Google redirects, pop-ups, "generic host process" error, Trojan Hiloti

[warehouse]

Here are the logs.

TDSS

2011/04/23 17:06:27.0687 0720 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/23 17:06:27.0906 0720 ================================================================================

2011/04/23 17:06:27.0906 0720 SystemInfo:

2011/04/23 17:06:27.0906 0720

2011/04/23 17:06:27.0906 0720 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/23 17:06:27.0906 0720 Product type: Workstation

2011/04/23 17:06:27.0906 0720 ComputerName: HIEU

2011/04/23 17:06:27.0906 0720 UserName: Vamos Rafa

2011/04/23 17:06:27.0906 0720 Windows directory: C:\WINDOWS

2011/04/23 17:06:27.0906 0720 System windows directory: C:\WINDOWS

2011/04/23 17:06:27.0906 0720 Processor architecture: Intel x86

2011/04/23 17:06:27.0906 0720 Number of processors: 4

2011/04/23 17:06:27.0906 0720 Page size: 0x1000

2011/04/23 17:06:27.0906 0720 Boot type: Normal boot

2011/04/23 17:06:27.0906 0720 ================================================================================

2011/04/23 17:06:28.0140 0720 Initialize success

2011/04/23 17:06:45.0281 2832 ================================================================================

2011/04/23 17:06:45.0281 2832 Scan started

2011/04/23 17:06:45.0281 2832 Mode: Manual;

2011/04/23 17:06:45.0281 2832 ================================================================================

2011/04/23 17:06:45.0609 2832 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/23 17:06:45.0640 2832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/23 17:06:45.0734 2832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/23 17:06:45.0812 2832 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/04/23 17:06:45.0875 2832 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys

2011/04/23 17:06:46.0171 2832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/23 17:06:46.0203 2832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/23 17:06:46.0265 2832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/23 17:06:46.0296 2832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/23 17:06:46.0437 2832 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/04/23 17:06:46.0468 2832 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/04/23 17:06:46.0500 2832 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/04/23 17:06:46.0531 2832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/23 17:06:46.0593 2832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/23 17:06:46.0640 2832 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/23 17:06:46.0734 2832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/23 17:06:46.0796 2832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/23 17:06:46.0843 2832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/23 17:06:47.0093 2832 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/04/23 17:06:47.0156 2832 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2011/04/23 17:06:47.0281 2832 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys

2011/04/23 17:06:47.0343 2832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/23 17:06:47.0390 2832 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/23 17:06:47.0437 2832 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/04/23 17:06:47.0468 2832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/23 17:06:47.0500 2832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/23 17:06:47.0546 2832 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/04/23 17:06:47.0578 2832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/23 17:06:47.0640 2832 Envy24HFS (ac913b7ab3a8c69a7b341d9f69fe1d04) C:\WINDOWS\system32\drivers\Envy24HF.sys

2011/04/23 17:06:47.0718 2832 f5ipfw (6fd59b5c1e64780111fb3cdd385bee2f) C:\WINDOWS\system32\drivers\urfltw2k.sys

2011/04/23 17:06:47.0750 2832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/23 17:06:47.0796 2832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/23 17:06:47.0843 2832 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/04/23 17:06:47.0859 2832 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/23 17:06:47.0937 2832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/23 17:06:47.0984 2832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/23 17:06:48.0046 2832 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2011/04/23 17:06:48.0078 2832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/23 17:06:48.0109 2832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/23 17:06:48.0140 2832 gdrv (b6bfec7542730e9a376bf2408423d493) C:\WINDOWS\gdrv.sys

2011/04/23 17:06:49.0265 2832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/04/23 17:06:49.0312 2832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/23 17:06:49.0359 2832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/23 17:06:49.0390 2832 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/23 17:06:49.0468 2832 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/23 17:06:49.0578 2832 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/23 17:06:49.0640 2832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/23 17:06:49.0781 2832 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/23 17:06:49.0796 2832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/23 17:06:49.0859 2832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/23 17:06:49.0906 2832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/23 17:06:49.0953 2832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/23 17:06:49.0984 2832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/23 17:06:50.0015 2832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/23 17:06:50.0062 2832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/23 17:06:50.0109 2832 JL2005C (637898b8ee8c0cc3342c61a49e3ff088) C:\WINDOWS\system32\Drivers\jl2005c.sys

2011/04/23 17:06:50.0125 2832 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/23 17:06:50.0156 2832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/23 17:06:50.0187 2832 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/23 17:06:50.0312 2832 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2011/04/23 17:06:50.0421 2832 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2011/04/23 17:06:50.0515 2832 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/04/23 17:06:50.0562 2832 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/04/23 17:06:50.0593 2832 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/04/23 17:06:50.0671 2832 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/04/23 17:06:50.0750 2832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/23 17:06:50.0812 2832 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/23 17:06:50.0843 2832 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/23 17:06:50.0890 2832 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/23 17:06:50.0921 2832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/23 17:06:50.0984 2832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/23 17:06:51.0046 2832 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/23 17:06:51.0093 2832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/23 17:06:51.0140 2832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/23 17:06:51.0187 2832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/23 17:06:51.0234 2832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/23 17:06:51.0281 2832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/23 17:06:51.0312 2832 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/23 17:06:51.0343 2832 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/23 17:06:51.0390 2832 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/23 17:06:51.0437 2832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/23 17:06:51.0484 2832 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/23 17:06:51.0515 2832 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/23 17:06:51.0562 2832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/23 17:06:51.0593 2832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/23 17:06:51.0625 2832 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/23 17:06:51.0656 2832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/23 17:06:51.0687 2832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/23 17:06:51.0750 2832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/23 17:06:51.0796 2832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/23 17:06:51.0890 2832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/23 17:06:52.0062 2832 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/23 17:06:52.0156 2832 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys

