

Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys

Address: 0xF774D000 Size: 60800 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF7420000 Size: 96512 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7C7C000 Size: 3072 File Visible: - Signed: -

Status: -

Name: avgldx86.sys

Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys

Address: 0xAA0B7000 Size: 328576 File Visible: - Signed: -

Status: -

Name: avgmfx86.sys

Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys

Address: 0xF79A5000 Size: 21120 File Visible: - Signed: -

Status: -

Name: avgtdix.sys

Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys

Address: 0xAA304000 Size: 101888 File Visible: - Signed: -

Status: -

Name: BATTC.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS

Address: 0xF79D5000 Size: 16384 File Visible: - Signed: -

Status: -

Name: bcm4sbxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

Address: 0xF779D000 Size: 45312 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF79CD000 Size: 12288 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF68A4000 Size: 63744 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF77DD000 Size: 62976 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF75FD000 Size: 53248 File Visible: - Signed: -

Status: -

Name: CmBatt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys

Address: 0xF7A99000 Size: 13952 File Visible: - Signed: -

Status: -

Name: compbatt.sys

Image Path: compbatt.sys

Address: 0xF79D1000 Size: 10240 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF75ED000 Size: 36352 File Visible: - Signed: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF7438000 Size: 153344 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF767D000 Size: 61440 File Visible: - Signed: -

Status: -

Name: drvmcdb.sys

Image Path: drvmcdb.sys

Address: 0xF73D8000 Size: 86208 File Visible: - Signed: -

Status: -

Name: drvnddm.sys

Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys

Address: 0xAA00F000 Size: 38304 File Visible: - Signed: -

Status: -

Name: DSproct.sys

Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

Address: 0xF7B7D000 Size: 4736 File Visible: - Signed: -

Status: -

Name: dsunidrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

Address: 0xF7B11000 Size: 5376 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xA9FD7000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7B2D000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xAA166000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7B95000 Size: 4096 File Visible: - Signed: -

Status: -

Name: eeCtrl.sys

Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

Address: 0xAA108000 Size: 385024 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF76FD000 Size: 44544 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7400000 Size: 129792 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7AFD000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF745E000 Size: 125056 File Visible: - Signed: -

Status: -

Name: GEARAspiWDM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xF7AA9000 Size: 9984 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806D0000 Size: 131840 File Visible: - Signed: -

Status: -

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xF6BF4000 Size: 163840 File Visible: - Signed: -

Status: -

Name: HSF_CNXT.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

Address: 0xAA473000 Size: 717952 File Visible: - Signed: -

Status: -

Name: HSF_DPV.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

Address: 0xAA523000 Size: 1035008 File Visible: - Signed: -

Status: -

Name: HSFHWAZL.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

Address: 0xAA620000 Size: 201600 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xA8D5C000 Size: 264832 File Visible: - Signed: -

Status: -

Name: i2omgmt.SYS

Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS

Address: 0xF7A6D000 Size: 8576 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF77BD000 Size: 52480 File Visible: - Signed: -

Status: -

Name: ialmdd5.DLL

Image Path: C:\WINDOWS\System32\ialmdd5.DLL

Address: 0xBF077000 Size: 925696 File Visible: - Signed: -

Status: -

Name: ialmdev5.DLL

Image Path: C:\WINDOWS\System32\ialmdev5.DLL

Address: 0xBF042000 Size: 217088 File Visible: - Signed: -

Status: -

Name: ialmdnt5.dll

Image Path: C:\WINDOWS\System32\ialmdnt5.dll

Address: 0xBF020000 Size: 139264 File Visible: - Signed: -

Status: -

Name: ialmnt5.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

Address: 0xF6C30000 Size: 1364448 File Visible: - Signed: -

Status: -

Name: ialmrnt5.dll

Image Path: C:\WINDOWS\System32\ialmrnt5.dll

Address: 0xBF012000 Size: 57344 File Visible: - Signed: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF77CD000 Size: 42112 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xF778D000 Size: 36352 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xAA1D1000 Size: 152832 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xAA376000 Size: 75264 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF75BD000 Size: 37248 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF791D000 Size: 24576 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7ABD000 Size: 8192 File Visible: - Signed: -

Status: -

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xA8417000 Size: 172416 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xF697C000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF73C1000 Size: 92928 File Visible: - Signed: -

Status: -

Name: mdmxsdk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

Address: 0xA9A86000 Size: 11840 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7AFF000 Size: 4224 File Visible: - Signed: -

Status: -

Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF7955000 Size: 30080 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF7915000 Size: 23040 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF75CD000 Size: 42368 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xA9A8A000 Size: 180608 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xAA1F7000 Size: 455296 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF798D000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF782D000 Size: 35072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF72A8000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF72ED000 Size: 105344 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7307000 Size: 182656 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7AB1000 Size: 10112 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xAA192000 Size: 14592 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF6965000 Size: 91520 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF764D000 Size: 40576 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF76CD000 Size: 34688 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xAA2DC000 Size: 162816 File Visible: - Signed: -

