Jump to content

I don't usually like to ask for help, but...


UniqueName
 Share

Recommended Posts

I'm really hoping someone can help me as I've tried so many things to fix my PC, I'm just about at the end of my rope. I have been getting browser redirects, slow running, random restarts to name a few symptoms. I run a Windows XP PC with Symantec AV, Zone Alarm (free) Spybot S&D, MalwareBytes and SuperAntiSpyware. Scan after scan they all show nothing, yet when I run an online scan from, say, Eset, it says I have a number of infections. I'm really puzzled. I update all programs weekly and also scan fully. Ready to give up.... :)

Link to post
Share on other sites

Welcome to the forum.

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change This Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

-------------------------------------------

Next:

Download ComboFix from one of these locations:

Link 1

Link 2

ComboFix Guide <---please read!

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE <-------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please let me know.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

5.Give it atleast 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

Hi MrCharlie, thanks for your prompt response. I have followed all the steps you outlined in your reply and here are the results.

2010/09/28 19:14:44.0703 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/28 19:14:44.0703 ================================================================================

2010/09/28 19:14:44.0703 SystemInfo:

2010/09/28 19:14:44.0703

2010/09/28 19:14:44.0703 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/28 19:14:44.0703 Product type: Workstation

2010/09/28 19:14:44.0703 ComputerName: 64X2

2010/09/28 19:14:44.0703 UserName: Mike

2010/09/28 19:14:44.0703 Windows directory: C:\WINDOWS

2010/09/28 19:14:44.0703 System windows directory: C:\WINDOWS

2010/09/28 19:14:44.0703 Processor architecture: Intel x86

2010/09/28 19:14:44.0703 Number of processors: 2

2010/09/28 19:14:44.0703 Page size: 0x1000

2010/09/28 19:14:44.0703 Boot type: Normal boot

2010/09/28 19:14:44.0703 ================================================================================

2010/09/28 19:14:45.0046 Initialize success

2010/09/28 19:14:56.0312 ================================================================================

2010/09/28 19:14:56.0312 Scan started

2010/09/28 19:14:56.0312 Mode: Manual;

2010/09/28 19:14:56.0312 ================================================================================

2010/09/28 19:14:56.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/28 19:14:56.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/28 19:14:56.0937 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/28 19:14:56.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/28 19:14:57.0187 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys

2010/09/28 19:14:57.0234 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/09/28 19:14:57.0265 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/28 19:14:57.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/28 19:14:57.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/28 19:14:57.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/28 19:14:57.0421 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/28 19:14:57.0468 BT848 (0e6b73f0ee463467057bbe3d456ab864) C:\WINDOWS\system32\drivers\XG4port.sys

2010/09/28 19:14:57.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/28 19:14:57.0546 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/28 19:14:57.0593 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/28 19:14:57.0625 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/28 19:14:57.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/28 19:14:57.0765 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys

2010/09/28 19:14:57.0843 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys

2010/09/28 19:14:57.0875 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

2010/09/28 19:14:57.0890 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2010/09/28 19:14:57.0937 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2010/09/28 19:14:57.0968 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys

2010/09/28 19:14:58.0046 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/28 19:14:58.0093 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/28 19:14:58.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/28 19:14:58.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/28 19:14:58.0171 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/28 19:14:58.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/28 19:14:58.0312 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/09/28 19:14:58.0359 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys

2010/09/28 19:14:58.0390 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys

2010/09/28 19:14:58.0421 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys

2010/09/28 19:14:58.0453 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/09/28 19:14:58.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/28 19:14:58.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/28 19:14:58.0546 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/28 19:14:58.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/28 19:14:58.0593 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/28 19:14:58.0625 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/28 19:14:58.0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/28 19:14:58.0671 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2010/09/28 19:14:58.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/28 19:14:58.0781 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2010/09/28 19:14:58.0828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/28 19:14:58.0875 hotcore3 (c1e89aac98e1cb224146a9ad96b4e0c5) C:\WINDOWS\system32\drivers\hotcore3.sys