2011/04/23 17:06:52.0218 2832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/23 17:06:52.0250 2832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/23 17:06:52.0312 2832 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/23 17:06:52.0328 2832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/23 17:06:52.0359 2832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/23 17:06:52.0375 2832 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/23 17:06:52.0437 2832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/23 17:06:52.0484 2832 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/23 17:06:52.0734 2832 PnkBstrK (335070925fce12af4341bf0b71d8a4b6) C:\WINDOWS\system32\drivers\PnkBstrK.sys

2011/04/23 17:06:52.0796 2832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/23 17:06:52.0812 2832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/23 17:06:52.0843 2832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/23 17:06:52.0890 2832 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/23 17:06:53.0046 2832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/23 17:06:53.0078 2832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/23 17:06:53.0109 2832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/23 17:06:53.0125 2832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/23 17:06:53.0156 2832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/23 17:06:53.0171 2832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/23 17:06:53.0203 2832 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/23 17:06:53.0234 2832 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/23 17:06:53.0281 2832 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/23 17:06:53.0343 2832 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/04/23 17:06:53.0421 2832 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/04/23 17:06:53.0468 2832 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/04/23 17:06:53.0500 2832 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2011/04/23 17:06:53.0562 2832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/23 17:06:53.0609 2832 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/23 17:06:53.0640 2832 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/23 17:06:53.0703 2832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/23 17:06:53.0796 2832 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/23 17:06:53.0875 2832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/23 17:06:53.0937 2832 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys

2011/04/23 17:06:54.0015 2832 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/23 17:06:54.0062 2832 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/23 17:06:54.0125 2832 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/04/23 17:06:54.0187 2832 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/23 17:06:54.0218 2832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/23 17:06:54.0250 2832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/23 17:06:54.0390 2832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/23 17:06:54.0468 2832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/23 17:06:54.0515 2832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/23 17:06:54.0562 2832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/23 17:06:54.0609 2832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/23 17:06:54.0781 2832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/23 17:06:54.0859 2832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/23 17:06:54.0921 2832 urvpndrv (0f3efed5f759e0b8fe052546c5155ed5) C:\WINDOWS\system32\DRIVERS\covpndrv.sys

2011/04/23 17:06:54.0984 2832 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/23 17:06:55.0031 2832 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/23 17:06:55.0062 2832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/23 17:06:55.0093 2832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/23 17:06:55.0140 2832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/23 17:06:55.0203 2832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/23 17:06:55.0250 2832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/23 17:06:55.0296 2832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/23 17:06:55.0328 2832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/23 17:06:55.0375 2832 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/23 17:06:55.0437 2832 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

2011/04/23 17:06:55.0546 2832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/23 17:06:55.0609 2832 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/04/23 17:06:55.0687 2832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/23 17:06:55.0765 2832 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/04/23 17:06:55.0812 2832 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/23 17:06:55.0875 2832 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys

2011/04/23 17:06:55.0984 2832 ================================================================================

2011/04/23 17:06:55.0984 2832 Scan finished

2011/04/23 17:06:55.0984 2832 ================================================================================

RKU

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #4

==============================================

>Drivers

==============================================

0xB92F2000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6283264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 182.50 )

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6189056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 182.50 )

0xB6600000 C:\WINDOWS\system32\DRIVERS\lvuvc.sys 3641344 bytes (Logitech Inc., Logitech USB Video Class Driver)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2265088 bytes

0x804D7000 RAW 2265088 bytes

0x804D7000 WMIxWDM 2265088 bytes

0xB6979000 C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 2138112 bytes (Logitech Inc., Logitech Machine Vision Engine Loader)

0xB622A000 C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2105344 bytes (Logitech Inc., Logitech Kernel Audio Processing Filter Driver)

0xB642C000 C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 1916928 bytes (Logitech Inc., Logitech AudioProcessing Filter Driver)

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB919B000 C:\WINDOWS\system32\drivers\Envy24HF.sys 655360 bytes (VIA - IC Ensemble, Inc., Envy24 Family Audio Controller WDM)

0xB5A2E000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)

0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB6C71000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB57BE000 C:\WINDOWS\system32\vsdatant.sys 393216 bytes (Zone Labs, LLC, TrueVector Device Driver)

0xB8FCD000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB6DF1000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB590E000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBF5F9000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB50F8000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB923B000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 212992 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )

0xB9053000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB5BD6000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7424000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB4365000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xB6CE1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB9292000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xB6DA3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB6C4B000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xB6DCB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB6D5C000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 151552 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0xB9177000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB92BA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB926F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB6D81000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80700000 ACPI_HAL 134400 bytes

0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB90BF000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)

0xF740A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB6212000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB9094000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB5E5B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0xB55F1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB9163000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xB92DE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB6E4A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB9083000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF7527000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA716000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF76B7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF7687000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA706000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB569E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA796000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)

0xF7587000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF76C7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xB9940000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xB9920000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7547000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA726000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xB9930000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xB98F0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xB9900000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF7517000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA736000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF74F7000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)

0xB9910000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7557000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB4484000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF7567000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7787000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xB6D34000 C:\WINDOWS\nvoclock.sys 32768 bytes (NVidia Corp., NVidia System Utility Driver)

0xF77BF000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xB6D2C000 C:\DOCUME~1\VAMOSR~1\LOCALS~1\Temp\ALSysIO.sys 28672 bytes

0xF77E7000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF77A7000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF779F000 C:\WINDOWS\system32\drivers\dadder.sys 24576 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver)

0xF77DF000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF77EF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7817000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7797000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0xF778F000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7777000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF772F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF77B7000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)

0xF777F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7807000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF780F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF77FF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF77C7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA7AE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB5E3B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA7D6000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB6E89000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xBA7D2000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)

0xB9037000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB7EC1000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA7C6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xBA7F2000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7A05000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF79FD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF79A1000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF79FB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF79FF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7A09000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7A01000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF79CD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF79E7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA3B3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA240000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7A76000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

[Kenny94]

Looking good... Smile we are getting closer. Good job you done there. Double click on the DDS icon, allow it to run. Please post back with a the two fresh DDS logs.

