Jump to content

Computer infected, not sure with what


Recommended Posts

Early this week my fiance's laptop began acting strangely, it turns out she had been infected by the whitesmoke toolbar. Ive spent the last few days looking at fixes and decided that it would be best to ask for expert help. I'm posting these logs from my work computer because the infection has slowed the machine too much to work effectively. Here are the DDS log nad the most recent MBAM log.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Alaina at 17:48:56.35 on Thu 01/13/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.376 [GMT -6:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

svchost.exe

C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\AOL\1240244075\ee\AOLSoftware.exe

C:\Program Files\Carbonite\CarbonitePreinstaller.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Dell\Bluetooth Software\BTTray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Alaina\Desktop\dds.com

C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {6138DD97-CAF8-42EC-98FE-2DAC32A555E1} - rundll32.exe "c:\documents and settings\alaina\application data\sun\vlsd8.dll", UnregisterDll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-24 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\symefa.sys --> c:\windows\system32\drivers\n360\0308000.029\SYMEFA.SYS [?]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\bhdrvx86.sys --> c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [?]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys --> c:\windows\system32\drivers\n360\0308000.029\ccHPx86.sys [?]

S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100728.001\IDSXpx86.sys [2010-7-29 331640]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100729.002\NAVENG.SYS [2010-7-29 85424]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100729.002\NAVEX15.SYS [2010-7-29 1362608]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

=============== Created Last 30 ================

2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec

2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe

2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe

2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe

2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe

2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2011-01-10 17:19:09 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{515313f8-d8d0-4a5c-89fd-81c08bff1152}\mpengine.dll

2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple

2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer

2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW

2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics

2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live

2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache

2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for

2010-12-18 19:37:04 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Temp

2010-12-18 19:36:56 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Google

2010-12-18 19:15:04 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-12-18 19:15:03 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-12-18 19:15:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-18 19:14:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2010-12-18 19:12:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-18 19:05:40 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87323555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873297b0]; MOV EAX, [0x8732982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8733D030]

3 CLASSPNP[0xF766FFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x872DAB88]

\Driver\atapi[0x872F23E8] -> IRP_MJ_CREATE -> 0x87323555

kernel: MBR read successfully

_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHU2100AT_______________________00000008#5&355805a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8732339B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 17:52:28.92 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5508

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/12/2011 9:50:23 PM

mbam-log-2011-01-12 (21-50-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 284170

Time elapsed: 1 hour(s), 31 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Alaina\application data\Sun\cetw.txt (Malware.Trace) -> Quarantined and deleted successfully.

Attach.zip

Link to post
Share on other sites

Hello Ironicus! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hello Ironicus! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Thank you for your help. Only viewpoint media player was present on the add/remove programs list so I removed it. TDSSKiller didn't find anything in its scan. Here are the new logs you requested:

2011/01/14 20:15:39.0645 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41

2011/01/14 20:15:39.0645 ================================================================================

2011/01/14 20:15:39.0645 SystemInfo:

2011/01/14 20:15:39.0645

2011/01/14 20:15:39.0645 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/14 20:15:39.0645 Product type: Workstation

2011/01/14 20:15:39.0645 ComputerName: ANDZELEWSKI

2011/01/14 20:15:39.0645 UserName: Alaina

2011/01/14 20:15:39.0645 Windows directory: C:\WINDOWS

2011/01/14 20:15:39.0645 System windows directory: C:\WINDOWS

2011/01/14 20:15:39.0645 Processor architecture: Intel x86

2011/01/14 20:15:39.0645 Number of processors: 1

2011/01/14 20:15:39.0645 Page size: 0x1000

2011/01/14 20:15:39.0645 Boot type: Safe boot with network

2011/01/14 20:15:39.0645 ================================================================================

2011/01/14 20:15:40.0076 Initialize success

2011/01/14 20:15:42.0249 ================================================================================

2011/01/14 20:15:42.0249 Scan started

2011/01/14 20:15:42.0249 Mode: Manual;

2011/01/14 20:15:42.0249 ================================================================================