2010/09/28 19:14:58.0921 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/09/28 19:14:58.0953 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/09/28 19:14:58.0984 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/09/28 19:14:59.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/28 19:14:59.0093 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/28 19:14:59.0125 ICAM5USB (0a8a464d0dfd3257b72792248b44fc93) C:\WINDOWS\system32\Drivers\Icam5USB.sys

2010/09/28 19:14:59.0171 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/28 19:14:59.0250 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/28 19:14:59.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/28 19:14:59.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/28 19:14:59.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/28 19:14:59.0375 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/28 19:14:59.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/28 19:14:59.0437 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/28 19:14:59.0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/28 19:14:59.0515 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/28 19:14:59.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/28 19:14:59.0578 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/28 19:14:59.0671 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/28 19:14:59.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/28 19:14:59.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/28 19:14:59.0734 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/28 19:14:59.0750 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/28 19:14:59.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/28 19:14:59.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/28 19:14:59.0875 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/28 19:14:59.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/28 19:14:59.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/28 19:14:59.0984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/28 19:15:00.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/28 19:15:00.0062 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/28 19:15:00.0109 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/09/28 19:15:00.0125 MtxDma0 (56eff572573e66bae3599b3c615c3853) C:\WINDOWS\system32\drivers\MtxDma0.sys

2010/09/28 19:15:00.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/28 19:15:00.0187 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/28 19:15:00.0296 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100925.003\naveng.sys

2010/09/28 19:15:00.0359 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100925.003\navex15.sys

2010/09/28 19:15:00.0421 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/28 19:15:00.0453 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/28 19:15:00.0500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/28 19:15:00.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/28 19:15:00.0546 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/28 19:15:00.0562 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/28 19:15:00.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/28 19:15:00.0640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/28 19:15:00.0687 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/28 19:15:00.0734 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/28 19:15:00.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/28 19:15:00.0984 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/28 19:15:01.0234 NVENETFD (97724affdd7a5a47c3bc07ccd1b88745) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/09/28 19:15:01.0250 nvnetbus (82c2b3a89b9edfa6287c5aba1a4e6a99) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/09/28 19:15:01.0281 NVR0Dev (9dd414590e695ea208139c23db8a5aa3) C:\WINDOWS\nvoclock.sys

2010/09/28 19:15:02.0031 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/28 19:15:02.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/28 19:15:02.0093 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys

2010/09/28 19:15:02.0125 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/28 19:15:02.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/28 19:15:02.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/28 19:15:02.0218 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/28 19:15:02.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/28 19:15:02.0296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/28 19:15:02.0328 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/09/28 19:15:02.0484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/28 19:15:02.0500 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/28 19:15:02.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/28 19:15:02.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/28 19:15:02.0562 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/28 19:15:02.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/28 19:15:02.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/28 19:15:02.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/28 19:15:02.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/28 19:15:02.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/28 19:15:02.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/28 19:15:02.0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/28 19:15:02.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/28 19:15:02.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/28 19:15:02.0968 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/09/28 19:15:02.0984 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/09/28 19:15:03.0031 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/09/28 19:15:03.0046 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/09/28 19:15:03.0093 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys

2010/09/28 19:15:03.0125 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys

2010/09/28 19:15:03.0156 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys

2010/09/28 19:15:03.0187 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys

2010/09/28 19:15:03.0203 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys

2010/09/28 19:15:03.0234 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys

2010/09/28 19:15:03.0250 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys

2010/09/28 19:15:03.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/28 19:15:03.0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/28 19:15:03.0343 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/28 19:15:03.0390 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/28 19:15:03.0437 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys

2010/09/28 19:15:03.0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/28 19:15:03.0531 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/09/28 19:15:03.0625 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/09/28 19:15:03.0671 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/28 19:15:03.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/28 19:15:03.0781 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/28 19:15:03.0828 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys

2010/09/28 19:15:03.0953 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/28 19:15:04.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/28 19:15:04.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/28 19:15:04.0093 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/09/28 19:15:04.0125 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2010/09/28 19:15:04.0156 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2010/09/28 19:15:04.0218 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/28 19:15:04.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/28 19:15:04.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/28 19:15:04.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/28 19:15:04.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/28 19:15:04.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/28 19:15:04.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/28 19:15:04.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/28 19:15:04.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/28 19:15:04.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/28 19:15:04.0578 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/28 19:15:04.0609 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/28 19:15:04.0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/28 19:15:04.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/28 19:15:04.0703 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/28 19:15:04.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/28 19:15:04.0796 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys

2010/09/28 19:15:04.0859 w810bus (5e8b60606fc4173b69cdecd964f22d28) C:\WINDOWS\system32\DRIVERS\w810bus.sys

2010/09/28 19:15:04.0890 w810mdfl (c0cc4f5a3c58b4c07ec4a82a5ae24714) C:\WINDOWS\system32\DRIVERS\w810mdfl.sys

2010/09/28 19:15:04.0921 w810mdm (2aafeedc3bfe14419cbce7ceea59dd05) C:\WINDOWS\system32\DRIVERS\w810mdm.sys

2010/09/28 19:15:04.0953 w810mgmt (b0037db3f890d0ffcf7e35f356a435ec) C:\WINDOWS\system32\DRIVERS\w810mgmt.sys

2010/09/28 19:15:04.0968 w810obex (bf609636068f17246f94b490c5812483) C:\WINDOWS\system32\DRIVERS\w810obex.sys

2010/09/28 19:15:05.0015 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/28 19:15:05.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/28 19:15:05.0140 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/09/28 19:15:05.0187 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/28 19:15:05.0218 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/28 19:15:05.0265 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/28 19:15:05.0312 ================================================================================

2010/09/28 19:15:05.0312 Scan finished

2010/09/28 19:15:05.0312 ================================================================================

2010/09/28 19:16:25.0140 Deinitialize success

ComboFix 10-09-27.05 - Mike 28/09/2010 19:24:23.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.2576 [GMT 1:00]

Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Mike\Application Data\inst.exe

c:\windows\system32\STEC3.sys

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_STEC3

-------\Service_STEC3

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))

.

2010-09-28 06:36 . 2010-09-28 06:36 -------- d-----w- c:\program files\ESET

2010-09-27 19:47 . 2010-05-07 15:49 524288 ----a-w- c:\windows\1206.BIN

2010-09-27 19:47 . 2010-09-27 19:47 385718 ----a-w- c:\windows\1206.zip

2010-09-27 19:45 . 2010-09-27 19:46 102400 ----a-w- c:\windows\AwdSLP.exe

2010-09-27 19:44 . 2007-12-20 15:53 524288 ----a-w- c:\windows\1203.BIN

2010-09-27 19:43 . 2010-09-27 19:44 382790 ----a-w- c:\windows\1203.zip

2010-09-27 19:20 . 2010-09-27 19:20 -------- d-----r- c:\windows\AsDmiHtm

2010-09-27 19:02 . 2006-01-10 08:50 24576 ----a-r- c:\windows\system32\AsIO.dll

2010-09-27 19:02 . 2005-12-22 02:22 5685 ----a-r- c:\windows\system32\drivers\AsIO.sys

2010-09-27 19:02 . 2010-09-27 19:20 -------- d-----w- c:\program files\ASUS

2010-09-27 19:02 . 2004-09-07 10:41 5120 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys

2010-09-27 19:02 . 2004-03-10 13:31 3328 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys

2010-09-25 12:19 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll

2010-09-25 12:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-09-25 12:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2010-09-25 12:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

2010-09-25 12:19 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-09-19 21:09 . 2007-03-07 12:27 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2010-09-19 21:09 . 2007-03-07 12:27 247824 ----a-w- c:\windows\system32\prgiso.dll

2010-09-19 21:09 . 2007-03-07 12:27 4245008 ----a-w- c:\windows\system32\qtp-mt334.dll

2010-09-19 21:09 . 2010-09-19 21:09 -------- d-----w- c:\program files\Paragon Software

2010-09-14 19:31 . 2010-09-14 19:31 -------- d-----w- c:\program files\Smart Projects

2010-09-14 18:19 . 2010-09-14 19:08 -------- d-----w- C:\xpsp3

2010-09-14 18:18 . 2010-09-14 19:12 -------- d-----w- C:\winxpcd

2010-09-12 17:48 . 2010-09-12 17:48 -------- d-----w- c:\documents and settings\Mike\Application Data\Imagenomic