Status: -

Name: nic1394.sys

Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys

Address: 0xF769D000 Size: 61824 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7995000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7334000 Size: 574976 File Visible: - Signed: -

Status: -

Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7BD5000 Size: 2944 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF760D000 Size: 61696 File Visible: - Signed: -

Status: -

Name: omci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys

Address: 0xF7945000 Size: 17088 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7845000 Size: 19712 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF747D000 Size: 68224 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7B85000 Size: 3328 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF783D000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xAA652000 Size: 147456 File Visible: - Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xF6954000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF7935000 Size: 17792 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF784D000 Size: 20000 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF7A71000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF77FD000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF780D000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF781D000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF793D000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xAA28F000 Size: 175744 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7B01000 Size: 4224 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xF6924000 Size: 196224 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF77ED000 Size: 57600 File Visible: - Signed: -

Status: -

Name: rimmptsk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

Address: 0xF790D000 Size: 28544 File Visible: - Signed: -

Status: -

Name: rimsptsk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

Address: 0xF77AD000 Size: 51328 File Visible: - Signed: -

Status: -

Name: rixdptsk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

Address: 0xF69CE000 Size: 307968 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA9890000 Size: 49152 File Visible: No Signed: -

Status: -

Name: s24trans.sys

Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys

Address: 0xA9EA3000 Size: 12544 File Visible: - Signed: -

Status: -

Name: sdbus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys

Address: 0xF6A1A000 Size: 79232 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF73EE000 Size: 73472 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xA9920000 Size: 333952 File Visible: - Signed: -

Status: -

Name: sscdbhk5.sys

Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys

Address: 0xF7AE3000 Size: 5568 File Visible: - Signed: -

Status: -

Name: ssrtln.sys

Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys

Address: 0xF7975000 Size: 23488 File Visible: - Signed: -

Status: -

Name: sthda.sys

Image Path: C:\WINDOWS\system32\drivers\sthda.sys

Address: 0xAA676000 Size: 1111840 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7AE7000 Size: 4352 File Visible: - Signed: -

Status: -

Name: symlcbrd.sys

Image Path: C:\WINDOWS\system32\drivers\symlcbrd.sys

Address: 0xF78DD000 Size: 24576 File Visible: - Signed: -

Status: -

Name: SynTP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys

Address: 0xF699F000 Size: 191872 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xA9A0A000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xAA31D000 Size: 361600 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF7925000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF763D000 Size: 40704 File Visible: - Signed: -

Status: -

Name: tfsnboio.sys

Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys

Address: 0xF78E5000 Size: 25664 File Visible: - Signed: -

Status: -

Name: tfsncofs.sys

Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys

Address: 0xA9FFF000 Size: 34784 File Visible: - Signed: -

Status: -

Name: tfsndrct.sys

Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys

Address: 0xF7CCA000 Size: 4064 File Visible: - Signed: -

Status: -

Name: tfsndres.sys

Image Path: C:\WINDOWS\system32\dla\tfsndres.sys

Address: 0xF7CC9000 Size: 2176 File Visible: - Signed: -

Status: -

Name: tfsnifs.sys

Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys

Address: 0xA9E81000 Size: 86816 File Visible: - Signed: -

Status: -

Name: tfsnopio.sys

Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys

Address: 0xA9EFB000 Size: 15008 File Visible: - Signed: -

Status: -

Name: tfsnpool.sys

Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys

Address: 0xF7B6B000 Size: 6304 File Visible: - Signed: -

Status: -

Name: tfsnudf.sys

Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys

Address: 0xA9E68000 Size: 98656 File Visible: - Signed: -

Status: -

Name: tfsnudfa.sys

Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys

Address: 0xA9E4F000 Size: 100544 File Visible: - Signed: -

Status: -

Name: tosrfbd.sys

Image Path: C:\WINDOWS\System32\Drivers\tosrfbd.sys

Address: 0xAA1B6000 Size: 108928 File Visible: - Signed: -

Status: -

Name: Tosrfhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

Address: 0xF771D000 Size: 62848 File Visible: - Signed: -

Status: -

Name: tosrfusb.sys

Image Path: C:\WINDOWS\System32\Drivers\tosrfusb.sys

Address: 0xF770D000 Size: 39936 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF6826000 Size: 384768 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7AE1000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7905000 Size: 30208 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF76BD000 Size: 59520 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF6A2E000 Size: 147456 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF78FD000 Size: 20608 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7985000 Size: 20992 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF6C1C000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF75DD000 Size: 52352 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xF773D000 Size: 34560 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF78A5000 Size: 20480 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xA986B000 Size: 83072 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7ABF000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -

Status: -

DDS (Ver_09-07-30.01) - NTFSx86

Run by Sarah Hough at 9:49:00.68 on Tue 09/08/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.416 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscript.exe

C:\Documents and Settings\Sarah Hough\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uSearch Bar =

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://email3.uncg.edu/iNotes6W.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150920326487