2011/01/14 20:15:45.0944 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/14 20:15:46.0124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/14 20:15:46.0255 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/14 20:15:46.0415 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/14 20:15:46.0545 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/14 20:15:46.0725 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/14 20:15:46.0905 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/14 20:15:47.0036 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/14 20:15:47.0146 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/14 20:15:47.0286 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/14 20:15:47.0436 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/14 20:15:47.0636 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/14 20:15:47.0767 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/14 20:15:47.0927 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/14 20:15:48.0067 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/14 20:15:48.0167 ApfiltrService (2aa99fd81693729da66e38dbc108a704) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/14 20:15:48.0358 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/01/14 20:15:48.0508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/14 20:15:48.0638 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/14 20:15:48.0708 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/14 20:15:48.0768 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/14 20:15:48.0968 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/01/14 20:15:49.0179 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/01/14 20:15:49.0269 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/14 20:15:49.0369 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/14 20:15:49.0669 ati2mtag (e7b57742d0db9d8c33e956b1f2256557) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/14 20:15:49.0880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/14 20:15:50.0010 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/14 20:15:50.0260 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/01/14 20:15:50.0441 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/01/14 20:15:50.0561 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/14 20:15:50.0781 btaudio (a59c3b28077058837bb7e6f07a8ec2ca) C:\WINDOWS\system32\drivers\btaudio.sys

2011/01/14 20:15:50.0971 BTDriver (8a3b16e145818a0136b317d4acac0890) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/01/14 20:15:51.0061 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/01/14 20:15:51.0101 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/01/14 20:15:51.0202 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2011/01/14 20:15:51.0362 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/01/14 20:15:51.0943 BTKRNL (a8dcd3c1081728847046fa86d9a69370) C:\WINDOWS\system32\drivers\btkrnl.sys

2011/01/14 20:15:53.0064 BTWDNDIS (b18d52e117198950ce0aeabe99700730) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/01/14 20:15:53.0235 BTWUSB (2adcad7828e9cd53ff28c59f24ce4a10) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/01/14 20:15:53.0815 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/14 20:15:53.0926 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/14 20:15:53.0986 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/14 20:15:54.0066 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/14 20:15:54.0146 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/14 20:15:54.0346 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/14 20:15:54.0627 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/14 20:15:54.0777 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/14 20:15:54.0937 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/14 20:15:55.0167 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/14 20:15:55.0418 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/14 20:15:55.0518 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/14 20:15:55.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/14 20:15:55.0928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/14 20:15:56.0159 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/14 20:15:56.0269 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/14 20:15:56.0449 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/14 20:15:56.0569 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/14 20:15:56.0609 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/14 20:15:56.0740 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/01/14 20:15:57.0050 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/01/14 20:15:57.0270 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/14 20:15:57.0531 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/01/14 20:15:57.0581 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/01/14 20:15:57.0871 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/14 20:15:58.0051 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/14 20:15:58.0172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/14 20:15:58.0332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/14 20:15:58.0512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/14 20:15:58.0662 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/14 20:15:58.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/14 20:15:59.0063 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/14 20:15:59.0213 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys

2011/01/14 20:15:59.0383 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/14 20:15:59.0634 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/14 20:15:59.0724 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/14 20:15:59.0804 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/14 20:15:59.0914 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/14 20:16:00.0104 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

2011/01/14 20:16:00.0215 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/01/14 20:16:00.0475 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

2011/01/14 20:16:00.0735 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/14 20:16:00.0936 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/14 20:16:01.0056 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/14 20:16:01.0266 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/14 20:16:01.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/14 20:16:01.0627 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/14 20:16:01.0797 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/14 20:16:01.0927 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/14 20:16:02.0087 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/14 20:16:02.0217 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/14 20:16:02.0348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/14 20:16:02.0568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/14 20:16:02.0738 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/14 20:16:02.0898 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/14 20:16:03.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/14 20:16:03.0249 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/14 20:16:03.0399 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/14 20:16:03.0539 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/14 20:16:04.0471 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/14 20:16:04.0541 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/14 20:16:04.0681 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/14 20:16:04.0761 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/14 20:16:04.0831 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/14 20:16:05.0011 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/14 20:16:05.0152 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/01/14 20:16:05.0322 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/14 20:16:05.0452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/14 20:16:05.0632 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/14 20:16:05.0873 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/14 20:16:06.0063 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/14 20:16:06.0223 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/14 20:16:06.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/14 20:16:06.0504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/14 20:16:06.0704 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/14 20:16:06.0854 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys

2011/01/14 20:16:06.0994 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

2011/01/14 20:16:07.0205 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/14 20:16:07.0405 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/14 20:16:07.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/14 20:16:07.0575 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/14 20:16:07.0685 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/14 20:16:07.0785 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/14 20:16:08.0016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/14 20:16:08.0176 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/14 20:16:08.0376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/14 20:16:08.0456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/14 20:16:08.0647 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/14 20:16:08.0817 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/14 20:16:09.0047 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/14 20:16:09.0157 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/14 20:16:09.0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/14 20:16:09.0478 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/01/14 20:16:09.0648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/14 20:16:09.0768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/14 20:16:09.0888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/14 20:16:10.0029 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/14 20:16:10.0169 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/14 20:16:10.0349 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/14 20:16:10.0670 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/14 20:16:10.0760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/14 20:16:11.0080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/14 20:16:11.0230 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/14 20:16:11.0381 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/14 20:16:11.0521 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/14 20:16:11.0691 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/14 20:16:11.0781 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/14 20:16:11.0951 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/14 20:16:12.0102 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/14 20:16:12.0242 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/14 20:16:12.0362 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/14 20:16:12.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/14 20:16:12.0672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/14 20:16:12.0733 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/14 20:16:12.0903 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/14 20:16:13.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/14 20:16:13.0263 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/14 20:16:13.0454 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/14 20:16:13.0624 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/14 20:16:13.0904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/01/14 20:16:14.0165 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/01/14 20:16:14.0305 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/14 20:16:14.0485 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/14 20:16:14.0685 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/14 20:16:14.0956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/01/14 20:16:15.0306 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/14 20:16:15.0467 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/01/14 20:16:15.0647 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/14 20:16:15.0827 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/14 20:16:16.0107 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/14 20:16:16.0358 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/14 20:16:16.0488 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/01/14 20:16:16.0718 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/01/14 20:16:16.0869 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

2011/01/14 20:16:17.0049 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/14 20:16:17.0189 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/14 20:16:17.0329 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/14 20:16:17.0469 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/14 20:16:17.0650 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/14 20:16:17.0820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/14 20:16:17.0940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/14 20:16:18.0210 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/14 20:16:18.0481 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/14 20:16:18.0651 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/14 20:16:18.0791 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/14 20:16:19.0012 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/01/14 20:16:19.0172 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/01/14 20:16:19.0362 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/01/14 20:16:19.0542 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys

2011/01/14 20:16:19.0733 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/01/14 20:16:19.0903 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/01/14 20:16:20.0073 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/01/14 20:16:20.0193 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/01/14 20:16:20.0384 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/01/14 20:16:20.0744 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/14 20:16:20.0964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/14 20:16:21.0285 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/14 20:16:21.0505 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/14 20:16:21.0766 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/14 20:16:21.0996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/14 20:16:22.0226 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/14 20:16:22.0457 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/14 20:16:22.0667 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/14 20:16:22.0837 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/14 20:16:23.0037 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/14 20:16:23.0238 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/14 20:16:23.0498 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/14 20:16:23.0718 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/14 20:16:23.0949 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/14 20:16:24.0169 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/14 20:16:24.0479 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/14 20:16:24.0670 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/01/14 20:16:24.0920 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/01/14 20:16:25.0371 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/14 20:16:25.0771 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/01/14 20:16:26.0252 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/01/14 20:16:26.0593 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/14 20:16:26.0863 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/14 20:16:27.0133 ================================================================================

2011/01/14 20:16:27.0133 Scan finished

2011/01/14 20:16:27.0133 ================================================================================

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Alaina at 20:18:50.37 on Fri 01/14/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.719 [GMT -6:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alaina\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {6138DD97-CAF8-42EC-98FE-2DAC32A555E1} - rundll32.exe "c:\documents and settings\alaina\application data\sun\vlsd8.dll", UnregisterDll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

============= SERVICES / DRIVERS ===============

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

=============== Created Last 30 ================

2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll

2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures

2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-14 18:28:43 -------- d-----w- C:\dload

2011-01-14 00:09:05 54016 ----a-w- c:\windows\system32\drivers\wntpo.sys

2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec

2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe

2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe

2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe

2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe

2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple

2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer

2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW

2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics

2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live

2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache

2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for

2010-12-18 19:37:04 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Temp

2010-12-18 19:36:56 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Google

2010-12-18 19:15:04 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-12-18 19:15:03 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-12-18 19:15:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-18 19:14:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2010-12-18 19:12:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-18 19:05:40 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8734F555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873557b0]; MOV EAX, [0x8735582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87328968]

3 CLASSPNP[0xF75AFFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x872C46F0]

\Driver\atapi[0x872D6128] -> IRP_MJ_CREATE -> 0x8734F555

kernel: MBR read successfully

_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHU2100AT_______________________00000008#5&355805a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8734F39B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 20:20:48.69 ===============

Link to post
Share on other sites

Interesting... TDSSKiller should detected it.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

AFsAKgBd-Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Interesting... TDSSKiller should detected it.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

AFsAKgBd-Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Here's the combofix log:

ComboFix 11-01-15.01 - Alaina 01/16/2011 10:57:54.3.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.709 [GMT -6:00]

Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Alaina\Application Data\Sun\mxd1.txt

c:\documents and settings\Alaina\Application Data\Sun\vlsd8.dll

c:\windows\system32\6to4ex.dll

c:\windows\system32\Drivers\wntpo.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))

.