[warehouse]

Could not be happier about this

Thanks!

DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Vamos Rafa at 22:59:16.12 on Sat 04/23/2011

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1590 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Vamos Rafa\My Documents\New2\OC\Core Temp.exe

C:\Documents and Settings\Vamos Rafa\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [nwiz] nwiz.exe /install

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Dpuroxolibugi] rundll32.exe "c:\windows\edejufan.dll",Startup

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxvpn.cab#version=6030,2008,904,1951

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2008,904,1947

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\vamosr~1\locals~1\temp\ixp000.tmp\InstallerControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {8E49176D-5B2E-4391-AA56-212161D660DE} - hxxp://pacs.hscs.virginia.edu/plugin/JavaSettings.exe

DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxshost.cab#version=6030,2008,904,1945

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxhost.cab#version=6030,2008,904,1940

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\vamosr~1\applic~1\mozilla\firefox\profiles\6320ji3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\vamos rafa\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\vamos rafa\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\vamos rafa\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJPI142_05.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-19 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-19 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-19 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-19 61960]

R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

R3 ALSysIO;ALSysIO;\??\c:\docume~1\vamosr~1\locals~1\temp\alsysio.sys --> c:\docume~1\vamosr~1\locals~1\temp\ALSysIO.sys [?]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-3-20 22784]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2008-3-20 651712]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\vamosr~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\vamosr~1\locals~1\temp\cpuz_x32.sys [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-1-21 10744]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2008-9-4 33400]

.

=============== Created Last 30 ================

.

2011-04-22 17:51:14 -------- d-----w- c:\docume~1\vamosr~1\locals~1\applic~1\{D69CED78-B9A6-42D9-BB6C-B156110BD0C6}

2011-04-20 22:43:32 89088 ----a-w- c:\windows\MBR.exe

2011-04-20 22:43:32 256512 ----a-w- c:\windows\PEV.exe

2011-04-20 22:43:32 161792 ----a-w- c:\windows\SWREG.exe

2011-04-20 22:43:31 98816 ----a-w- c:\windows\sed.exe

2011-04-20 07:32:58 -------- d-----w- c:\docume~1\vamosr~1\applic~1\Avira

2011-04-20 02:57:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-20 02:57:37 -------- d-----w- c:\program files\Avira

2011-04-20 02:57:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-04-19 03:40:16 175616 ----a-w- c:\windows\system32\unrar.dll

2011-04-19 03:40:14 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-04-18 04:55:09 0 ----a-w- c:\windows\Ssexohoqusi.bin

2011-04-18 04:53:48 -------- d-----w- c:\docume~1\vamosr~1\applic~1\3027DCEB6FF29DEB4472D78FD4EFABF5

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2008-04-08 17:46:28 680 ----a-w- c:\program files\mpc2.reg

2008-04-08 17:46:28 596 ----a-w- c:\program files\mpc1.reg

2008-04-08 17:46:28 4608 ----a-w- c:\program files\mpc4.reg

2008-04-08 17:46:28 3476 ----a-w- c:\program files\mpc7.reg

2008-04-08 17:46:28 3026 ----a-w- c:\program files\mpc3.reg

2008-04-08 17:46:28 27260 ----a-w- c:\program files\ffdssetts.reg

2008-04-08 17:46:28 24316 ----a-w- c:\program files\ffdsvsetts.reg

2008-04-08 17:46:28 18156 ----a-w- c:\program files\mpc6.reg

2008-04-08 17:46:28 16486 ----a-w- c:\program files\mpc5.reg

2008-04-08 17:46:28 1292 ----a-w- c:\program files\ffdsasetts.reg

2008-02-14 22:23:12 231944 ----a-w- c:\program files\gwflash.exe

2007-09-22 03:42:42 19008 ----a-w- c:\program files\markfun.a64

2007-08-22 03:49:28 17912 ----a-w- c:\program files\markfun.w32

2007-03-02 12:48:50 240448 ----a-w- c:\program files\gwf32.exe

2006-11-24 07:47:50 207680 ----a-w- c:\program files\BIOS_Run.exe

2005-04-28 03:40:26 6800 ----a-w- c:\program files\W95_HUA.vxd

.

============= FINISH: 23:00:09.00 ===============

Attach

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Vamos Rafa at 22:59:16.12 on Sat 04/23/2011

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1590 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Vamos Rafa\My Documents\New2\OC\Core Temp.exe

C:\Documents and Settings\Vamos Rafa\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [nwiz] nwiz.exe /install

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Dpuroxolibugi] rundll32.exe "c:\windows\edejufan.dll",Startup

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxvpn.cab#version=6030,2008,904,1951

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2008,904,1947

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\vamosr~1\locals~1\temp\ixp000.tmp\InstallerControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {8E49176D-5B2E-4391-AA56-212161D660DE} - hxxp://pacs.hscs.virginia.edu/plugin/JavaSettings.exe

DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxshost.cab#version=6030,2008,904,1945

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxhost.cab#version=6030,2008,904,1940

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\vamosr~1\applic~1\mozilla\firefox\profiles\6320ji3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\vamos rafa\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\vamos rafa\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\vamos rafa\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJPI142_05.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-19 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-19 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-19 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-19 61960]

R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

R3 ALSysIO;ALSysIO;\??\c:\docume~1\vamosr~1\locals~1\temp\alsysio.sys --> c:\docume~1\vamosr~1\locals~1\temp\ALSysIO.sys [?]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-3-20 22784]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2008-3-20 651712]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\vamosr~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\vamosr~1\locals~1\temp\cpuz_x32.sys [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-1-21 10744]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2008-9-4 33400]

.

=============== Created Last 30 ================

.