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Filter: text/html - {8799e2df-6416-4b1b-a41a-173d26d668ac} -

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: cru629.dat

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-7 297752]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-17 1251720]

S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]

=============== Created Last 30 ================

2009-09-01 20:26 <DIR> --d----- c:\docume~1\sarahh~1\applic~1\Office Genuine Advantage

2009-08-31 14:53 <DIR> --d----- c:\program files\Trend Micro

2009-08-31 11:47 <DIR> --d----- c:\windows\system32\scripting

2009-08-31 11:47 <DIR> --d----- c:\windows\l2schemas

2009-08-31 11:47 <DIR> --d----- c:\windows\system32\en

2009-08-31 11:47 <DIR> --d----- c:\windows\system32\bits

2009-08-31 11:01 <DIR> --dsh--- c:\documents and settings\sarah hough\PrivacIE

2009-08-31 10:49 <DIR> --dsh--- c:\documents and settings\sarah hough\IETldCache

2009-08-31 10:42 100,352 -------- c:\windows\system32\dllcache\iecompat.dll

2009-08-31 10:42 <DIR> --d----- c:\windows\ie8updates

2009-08-31 10:42 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll

2009-08-31 10:42 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

2009-08-31 10:39 <DIR> -cd-h--- c:\windows\ie8

2009-08-27 11:38 <DIR> --d----- c:\docume~1\sarahh~1\applic~1\Malwarebytes

2009-08-27 11:38 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-27 11:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-27 11:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-27 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-27 11:32 <DIR> --d----- c:\documents and settings\sarah hough\.housecall6.6

2009-08-26 18:10 <DIR> a-d----- c:\windows\system32\images

2009-08-26 18:05 18,895 a------- c:\program files\common files\ymer.bat

2009-08-26 18:05 19,635 a------- c:\windows\system32\ewupaj.vbs

2009-08-26 18:05 19,261 a------- c:\program files\common files\nuce.sys

2009-08-26 18:05 19,196 a------- c:\windows\hevikywifi.bin

2009-08-26 18:05 18,662 a------- c:\docume~1\alluse~1\applic~1\lapuwo.dll

2009-08-26 18:05 18,261 a------- c:\windows\system32\bagawaf.pif

2009-08-26 18:05 18,174 a------- c:\docume~1\sarahh~1\applic~1\inud.vbs

2009-08-26 18:05 17,555 a------- c:\windows\asucix._dl

2009-08-26 18:05 17,322 a------- c:\docume~1\sarahh~1\applic~1\bigy.exe

2009-08-26 18:05 14,355 a------- c:\windows\feqoxy.pif

2009-08-26 17:57 17,408 a------- C:\sdlb.exe

2009-08-26 17:57 74,752 a------- C:\lcbckjms.exe

2009-08-26 17:57 0 a--sh--- C:\1485676685

2009-08-21 20:04 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

2009-08-21 11:55 <DIR> --d----- C:\47829cd9ad77581cca08be5783738553

2009-08-21 11:54 <DIR> --d----- c:\windows\SxsCaPendDel

2009-08-21 03:13 <DIR> --d----- c:\windows\ServicePackFiles

2009-08-20 21:17 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx

2009-08-20 21:15 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-09-01 11:48 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-09-01 11:48 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-31 11:52 88,375 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll

2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll

2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe

2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll

2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll

2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll

2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll

2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll

2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll

2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll

2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll

2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll

2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll

2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-29 12:12 133,120 a------- c:\windows\system32\dllcache\extmgr.dll

2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll

2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll

2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll

2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll

2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll

2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll

2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll

2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys

2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 07:49 117,248 a------- c:\windows\system32\dllcache\mqtgsvc.exe

2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 07:49 19,968 a------- c:\windows\system32\dllcache\mqbkup.exe

2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-22 07:49 4,608 a------- c:\windows\system32\dllcache\mqsvc.exe

2009-06-22 07:48 91,776 a------- c:\windows\system32\dllcache\mqac.sys

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe

2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe

2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll

2006-10-02 18:27 88 ---shr-- c:\windows\system32\4BF7AAD077.sys

2007-12-01 14:00 104 ---shr-- c:\windows\system32\77D0AAF74B.sys

2007-12-01 14:00 7,518 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 9:49:47.53 ===============

Attach.zip

Link to post
Share on other sites

Hello.

Run a scan with GMER.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

  • Please download GMER from one of the following locations, and save it to your desktop:

    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click gmerRandomIcon.png or gmerDesktopIcon.png on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.

  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    gmerNoDialog.png

  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)

    [*]Click on btnScan.png and wait for the scan to finish.

    [*]If you see a rootkit warning window, click OK.

    [*]Push btnSave.png and save the logfile to your desktop.

    [*]Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Any updates will be helpful.

Thanks.

With Regards,

Extremeboy

Link to post
Share on other sites

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites

Thanks for letting me know then.

--

Since the problem appears to be resolved, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,

Extremeboy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.