2011-01-15 02:01 . 2011-01-15 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-15 01:54 . 2011-01-15 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-14 19:02 . 2010-11-16 18:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47261E04-880B-43D1-A4A4-6FDB8E1678C3}\mpengine.dll

2011-01-14 18:33 . 2011-01-14 18:33 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures

2011-01-14 18:33 . 2011-01-14 18:36 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-14 18:28 . 2011-01-14 18:28 -------- d-----w- C:\dload

2011-01-12 00:58 . 2011-01-12 13:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-01-12 00:25 . 2011-01-12 00:25 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Symantec

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime

2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer

2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW

2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics

2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live

2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache

2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for

2010-12-18 19:37 . 2011-01-16 17:13 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Temp

2010-12-18 19:36 . 2010-12-18 19:38 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Google

2010-12-18 19:15 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-12-18 19:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-12-18 19:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-18 19:14 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2010-12-18 19:12 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-18 19:05 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys

2010-10-19 16:41 . 2010-04-29 22:45 222080 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]

"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Irene\Start Menu\Programs\Startup\

Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953]

BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]

--- Other Services/Drivers In Memory ---

*Deregistered* - eeCtrl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

.

- - - - ORPHANS REMOVED - - - -

HKLM_ActiveSetup-{6138DD97-CAF8-42EC-98FE-2DAC32A555E1} - c:\documents and settings\Alaina\Application Data\Sun\vlsd8.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-16 11:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(980)

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5340)

c:\windows\system32\WININET.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\Ati2evxx.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\program files\Dell\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\SearchIndexer.exe

c:\program files\Zune\ZuneNss.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\SearchProtocolHost.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-01-16 11:31:21 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-16 17:31

ComboFix2.txt 2011-01-12 23:54

ComboFix3.txt 2011-01-12 00:53

Pre-Run: 63,853,772,800 bytes free

Post-Run: 62,481,661,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - A4C83A29141F8AAD5B177EB4E263BF12

Link to post
Share on other sites

Before we go:

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Microsoft Security Essentials , so please uninstall Norton 360 .

Step 2

I saw in your log file leftovers from AVG. Please download and run this AVG uninstaller:

http://download.avg.com/filedir/util/suppo...6_2011_1184.exe

Then locate the following folder:

c:\documents and settings\All Users\Application Data\AVG10

If is still there, please manually delete it.

Finally, post a new fresh DDS log file.

Link to post
Share on other sites

Before we go:

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Microsoft Security Essentials , so please uninstall Norton 360 .

Step 2

I saw in your log file leftovers from AVG. Please download and run this AVG uninstaller:

http://download.avg.com/filedir/util/suppo...6_2011_1184.exe

Then locate the following folder:

c:\documents and settings\All Users\Application Data\AVG10

If is still there, please manually delete it.

Finally, post a new fresh DDS log file.

I uninstalled Norton and ran the AVG uninstaller. Here is the new DDS log:

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Alaina at 16:32:18.85 on Sun 01/16/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.502 [GMT -6:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Alaina\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

============= SERVICES / DRIVERS ===============

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

=============== Created Last 30 ================

2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons

2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix

2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll

2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures

2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-14 18:28:43 -------- d-----w- C:\dload

2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec

2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe

2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe

2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe

2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe

2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple

2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer

2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW

2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics

2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live

2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache

2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for

2010-12-18 19:37:04 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Temp

2010-12-18 19:36:56 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Google

2010-12-18 19:15:04 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-12-18 19:15:03 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-12-18 19:15:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-18 19:14:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2010-12-18 19:12:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-18 19:05:40 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87317555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8731d7b0]; MOV EAX, [0x8731d82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8732F030]

3 CLASSPNP[0xF75AFFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x872BB920]

\Driver\atapi[0x872D3230] -> IRP_MJ_CREATE -> 0x87317555

kernel: MBR read successfully

_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHU2100AT_______________________00000008#5&355805a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8731739B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 16:35:09.26 ===============

Link to post
Share on other sites

Okay, thanks!

I wondering why TDSSKiller not working in your case and I saw that you do not follow my instructions. Your version of TDSSKiller is old, so you used your copy which was old version. That's bad! Please manually delete your copy and let's try again:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on on it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Okay, thanks!

I wondering why TDSSKiller not working in your case and I saw that you do not follow my instructions. Your version of TDSSKiller is old, so you used your copy which was old version. That's bad! Please manually delete your copy and let's try again:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on on it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

That explains it. Thank you. I'll take care of that once I get out of work this afternoon. Thank you for being so patient and helpful.

Link to post
Share on other sites

Okay, thanks!