2011-04-22 17:51:14 -------- d-----w- c:\docume~1\vamosr~1\locals~1\applic~1\{D69CED78-B9A6-42D9-BB6C-B156110BD0C6}

2011-04-20 22:43:32 89088 ----a-w- c:\windows\MBR.exe

2011-04-20 22:43:32 256512 ----a-w- c:\windows\PEV.exe

2011-04-20 22:43:32 161792 ----a-w- c:\windows\SWREG.exe

2011-04-20 22:43:31 98816 ----a-w- c:\windows\sed.exe

2011-04-20 07:32:58 -------- d-----w- c:\docume~1\vamosr~1\applic~1\Avira

2011-04-20 02:57:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-20 02:57:37 -------- d-----w- c:\program files\Avira

2011-04-20 02:57:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-04-19 03:40:16 175616 ----a-w- c:\windows\system32\unrar.dll

2011-04-19 03:40:14 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-04-18 04:55:09 0 ----a-w- c:\windows\Ssexohoqusi.bin

2011-04-18 04:53:48 -------- d-----w- c:\docume~1\vamosr~1\applic~1\3027DCEB6FF29DEB4472D78FD4EFABF5

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2008-04-08 17:46:28 680 ----a-w- c:\program files\mpc2.reg

2008-04-08 17:46:28 596 ----a-w- c:\program files\mpc1.reg

2008-04-08 17:46:28 4608 ----a-w- c:\program files\mpc4.reg

2008-04-08 17:46:28 3476 ----a-w- c:\program files\mpc7.reg

2008-04-08 17:46:28 3026 ----a-w- c:\program files\mpc3.reg

2008-04-08 17:46:28 27260 ----a-w- c:\program files\ffdssetts.reg

2008-04-08 17:46:28 24316 ----a-w- c:\program files\ffdsvsetts.reg

2008-04-08 17:46:28 18156 ----a-w- c:\program files\mpc6.reg

2008-04-08 17:46:28 16486 ----a-w- c:\program files\mpc5.reg

2008-04-08 17:46:28 1292 ----a-w- c:\program files\ffdsasetts.reg

2008-02-14 22:23:12 231944 ----a-w- c:\program files\gwflash.exe

2007-09-22 03:42:42 19008 ----a-w- c:\program files\markfun.a64

2007-08-22 03:49:28 17912 ----a-w- c:\program files\markfun.w32

2007-03-02 12:48:50 240448 ----a-w- c:\program files\gwf32.exe

2006-11-24 07:47:50 207680 ----a-w- c:\program files\BIOS_Run.exe

2005-04-28 03:40:26 6800 ----a-w- c:\program files\W95_HUA.vxd

.

============= FINISH: 23:00:09.00 ===============

[Kenny94]

There are some older versions of Java on your computer. These can be a source of infection.

[

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 24 -
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u124 -windows-i586-p.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

    [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_24 from Sun Microsystems Inc.

-------------------------------------------------------------------

Your Computer is Clean

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures

Secunia software inspector & update checker

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.

Visit My Blog for Malware and Spyware Tips

[warehouse]

Can't thank you enough for your outstanding and prompt help, Kenny. No feeling quite like knowing your computer isn't on fire anymore. Will try to keep things clean =]

On a last note, any tips on getting rid of that annoying Windows Security alert?

Thanks again for everything!

[Kenny94]

Sorry, I left this out....

• Click the Start button, and then click Run.
  
• In the Run dialog box in bold copy and paste following text:
  
• regsvr32 /u WMIUTILS.DLL Click OK
  
• Restart the computer.
  
• Click the Start button, and then click Run.
  
• In the Run dialog box in bold copy and paste :
  
• regsvr32 WMIUTILS.DLL Click OK.
  
• Restart the computer..
  

Let me know?

[Kenny94]

If my above fix does't work? The below should do the trick.

First, we need to backup your registry:

Please go to Start > Run

Paste in the following line:

• regedit /e c:\registrybackup.reg
  

Click OK.

It won't appear to be doing anything, that's normal.

Your mouse pointer may turn to an hour glass for a minute.

Please continue when it no longer has the hour glass.

Let's try running this reg file to restore the security center:

http://www.kellys-korner-xp.com/regs_edits/securitycenterrestore.reg

Download this file and save it to your Desktop.

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot when done! Really important! And let me know how it went?

[warehouse]

Hrmm.. I tried both methods but the security alert is till there. It says automatic updates is off. When I hit 'Turn on Automatic Updates' it tells me to do it manually via the Control Panel, which I have already done.

Interestingly, when I go to the Microsoft Update site, I click on install Express or Custom and it gives me a "Page cannot be displayed" message.

Hope it's nothing serious

Thanks.

[warehouse]

Not sure if this is related, but I have also have been having trouble updating Avira. I have been going to their website to update manually, which works, but I can't update via Avira itself.

Besides these annoying things, the PC is not having any issues.

[warehouse]

Perhaps I spoke too soon. Just a minute ago, I experienced some google redirects in Firefox. I can't seem to reproduce the redirects as frequently as before but they do occur. I really haven't used this computer to do anything besides visit this forum and install Daemon Tools Lite (Hope that wasn't a big mistake!).

Still, the PC is running more smoothly.