2010-09-09 20:43 . 2010-09-09 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Panasonic

2010-09-09 06:47 . 2010-09-09 06:47 -------- d-----w- c:\program files\Common Files\Panasonic

2010-09-09 06:47 . 2010-09-09 06:47 -------- d-----w- c:\program files\Panasonic

2010-09-09 06:47 . 2010-09-09 06:47 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-09-09 06:47 . 2010-09-09 06:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-08-29 20:01 . 2010-08-29 20:01 -------- d-----w- c:\program files\Sophos

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-28 18:33 . 2007-11-23 18:37 -------- d-----w- c:\program files\Symantec AntiVirus

2010-09-28 18:28 . 2009-08-01 20:40 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000002-80641102}.dat

2010-09-28 18:28 . 2009-08-01 20:40 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000002-80641102}.dat

2010-09-27 19:39 . 2007-11-22 19:41 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-26 15:16 . 2010-08-20 20:07 63488 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-26 15:16 . 2010-08-20 20:07 117760 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-25 12:19 . 2010-03-20 18:37 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-09-18 09:13 . 2007-11-23 18:37 -------- d-----w- c:\program files\Symantec

2010-09-18 09:13 . 2010-09-18 09:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-09-18 09:13 . 2010-09-18 09:13 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-09-18 09:13 . 2007-11-23 18:37 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-09-18 09:13 . 2007-11-23 18:37 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-09-18 09:13 . 2007-11-23 18:37 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-09-14 23:38 . 2008-02-10 07:55 5775003 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-09 06:50 . 2007-11-22 19:31 63552 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-09 06:50 . 2010-09-09 06:50 -------- d-----w- c:\documents and settings\Mike\Application Data\InstallShield

2010-09-03 20:35 . 2010-08-22 19:11 -------- d-----w- c:\program files\RapidShareManager

2010-08-30 10:11 . 2008-04-05 11:44 -------- d-----w- c:\program files\Pinnacle

2010-08-30 10:10 . 2008-02-02 16:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-30 10:08 . 2008-02-10 13:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-08-30 10:08 . 2008-02-10 13:36 -------- d-----w- c:\program files\Lavasoft

2010-08-29 15:52 . 2010-08-29 15:51 -------- d-----w- c:\program files\iCare Data Recovery

2010-08-29 14:56 . 2010-08-27 18:18 -------- d-----w- c:\program files\Styler

2010-08-29 14:56 . 2010-08-29 14:56 -------- d-----w- c:\documents and settings\Mike\Application Data\Styler

2010-08-28 11:28 . 2010-08-28 11:28 -------- d-----w- c:\program files\OO Software

2010-08-28 09:14 . 2010-08-28 09:14 -------- d-----w- c:\program files\Recuva

2010-08-27 19:07 . 2007-11-24 13:22 -------- d-----w- c:\documents and settings\Mike\Application Data\IconTweaker

2010-08-27 19:07 . 2007-11-24 13:22 -------- d-----w- c:\program files\IconTweaker

2010-08-27 19:07 . 2007-11-24 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker

2010-08-27 18:18 . 2010-08-27 18:18 15086 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-08-27 18:18 . 2010-08-27 18:18 15086 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-08-27 18:12 . 2004-08-03 23:56 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-08-22 18:46 . 2010-08-22 18:46 -------- d-----w- c:\documents and settings\Mike\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

2010-08-22 18:46 . 2010-08-22 18:46 -------- d-----w- c:\program files\BBC iPlayer Desktop

2010-08-22 18:46 . 2010-08-22 18:46 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-22 18:45 . 2010-08-22 18:46 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-20 20:07 . 2010-08-20 20:07 52224 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-20 20:07 . 2010-08-20 20:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-20 20:07 . 2010-08-20 20:07 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com

2010-08-20 20:07 . 2010-08-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-17 13:17 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-15 21:42 . 2008-02-17 14:38 -------- d-----w- c:\program files\Java

2010-08-15 21:42 . 2008-02-17 14:37 -------- d-----w- c:\program files\Common Files\Java