I wondering why TDSSKiller not working in your case and I saw that you do not follow my instructions. Your version of TDSSKiller is old, so you used your copy which was old version. That's bad! Please manually delete your copy and let's try again:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on on it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Using the latest version did help, thank you. Here's the new log:

2011/01/17 17:58:20.0244 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11

2011/01/17 17:58:20.0244 ================================================================================

2011/01/17 17:58:20.0244 SystemInfo:

2011/01/17 17:58:20.0244

2011/01/17 17:58:20.0244 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/17 17:58:20.0244 Product type: Workstation

2011/01/17 17:58:20.0244 ComputerName: ANDZELEWSKI

2011/01/17 17:58:20.0244 UserName: Alaina

2011/01/17 17:58:20.0244 Windows directory: C:\WINDOWS

2011/01/17 17:58:20.0244 System windows directory: C:\WINDOWS

2011/01/17 17:58:20.0244 Processor architecture: Intel x86

2011/01/17 17:58:20.0244 Number of processors: 1

2011/01/17 17:58:20.0244 Page size: 0x1000

2011/01/17 17:58:20.0244 Boot type: Safe boot with network

2011/01/17 17:58:20.0244 ================================================================================

2011/01/17 17:58:20.0695 Initialize success

2011/01/17 17:58:23.0859 ================================================================================

2011/01/17 17:58:23.0859 Scan started

2011/01/17 17:58:23.0859 Mode: Manual;

2011/01/17 17:58:23.0859 ================================================================================

2011/01/17 17:58:26.0233 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/17 17:58:26.0473 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/17 17:58:26.0643 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/17 17:58:26.0854 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/17 17:58:27.0014 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/17 17:58:27.0254 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/17 17:58:27.0485 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/17 17:58:27.0645 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/17 17:58:27.0795 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/17 17:58:27.0975 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/17 17:58:28.0226 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/17 17:58:28.0436 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/17 17:58:28.0586 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/17 17:58:28.0746 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/17 17:58:28.0927 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/17 17:58:29.0107 ApfiltrService (2aa99fd81693729da66e38dbc108a704) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/17 17:58:29.0327 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/01/17 17:58:29.0518 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/17 17:58:29.0658 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/17 17:58:29.0758 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/17 17:58:29.0848 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/17 17:58:29.0968 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/01/17 17:58:30.0249 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/01/17 17:58:30.0559 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/17 17:58:30.0739 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/17 17:58:30.0970 ati2mtag (e7b57742d0db9d8c33e956b1f2256557) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/17 17:58:31.0120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/17 17:58:31.0410 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/17 17:58:31.0621 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/01/17 17:58:31.0731 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/01/17 17:58:31.0891 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/17 17:58:32.0151 btaudio (a59c3b28077058837bb7e6f07a8ec2ca) C:\WINDOWS\system32\drivers\btaudio.sys

2011/01/17 17:58:32.0362 BTDriver (8a3b16e145818a0136b317d4acac0890) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/01/17 17:58:32.0452 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/01/17 17:58:32.0542 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/01/17 17:58:32.0672 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2011/01/17 17:58:32.0812 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/01/17 17:58:33.0123 BTKRNL (a8dcd3c1081728847046fa86d9a69370) C:\WINDOWS\system32\drivers\btkrnl.sys

2011/01/17 17:58:33.0503 BTWDNDIS (b18d52e117198950ce0aeabe99700730) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/01/17 17:58:33.0654 BTWUSB (2adcad7828e9cd53ff28c59f24ce4a10) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/01/17 17:58:33.0984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/17 17:58:34.0164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/17 17:58:34.0294 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/17 17:58:34.0535 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/17 17:58:34.0825 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/17 17:58:35.0506 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/17 17:58:37.0078 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/17 17:58:37.0820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/17 17:58:38.0430 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/17 17:58:39.0292 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/17 17:58:40.0433 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/17 17:58:41.0515 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/17 17:58:42.0666 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/17 17:58:43.0438 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/17 17:58:44.0429 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/17 17:58:45.0450 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/17 17:58:46.0121 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/17 17:58:46.0792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/17 17:58:47.0273 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/17 17:58:47.0934 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/01/17 17:58:48.0495 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/01/17 17:58:49.0076 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/01/17 17:58:49.0857 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/17 17:58:50.0498 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/17 17:58:51.0179 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/17 17:58:52.0210 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/17 17:58:53.0943 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/17 17:58:54.0924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/17 17:58:55.0946 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/17 17:58:56.0576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/17 17:58:57.0498 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys

2011/01/17 17:58:57.0738 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/17 17:58:58.0329 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/17 17:58:58.0639 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/17 17:58:58.0990 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/17 17:58:59.0280 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/17 17:58:59.0851 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

2011/01/17 17:59:00.0712 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/01/17 17:59:01.0664 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