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6435

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/24/2011 6:01:25 PM

mbam-log-2011-04-24 (18-01-25).txt

Scan type: Quick scan

Objects scanned: 154546

Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Vamos Rafa at 18:22:00.28 on Sun 04/24/2011

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1579 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\CTFMON.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Vamos Rafa\My Documents\New2\OC\Core Temp.exe

C:\Documents and Settings\Vamos Rafa\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [nwiz] nwiz.exe /install

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Dpuroxolibugi] rundll32.exe "c:\windows\edejufan.dll",Startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxvpn.cab#version=6030,2008,904,1951

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2008,904,1947

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\vamosr~1\locals~1\temp\ixp000.tmp\InstallerControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8E49176D-5B2E-4391-AA56-212161D660DE} - hxxp://pacs.hscs.virginia.edu/plugin/JavaSettings.exe

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxshost.cab#version=6030,2008,904,1945

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://uplink.healthsystem.virginia.edu/vdesk/terminal/urxhost.cab#version=6030,2008,904,1940

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\vamosr~1\applic~1\mozilla\firefox\profiles\6320ji3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\vamos rafa\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\vamos rafa\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\vamos rafa\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-19 11608]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-24 218688]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-19 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-19 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-19 61960]

R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

R3 ALSysIO;ALSysIO;\??\c:\docume~1\vamosr~1\locals~1\temp\alsysio.sys --> c:\docume~1\vamosr~1\locals~1\temp\ALSysIO.sys [?]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-3-20 22784]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2008-3-20 651712]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\vamosr~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\vamosr~1\locals~1\temp\cpuz_x32.sys [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-1-21 10744]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2008-9-4 33400]

.

=============== Created Last 30 ================

.

2011-04-24 21:26:46 122815660 ----a-w- C:\registrybackup.reg

2011-04-24 20:47:53 -------- d-----w- c:\docume~1\vamosr~1\applic~1\BDL+P

2011-04-24 20:43:26 -------- d-----w- C:\liquid

2011-04-24 20:33:59 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-04-24 20:33:50 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-04-24 20:33:13 -------- d-----w- c:\docume~1\vamosr~1\applic~1\DAEMON Tools Lite

2011-04-24 20:33:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2011-04-24 20:30:52 -------- d-s---w- C:\ComboFix

2011-04-22 17:51:14 -------- d-----w- c:\docume~1\vamosr~1\locals~1\applic~1\{D69CED78-B9A6-42D9-BB6C-B156110BD0C6}

2011-04-20 07:32:58 -------- d-----w- c:\docume~1\vamosr~1\applic~1\Avira

2011-04-20 02:57:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-20 02:57:37 -------- d-----w- c:\program files\Avira

2011-04-20 02:57:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-04-19 03:40:16 175616 ----a-w- c:\windows\system32\unrar.dll

2011-04-19 03:40:14 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-04-18 04:55:09 0 ----a-w- c:\windows\Ssexohoqusi.bin

2011-04-18 04:53:48 -------- d-----w- c:\docume~1\vamosr~1\applic~1\3027DCEB6FF29DEB4472D78FD4EFABF5

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2008-04-08 17:46:28 680 ----a-w- c:\program files\mpc2.reg

2008-04-08 17:46:28 596 ----a-w- c:\program files\mpc1.reg

2008-04-08 17:46:28 4608 ----a-w- c:\program files\mpc4.reg

2008-04-08 17:46:28 3476 ----a-w- c:\program files\mpc7.reg

2008-04-08 17:46:28 3026 ----a-w- c:\program files\mpc3.reg

2008-04-08 17:46:28 27260 ----a-w- c:\program files\ffdssetts.reg

2008-04-08 17:46:28 24316 ----a-w- c:\program files\ffdsvsetts.reg

2008-04-08 17:46:28 18156 ----a-w- c:\program files\mpc6.reg

2008-04-08 17:46:28 16486 ----a-w- c:\program files\mpc5.reg

2008-04-08 17:46:28 1292 ----a-w- c:\program files\ffdsasetts.reg

2008-02-14 22:23:12 231944 ----a-w- c:\program files\gwflash.exe

2007-09-22 03:42:42 19008 ----a-w- c:\program files\markfun.a64

2007-08-22 03:49:28 17912 ----a-w- c:\program files\markfun.w32

2007-03-02 12:48:50 240448 ----a-w- c:\program files\gwf32.exe

2006-11-24 07:47:50 207680 ----a-w- c:\program files\BIOS_Run.exe

2005-04-28 03:40:26 6800 ----a-w- c:\program files\W95_HUA.vxd

.

============= FINISH: 18:22:43.64 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/22/2009 12:45:40 AM

System Uptime: 4/24/2011 5:50:05 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3L

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 298 GiB total, 83.45 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Audio Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458E601&REV_1000\4&808A433&0&0201

Manufacturer:

Name: Audio Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458E601&REV_1000\4&808A433&0&0201

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0001

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0001

Service: CVirtA

.

==== System Restore Points ===================

.

RP349: 4/24/2011 4:33:03 PM - System Checkpoint

.

==== Installed Programs ======================

.

??

@BIOS

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Advertising Center

AIM 6

Alarm Clock v1.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Avira AntiVir Personal - Free Antivirus

AviSynth 2.5

Belkin Setup and Router Monitor

Bonjour

CCleaner (remove only)

Cisco Systems VPN Client 5.0.04.0300 (ITC)

Compatibility Pack for the 2007 Office system

Counter-Strike

DAEMON Tools Lite

DivX Codec

DivX Converter

DivX Player

DivX Web Player

FlashGet 1.9.6.1073

Free Mp3 Wma Converter V 1.81

GIMP 2.6.7

Google Talk Plugin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ijji - Gunz

ijji REACTOR

iTunes

Jamorama Software

Java Auto Updater

Java 6 Update 24

K-Lite Codec Pack 7.1.0 (Basic)

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft AppLocale

Microsoft Kernel-Mode Driver Framework Feature Pack 1.1

Microsoft Office Professional Edition 2003

Microsoft Visual C Runtime

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows Application Compatibility Database

Microsoft Xbox 360 Accessories 1.1

Mozilla Firefox 4.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MSXML4 Parser