2010-08-15 21:25 . 2010-08-15 21:25 503808 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-611c4395-n\msvcp71.dll

2010-08-15 21:25 . 2010-08-15 21:25 499712 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-611c4395-n\jmc.dll

2010-08-15 21:25 . 2010-08-15 21:25 348160 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-611c4395-n\msvcr71.dll

2010-08-15 21:25 . 2010-08-15 21:25 61440 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a6e6906-n\decora-sse.dll

2010-08-15 21:25 . 2010-08-15 21:25 12800 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a6e6906-n\decora-d3d.dll

2010-08-15 21:24 . 2010-08-15 21:24 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-11 20:41 . 2010-08-11 20:41 -------- d-----w- c:\program files\Mio Technology

2010-07-27 14:07 . 2010-08-04 19:55 8704 ----a-w- c:\windows\Internet Logs\xDBDD.tmp

2010-07-27 14:05 . 2010-07-27 14:07 161792 ----a-w- c:\windows\Internet Logs\xDBDC.tmp

2010-07-22 15:49 . 2004-08-03 23:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-15 22:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-05 14:35 . 2010-07-05 18:41 74752 ----a-w- c:\windows\Internet Logs\xDBDB.tmp

2010-07-02 08:31 . 2007-11-18 09:41 4212 ---ha-w- c:\windows\system32\zllictbl.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

"Vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]

"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Mike\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\Mike\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-8-27 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2006-1-31 385024]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk

backup=c:\windows\pss\broadband medic.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Mike\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-03-25 20:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2001-11-07 16:45 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_157105312]

2007-05-21 04:00 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

2003-12-30 10:40 380928 ----a-w- c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2006-11-24 01:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe

"L08AXLRD_161984"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Capturix Dynamic IP Service"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [19/09/2010 22:09 38448]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [18/06/2010 20:00 102448]

S2 BT848;Trust,814 PCI SURVEILLANCE INTERFACE-WDM-Video;c:\windows\system32\drivers\XG4port.sys [19/05/2004 11:13 204202]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [20/12/2006 19:29 116928]

S4 Asbsnapsuq;Asbsnapsuq; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = 127.0.0.1

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

TCP: {F7F5A973-EA56-455C-8751-CF81E3038376} = 194.168.8.100,194.168.4.100

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\2nxslfjj.default\

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-28 19:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\26.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2440)

c:\windows\system32\WININET.dll

c:\program files\Styler\StylerHelper.dll

c:\program files\Dropbox\DropboxExt.dll

c:\windows\system32\ctagent.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\CTHELPER.EXE

c:\windows\system32\nvsvc32.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Styler\Styler.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2010-09-28 19:35:53 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-28 18:35

Pre-Run: 55,185,039,360 bytes free

Post-Run: 55,126,929,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=4 LastKnownGood=6 Sets=1,2,3,4,6

- - End Of File - - 0A086150D0F88756529C52801CD86C1F

Link to post
Share on other sites

Any improvement?

-----------------------------------

Do you happen to know what these files are:

2010-09-27 19:47 . 2010-05-07 15:49 524288 ----a-w- c:\windows\1206.BIN

2010-09-27 19:47 . 2010-09-27 19:47 385718 ----a-w- c:\windows\1206.zip

2010-09-27 19:45 . 2010-09-27 19:46 102400 ----a-w- c:\windows\AwdSLP.exe

2010-09-27 19:44 . 2007-12-20 15:53 524288 ----a-w- c:\windows\1203.BIN

2010-09-27 19:43 . 2010-09-27 19:44 382790 ----a-w- c:\windows\1203.zip

MrC

Link to post
Share on other sites

Hi, yes, I know what the files are. Because the PC was randomly restarting, I thought it may be a hardware issue. I have an ASUS board with a BIOS update feature from within Windows. I ran this yesterday. It also supplies alot more information (hardware based) but everything appears to be functioning normally. Earlier today I ran an Eset online scan and it showed I had the W32/toolbar.mywebsearch and variants. I was wondering how given the amount of protection the machine has? One last thing, sorry, can you shed any light as to what the files are that ComboFix quarantined? Many thanks in advance.

Link to post
Share on other sites

OK, when you're satisfied that everything is OK..........

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.