2011/01/17 17:59:02.0535 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/17 17:59:03.0106 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/17 17:59:03.0727 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/17 17:59:04.0298 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/17 17:59:05.0019 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/17 17:59:05.0519 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/17 17:59:06.0140 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/17 17:59:06.0691 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/17 17:59:07.0182 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/17 17:59:07.0702 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/17 17:59:08.0363 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/17 17:59:09.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/17 17:59:09.0836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/17 17:59:10.0927 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/17 17:59:11.0518 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/17 17:59:11.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/17 17:59:12.0279 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/17 17:59:12.0880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/17 17:59:13.0841 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/17 17:59:14.0342 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/17 17:59:14.0833 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/17 17:59:15.0193 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/17 17:59:15.0734 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/17 17:59:16.0255 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/17 17:59:16.0906 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/01/17 17:59:17.0537 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/17 17:59:18.0117 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/17 17:59:19.0009 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/17 17:59:20.0010 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/17 17:59:20.0881 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/17 17:59:21.0542 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/17 17:59:22.0113 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/17 17:59:22.0684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/17 17:59:23.0465 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/17 17:59:24.0096 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys

2011/01/17 17:59:24.0577 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

2011/01/17 17:59:25.0308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/17 17:59:26.0530 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/17 17:59:26.0750 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/17 17:59:27.0231 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/17 17:59:27.0491 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/17 17:59:27.0972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/17 17:59:28.0683 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/17 17:59:29.0404 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/17 17:59:30.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/17 17:59:30.0676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/17 17:59:31.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/17 17:59:32.0288 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/17 17:59:33.0710 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/17 17:59:34.0161 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/17 17:59:34.0831 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/17 17:59:35.0422 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/01/17 17:59:36.0063 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/17 17:59:37.0085 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/17 17:59:37.0615 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/17 17:59:37.0986 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/17 17:59:38.0617 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/17 17:59:39.0378 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/17 17:59:40.0980 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/17 17:59:41.0972 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/17 17:59:42.0643 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/17 17:59:43.0053 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/17 17:59:43.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/17 17:59:44.0075 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/17 17:59:44.0375 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/17 17:59:45.0136 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/17 17:59:45.0797 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/17 17:59:46.0508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/17 17:59:46.0939 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/17 17:59:47.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/17 17:59:48.0221 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/17 17:59:48.0701 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/17 17:59:48.0932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/17 17:59:49.0422 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/17 17:59:50.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/17 17:59:51.0125 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/17 17:59:51.0896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/17 17:59:52.0327 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/17 17:59:52.0847 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/01/17 17:59:53.0188 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/01/17 17:59:54.0079 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/17 17:59:54.0710 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/17 17:59:55.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/17 17:59:56.0002 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/01/17 17:59:57.0063 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/17 17:59:57.0374 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/01/17 17:59:57.0925 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/17 17:59:58.0215 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/17 17:59:59.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/17 18:00:00.0098 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/17 18:00:00.0258 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/01/17 18:00:00.0428 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/01/17 18:00:00.0909 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

2011/01/17 18:00:01.0280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/17 18:00:01.0350 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/17 18:00:01.0780 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/17 18:00:02.0131 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/17 18:00:02.0291 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/17 18:00:02.0381 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/17 18:00:02.0872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/17 18:00:04.0304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/17 18:00:04.0945 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/17 18:00:05.0235 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/17 18:00:05.0395 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/17 18:00:06.0086 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/01/17 18:00:06.0147 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/01/17 18:00:06.0227 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/01/17 18:00:06.0327 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys

2011/01/17 18:00:06.0417 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/01/17 18:00:06.0527 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/01/17 18:00:06.0597 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/01/17 18:00:06.0677 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/01/17 18:00:06.0737 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/01/17 18:00:06.0968 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/17 18:00:07.0138 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/17 18:00:07.0358 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/17 18:00:07.0649 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/17 18:00:07.0879 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/17 18:00:08.0049 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/17 18:00:08.0209 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/17 18:00:08.0360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/17 18:00:08.0470 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/17 18:00:08.0690 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/17 18:00:08.0780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/17 18:00:08.0900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/17 18:00:09.0081 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/17 18:00:09.0231 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/17 18:00:09.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/17 18:00:09.0411 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/17 18:00:09.0581 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/17 18:00:09.0722 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/01/17 18:00:09.0932 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/01/17 18:00:10.0152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/17 18:00:10.0323 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/01/17 18:00:10.0853 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/01/17 18:00:11.0144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/17 18:00:11.0294 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/17 18:00:11.0564 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/17 18:00:11.0584 ================================================================================

2011/01/17 18:00:11.0584 Scan finished

2011/01/17 18:00:11.0584 ================================================================================

2011/01/17 18:00:11.0634 Detected object count: 1

2011/01/17 18:00:24.0843 \HardDisk0 - will be cured after reboot

2011/01/17 18:00:24.0843 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/17 18:00:31.0082 Deinitialize success

Link to post
Share on other sites

Please post a new fresh DDS log file to confirm that TDSSKiller fix the problem.