Nero 9 Lite

Nero ControlCenter

Nero Installer

Nero Online Upgrade

Nero StartSmart

neroxml

NVIDIA nTune

Oblivion

Oblivion - Horse Armor Pack

Oblivion - Knights of the Nine

Oblivion - Mehrunes Razor

Oblivion - Orrery

Oblivion - Spell Tomes

Oblivion - Thieves Den

Oblivion - Vile Lair

Oblivion - Wizard's Tower

Oblivion mod manager 1.1.9

PunkBuster Services

Quake Live Mozilla Plugin

QuickTime

Razer DeathAdder Mouse

REALTEK GbE & FE Ethernet PCI-E NIC Driver

SeaTools for Windows

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Spybot - Search & Destroy

StarCraft II

Steam

SUPERAntiSpyware Free Edition

TuxGuitar 1.1

Ultima Online 2D Client

Uninstall Dual Mode Camera

UnInstall Envy24 Family Audio Device Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Videora iPod Converter 5.04

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.0.3

WebFldrs XP

WinAce Archiver

Windows Genuine Advantage Notifications (KB905474)

Windows XP Service Pack 3

WinRAR archiver

Write-N-Cite

WX Application

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

4/21/2011 6:59:19 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

4/21/2011 1:36:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/21/2011 1:31:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/21/2011 1:31:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/20/2011 6:51:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/20/2011 6:50:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/20/2011 6:45:42 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

4/20/2011 3:56:57 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

4/20/2011 3:25:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH TfFsMon TfSysMon

4/20/2011 3:24:40 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

4/19/2011 6:07:20 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/19/2011 6:05:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

4/19/2011 12:24:57 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

4/19/2011 11:04:15 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: The system cannot find the file specified.

4/19/2011 10:54:35 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

4/19/2011 10:42:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon

4/19/2011 10:42:51 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

4/19/2011 10:32:25 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/19/2011 1:01:53 AM, error: atapi [9] - The device, \Device\Ide\IdePort4, did not respond within the timeout period.

4/18/2011 3:03:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.

4/18/2011 3:03:09 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/18/2011 10:39:30 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126ADB-2166-11D1-B1D0-00805FC1270E}

.

==== End Of File ===========================

[Kenny94]

Remove this file

c:\docume~1\vamosr~1\locals~1\applic~1\{D69CED78-B9A6-42D9-BB6C-B156110BD0C6}

Are the redirects are in just Firefox and not in IE?

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

Are the redirects still happening now?

Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology
    

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[warehouse]

Thanks for sticking with me on this. Deleted the file you mentioned, and the GooredFix and ESET logs are below. ESET seems to have found something.

I am still getting redirects in google, although they are very hard to elicit. Actually, they only seem to occur in Firefox when I google "windows update" and attempt to access the windows update site. Still getting the Windows Security alert and am unable to access the windows update page with IE. Otherwise, I have having no issues at all and the PC seems much faster.

GooredFix

GooredFix by jpshortstuff (03.07.10.1)

Log created at 17:35 on 25/04/2011 (Vamos Rafa)

Firefox version 4.0 (en-US)

========== GooredScan ==========

Removing Orphan:

"{D69CED78-B9A6-42D9-BB6C-B156110BD0C6}"="C:\Documents and Settings\Vamos Rafa\Local Settings\Application Data\{D69CED78-B9A6-42D9-BB6C-B156110BD0C6}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:58 24/03/2011]

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [22:22 11/12/2009]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [00:21 26/04/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [20:27 13/08/2010]

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [20:29 24/04/2011]

C:\Documents and Settings\Vamos Rafa\Application Data\Mozilla\Firefox\Profiles\6320ji3r.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [03:02 27/04/2010]

{DBBB3167-6E81-400f-BBFD-BD8921726F52} [06:21 21/01/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:04 14/08/2009]

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [23:18 29/03/2011]

-=E.O.F=-

ESET

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=4c58953da5c76a4ea4bce63a264a6b3c

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-04-25 10:41:37

# local_time=2011-04-25 06:41:37 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1026 16777214 0 2 45578509 45578509 0 0

# compatibility_mode=1797 16775141 100 93 0 39364716 0 0

# compatibility_mode=8192 67108863 100 0 41653986 41653986 0 0

# scanned=91214

# found=2

# cleaned=0

# scan_time=3529

C:\WINDOWS\edejufan.dll a variant of Win32/Kryptik.MVM trojan (unable to clean) 00000000000000000000000000000000 I

${Memory} a variant of Win32/Kryptik.MVM trojan 00000000000000000000000000000000 I

[Kenny94]

I can't find anything on this file edejufan.dll So, let's see if there's more on this one. Also, we'll run ComboFix to see what it will show.

Check a file/files

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to

C:\WINDOWS\edejufan.dll

then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Next

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK
  
• If not, please reboot your computer.
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

1. Download ComboFix from below:
   Combofix download
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   The Recovery Console was successfully installed.
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   ---------------------------------------------------------------------------------------------
   

[warehouse]

Nice! Looks like Combofix found it this time around and took care of the file. The windows security alert is gone, I can no longer elicit any redirects in google, and I can access the Windows Update site as usual.

Hope everything is clean for the time being.

Thanks again!

Virus Total

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

edejufan.dll

Submission date:

2011-04-26 20:54:04 (UTC)

Current status:

finished

Result:

2/ 41 (4.9%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.04.27.00 2011.04.26 -

AntiVir 7.11.7.7 2011.04.25 -

Antiy-AVL 2.0.3.7 2011.04.26 -

Avast 4.8.1351.0 2011.04.26 -

Avast5 5.0.677.0 2011.04.26 -

AVG 10.0.0.1190 2011.04.26 -

BitDefender 7.2 2011.04.26 -

CAT-QuickHeal 11.00 2011.04.26 -

ClamAV 0.97.0.0 2011.04.26 -

Commtouch 5.3.2.6 2011.04.26 -

Comodo 8486 2011.04.26 MalCrypt.Indus!

DrWeb 5.0.2.03300 2011.04.26 -

eSafe 7.0.17.0 2011.04.26 -

eTrust-Vet 36.1.8293 2011.04.26 -

F-Prot 4.6.2.117 2011.04.26 -

F-Secure 9.0.16440.0 2011.04.26 -

Fortinet 4.2.257.0 2011.04.26 -

GData 22 2011.04.26 -

Ikarus T3.1.1.103.0 2011.04.26 -

Jiangmin 13.0.900 2011.04.26 -

K7AntiVirus 9.98.4485 2011.04.26 -

Kaspersky 9.0.0.837 2011.04.26 -

McAfee 5.400.0.1158 2011.04.26 -

McAfee-GW-Edition 2010.1D 2011.04.26 -

Microsoft 1.6802 2011.04.26 Trojan:Win32/Podjot.A

NOD32 6073 2011.04.26 -

Norman 6.07.07 2011.04.26 -

Panda 10.0.3.5 2011.04.26 -

PCTools 7.0.3.5 2011.04.21 -

Prevx 3.0 2011.04.26 -

Rising 23.55.01.05 2011.04.26 -

Sophos 4.64.0 2011.04.26 -

SUPERAntiSpyware4.40.0.1006 2011.04.26 -

Symantec 20101.3.2.89 2011.04.26 -

TheHacker 6.7.0.1.183 2011.04.26 -

TrendMicro 9.200.0.1012 2011.04.26 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.26 -

VBA32 3.12.16.0 2011.04.26 -

VIPRE 9128 2011.04.26 -

ViRobot 2011.4.26.4431 2011.04.26 -

VirusBuster 13.6.322.0 2011.04.26 -

Additional information

MD5 : 8f02810637ee8f0b6a79766544c730e1

SHA1 : 6e2d19681afec8b718ed50d126476e84697b5f0a

SHA256: d6579bb8d3e8cbc96534f35b02d16625fb355d928e4d4136d45966e27a84dad9

Combofix

ComboFix 11-04-26.01 - Vamos Rafa 04/26/2011 17:12:35.14.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1626 [GMT -4:00]

Running from: c:\documents and settings\Vamos Rafa\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Vamos Rafa\Local Settings\Application Data\{EBE0C481-C961-4996-886D-160ED5063E33}

c:\documents and settings\Vamos Rafa\Local Settings\Application Data\{EBE0C481-C961-4996-886D-160ED5063E33}\chrome.manifest

c:\documents and settings\Vamos Rafa\Local Settings\Application Data\{EBE0C481-C961-4996-886D-160ED5063E33}\chrome\content\_cfg.js

c:\documents and settings\Vamos Rafa\Local Settings\Application Data\{EBE0C481-C961-4996-886D-160ED5063E33}\chrome\content\overlay.xul

c:\documents and settings\Vamos Rafa\Local Settings\Application Data\{EBE0C481-C961-4996-886D-160ED5063E33}\install.rdf

c:\windows\edejufan.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))

.

.

2011-04-24 21:26 . 2011-04-24 21:26 122815660 ----a-w- C:\registrybackup.reg

2011-04-24 20:47 . 2011-04-24 20:47 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\BDL+P

2011-04-24 20:43 . 2011-04-26 05:04 -------- d-----w- C:\liquid

2011-04-24 20:33 . 2011-04-24 20:33 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-04-24 20:33 . 2011-04-24 20:33 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-04-24 20:33 . 2011-04-24 20:35 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\DAEMON Tools Lite

2011-04-24 20:33 . 2011-04-24 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2011-04-20 07:32 . 2011-04-20 07:32 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\Avira

2011-04-20 02:57 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-04-20 02:57 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-20 02:57 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-04-20 02:57 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-04-20 02:57 . 2011-04-20 02:57 -------- d-----w- c:\program files\Avira

2011-04-20 02:57 . 2011-04-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-04-19 03:40 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll

2011-04-19 03:40 . 2011-04-19 03:40 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-04-18 05:05 . 2011-04-18 05:05 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-04-18 04:55 . 2011-04-26 06:21 0 ----a-w- c:\windows\Ssexohoqusi.bin

2011-04-18 04:53 . 2011-04-22 01:19 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\3027DCEB6FF29DEB4472D78FD4EFABF5

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2008-03-20 16:32 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:51 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:37 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32 . 2009-04-17 06:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-04 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2004-08-04 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-03 01:40 . 2010-04-26 00:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 23:19 . 2009-12-11 22:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2008-03-20 16:30 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-03-20 16:30 677888 ----a-w- c:\windows\system32\mstsc.exe

2008-04-08 17:46 . 2008-04-08 17:46 1292 ----a-w- c:\program files\ffdsasetts.reg

2008-04-08 17:46 . 2008-04-08 17:44 680 ----a-w- c:\program files\mpc2.reg

2008-04-08 17:46 . 2008-04-08 17:44 596 ----a-w- c:\program files\mpc1.reg

2008-04-08 17:46 . 2008-04-08 17:44 4608 ----a-w- c:\program files\mpc4.reg

2008-04-08 17:46 . 2008-04-08 17:44 3476 ----a-w- c:\program files\mpc7.reg

2008-04-08 17:46 . 2008-04-08 17:44 3026 ----a-w- c:\program files\mpc3.reg

2008-04-08 17:46 . 2008-04-08 17:44 27260 ----a-w- c:\program files\ffdssetts.reg

2008-04-08 17:46 . 2008-04-08 17:44 24316 ----a-w- c:\program files\ffdsvsetts.reg

2008-04-08 17:46 . 2008-04-08 17:44 18156 ----a-w- c:\program files\mpc6.reg

2008-04-08 17:46 . 2008-04-08 17:44 16486 ----a-w- c:\program files\mpc5.reg

2008-02-14 22:23 . 2008-02-14 22:23 231944 ----a-w- c:\program files\gwflash.exe

2007-09-22 03:42 . 2007-09-22 03:42 19008 ----a-w- c:\program files\markfun.a64

2007-08-22 03:49 . 2007-08-22 03:49 17912 ----a-w- c:\program files\markfun.w32

2007-03-02 12:48 . 2007-03-02 12:48 240448 ----a-w- c:\program files\gwf32.exe

2006-11-24 07:47 . 2006-11-24 07:47 207680 ----a-w- c:\program files\BIOS_Run.exe