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Alaina at 17:42:06.85 on Tue 01/18/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.675 [GMT -6:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alaina\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

============= SERVICES / DRIVERS ===============

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

=============== Created Last 30 ================

2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons

2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix

2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll

2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures

2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-14 18:28:43 -------- d-----w- C:\dload

2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec

2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe

2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe

2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe

2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe

2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple

2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer

2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW

2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics

2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live

2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache

==================== Find3M ====================

2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 17:43:30.00 ===============

Link to post
Share on other sites

Did you still keep ComboFix? Please locate and manually delete the following folders:

c:\documents and settings\all users\application data\AVG10

c:\documents and settings\all users\application data\Symantec

Combofix is still on the desktop, yes. I manually deleted all folders I could find named Symantec but could not find any folders for AVG10. Here is a new DDS log:

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Alaina at 17:45:55.15 on Wed 01/19/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.705 [GMT -6:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alaina\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

============= SERVICES / DRIVERS ===============

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

=============== Created Last 30 ================

2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons

2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix

2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll

2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures

2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-14 18:28:43 -------- d-----w- C:\dload

2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec

2011-01-12 00:08:22 98816 ----a-w- c:\windows\sed.exe

2011-01-12 00:08:22 89088 ----a-w- c:\windows\MBR.exe

2011-01-12 00:08:22 256512 ----a-w- c:\windows\PEV.exe

2011-01-12 00:08:22 161792 ----a-w- c:\windows\SWREG.exe

2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple

2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer

2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW

2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics

2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live

2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache

==================== Find3M ====================

2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 17:46:53.86 ===============

Link to post
Share on other sites

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Link to post
Share on other sites

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Okay, done. Here's a new DDS log taken just after:

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Alaina at 7:06:28.86 on Thu 01/20/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.754 [GMT -6:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Alaina\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

uRun: [Google Update] "c:\documents and settings\alaina\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HostManager] c:\program files\common files\aol\1240244075\ee\AOLSoftware.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257244327833

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alaina\applic~1\mozilla\firefox\profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\alaina\application data\mozilla\firefox\profiles\46hbzajt.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - plugin: c:\documents and settings\alaina\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

============= SERVICES / DRIVERS ===============

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

=============== Created Last 30 ================

2011-01-16 16:48:54 -------- d-sha-r- C:\cmdcons

2011-01-16 16:45:15 -------- d-----w- C:\Combo-Fix

2011-01-15 02:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-15 01:54:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-14 19:02:39 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{47261e04-880b-43d1-a4a4-6fdb8e1678c3}\mpengine.dll

2011-01-14 18:33:49 -------- d-----w- c:\windows\Temp5BA1475D-2AC6-C7DC-9743-793087BA02B3-Signatures

2011-01-14 18:33:42 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-14 18:28:43 -------- d-----w- C:\dload

2011-01-12 00:25:40 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Symantec

2011-01-11 23:25:14 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2010-12-29 21:51:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-29 21:51:02 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-29 21:47:48 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple

2010-12-29 21:47:21 -------- d-----w- c:\docume~1\alaina\locals~1\applic~1\Apple Computer

2010-12-27 14:58:15 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36:24 -------- d-----w- c:\program files\ACW

2010-12-27 14:24:58 -------- d-----w- c:\docume~1\alaina\applic~1\ElevatedDiagnostics

2010-12-27 03:33:39 -------- d-----w- c:\program files\common files\Windows Live

2010-12-27 03:29:19 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28:16 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28:16 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28:15 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09:02 -------- d-sh--w- c:\documents and settings\alaina\IECompatCache

==================== Find3M ====================

2010-12-19 17:21:46 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 7:07:37.13 ===============

Link to post
Share on other sites

Please locate and manually delete the following folder:

C:\Combo-Fix

Before we go with ComboFix, please do not use it without supervision. Please read this thread:

http://www.bleepingcomputer.com/forums/topic273628.html

It's very imporant!

When you're ready:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Please locate and manually delete the following folder:

C:\Combo-Fix

Before we go with ComboFix, please do not use it without supervision. Please read this thread:

http://www.bleepingcomputer.com/forums/topic273628.html

It's very imporant!

When you're ready:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

New Combo-Fix log:

ComboFix 11-01-19.04 - Alaina 01/20/2011 17:39:30.4.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.718 [GMT -6:00]

Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))

.

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime

2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer

2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW

2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics

2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live

2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]

"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Irene\Start Menu\Programs\Startup\

Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953]

BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-20 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster

uInternet Settings,ProxyServer = http=127.0.0.1:8075

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-20 17:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1260)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\mslbui.dll

.

Completion time: 2011-01-20 17:47:24

ComboFix-quarantined-files.txt 2011-01-20 23:47

ComboFix2.txt 2011-01-16 17:31

Pre-Run: 63,628,443,648 bytes free

Post-Run: 63,688,306,688 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 87693960FD696374DBC4B857743CA970

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8075
uInternet Settings,ProxyOverride = <local>

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8075
uInternet Settings,ProxyOverride = <local>

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

ComboFix 11-01-19.04 - Alaina 01/21/2011 18:54:14.5.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.717 [GMT -6:00]

Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Alaina\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))

.

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime

2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer

2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW

2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics

2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live

2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]

"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Irene\Start Menu\Programs\Startup\

Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953]

BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-21 19:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1284)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

.

Completion time: 2011-01-21 19:02:40

ComboFix-quarantined-files.txt 2011-01-22 01:02

ComboFix2.txt 2011-01-20 23:47

ComboFix3.txt 2011-01-16 17:31

Pre-Run: 63,718,137,856 bytes free

Post-Run: 63,691,862,016 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 833ED66F60982D54063718127EDB4FA6

Link to post
Share on other sites

Thanks!

One last time, but please manually delete your copy of Combofix and download a new fresh one. Next:

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
{E10A9785-9598-4754-B552-92431C1C35F8}
{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Thanks!

One last time, but please manually delete your copy of Combofix and download a new fresh one. Next:

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
{E10A9785-9598-4754-B552-92431C1C35F8}
{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

ComboFix 11-01-21.03 - Alaina 01/22/2011 9:19.6.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.703 [GMT -6:00]

Running from: c:\documents and settings\Alaina\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Alaina\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))

.

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-11 23:25 . 2011-01-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-11 18:54 . 2011-01-11 18:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2010-12-29 21:51 . 2010-12-29 21:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2010-12-29 21:49 . 2010-12-29 21:51 -------- d-----w- c:\program files\QuickTime

2010-12-29 21:49 . 2010-12-29 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-29 21:48 . 2010-12-29 21:48 -------- d-----w- c:\program files\Common Files\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\program files\Apple Software Update

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-12-29 21:47 . 2010-12-29 21:47 -------- d-----w- c:\documents and settings\Alaina\Local Settings\Application Data\Apple Computer

2010-12-27 14:58 . 2010-12-27 14:58 -------- d-----w- c:\program files\CCleaner

2010-12-27 14:36 . 2010-12-27 14:36 -------- d-----w- c:\program files\ACW

2010-12-27 14:24 . 2010-12-27 14:24 -------- d-----w- c:\documents and settings\Alaina\Application Data\ElevatedDiagnostics

2010-12-27 03:33 . 2010-12-27 03:33 -------- d-----w- c:\program files\Common Files\Windows Live

2010-12-27 03:29 . 2010-12-27 03:29 -------- d-----w- c:\windows\system32\winrm

2010-12-27 03:29 . 2010-12-27 03:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe

2010-12-27 03:28 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-12-27 03:09 . 2010-12-27 03:09 -------- d-sh--w- c:\documents and settings\Alaina\IECompatCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 00:09 . 2010-04-29 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2010-04-29 21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-19 17:21 . 2010-12-19 17:21 1409 ----a-w- c:\windows\QTFont.for

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-25 03:25 . 2009-12-02 20:23 165264 ------w- c:\windows\system32\drivers\MpFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]

"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-28 26112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"HostManager"="c:\program files\Common Files\AOL\1240244075\ee\AOLSoftware.exe" [2008-06-24 41824]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Irene\Start Menu\Programs\Startup\

Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-3-31 36953]

BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-8 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-28 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006Core.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-500672581-3321906026-2241110571-1006UA.job

- c:\documents and settings\Alaina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 19:36]

2011-01-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:webmaster

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Alaina\Application Data\Mozilla\Firefox\Profiles\46hbzajt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-22 09:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(784)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\mslbui.dll

.

Completion time: 2011-01-22 09:27:08

ComboFix-quarantined-files.txt 2011-01-22 15:26

Pre-Run: 63,699,103,744 bytes free

Post-Run: 63,672,848,384 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 1306BFDBF0FDB2967ACC50F50E74E691

Link to post
Share on other sites

Nice job! :)

Last steps:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS, GMER and TDSSKiller.

Step 3

Keep your software up-to-date:

www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.