2005-04-28 03:40 . 2005-04-28 03:40 6800 ----a-w- c:\program files\W95_HUA.vxd

2011-03-18 17:53 . 2011-03-24 05:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-4-23 6144]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA Games\\Ultima Online 2D Client\\client.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\update.exe"=

"c:\\Program Files\\gwflash.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\BIOS_Run.exe"=

"c:\\Documents and Settings\\Vamos Rafa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Vamos Rafa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\ijji\\ENGLISH\\u_gunz.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

"c:\\Program Files\\Razer\\DeathAdder\\razertra.exe"=

"c:\\Program Files\\Razer\\DeathAdder\\razerofa.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\jameshieu@yahoo.com\\counter-strike\\hl.exe"=

"c:\\Program Files\\Steam\\steamapps\\jameshieu@yahoo.com\\dark messiah might and magic multi-player\\mm.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Kodak\\PACS\\uvapa\\mv_client\\LoaderExe.exe"=

"c:\\Program Files\\Kodak\\PACS\\uvapa\\mv_client\\mp.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/24/2011 4:33 PM 218688]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 10:24 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 10:24 PM 74480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/19/2011 10:57 PM 135336]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/20/2008 3:15 PM 22784]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [3/20/2008 3:13 PM 651712]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\VAMOSR~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\VAMOSR~1\LOCALS~1\Temp\cpuz_x32.sys [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [1/21/2009 2:21 AM 10744]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 10:24 PM 7408]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [9/4/2008 3:53 PM 33400]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/21/2008 2:48 AM 715248]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ALSysIO

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1292428093-725345543-1003Core1cbff877ea096b4.job

- c:\documents and settings\Vamos Rafa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-28 01:54]

.

2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1292428093-725345543-1003UA.job

- c:\documents and settings\Vamos Rafa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-28 01:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {8E49176D-5B2E-4391-AA56-212161D660DE} - hxxp://pacs.hscs.virginia.edu/plugin/JavaSettings.exe

FF - ProfilePath - c:\documents and settings\Vamos Rafa\Application Data\Mozilla\Firefox\Profiles\6320ji3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Dpuroxolibugi - c:\windows\edejufan.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-26 17:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\controlset004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1008)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2011-04-26 17:18:23

ComboFix-quarantined-files.txt 2011-04-26 21:18

ComboFix2.txt 2011-04-22 17:55

.

Pre-Run: 92,104,036,352 bytes free

Post-Run: 92,089,876,480 bytes free

.

Current=4 Default=4 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 849EEEF7EE182CE5BF38FA97A99BFE05

[Kenny94]

Whew! We got it all other than these leftovers.....

Run CFScript

• Close any open browsers.
  
• Open Notepad by click start
  
• Click Run
  
• Type notepad into the box and click enter
  
• Notepad will open
  
• Copy and Paste everything from the Code box into Notepad:
  

KILLALL::
Collect:: 
C:\WINDOWS\edejufan.dll 
Folder::
c:\documents and settings\Vamos Rafa\Application Data\3027DCEB6FF29DEB4472D78FD4EFABF5

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

[warehouse]

Woot. So far so good with no further issues.

ComboFix 11-04-26.01 - Vamos Rafa 04/26/2011 21:37:24.15.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1591 [GMT -4:00]

Running from: c:\documents and settings\Vamos Rafa\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Vamos Rafa\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Vamos Rafa\Application Data\3027DCEB6FF29DEB4472D78FD4EFABF5

.

.

((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))

.

.

2011-04-24 21:26 . 2011-04-24 21:26 122815660 ----a-w- C:\registrybackup.reg

2011-04-24 20:47 . 2011-04-24 20:47 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\BDL+P

2011-04-24 20:43 . 2011-04-26 05:04 -------- d-----w- C:\liquid

2011-04-24 20:33 . 2011-04-24 20:33 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-04-24 20:33 . 2011-04-24 20:33 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-04-24 20:33 . 2011-04-24 20:35 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\DAEMON Tools Lite

2011-04-24 20:33 . 2011-04-24 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2011-04-20 07:32 . 2011-04-20 07:32 -------- d-----w- c:\documents and settings\Vamos Rafa\Application Data\Avira

2011-04-20 02:57 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-04-20 02:57 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-20 02:57 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-04-20 02:57 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-04-20 02:57 . 2011-04-20 02:57 -------- d-----w- c:\program files\Avira

2011-04-20 02:57 . 2011-04-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-04-19 03:40 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll

2011-04-19 03:40 . 2011-04-19 03:40 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-04-18 05:05 . 2011-04-18 05:05 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-04-18 04:55 . 2011-04-26 06:21 0 ----a-w- c:\windows\Ssexohoqusi.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2008-03-20 16:32 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:51 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:37 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32 . 2009-04-17 06:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-04 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2004-08-04 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-03 01:40 . 2010-04-26 00:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 23:19 . 2009-12-11 22:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2008-03-20 16:30 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-03-20 16:30 677888 ----a-w- c:\windows\system32\mstsc.exe

2008-04-08 17:46 . 2008-04-08 17:46 1292 ----a-w- c:\program files\ffdsasetts.reg

2008-04-08 17:46 . 2008-04-08 17:44 680 ----a-w- c:\program files\mpc2.reg

2008-04-08 17:46 . 2008-04-08 17:44 596 ----a-w- c:\program files\mpc1.reg

2008-04-08 17:46 . 2008-04-08 17:44 4608 ----a-w- c:\program files\mpc4.reg

2008-04-08 17:46 . 2008-04-08 17:44 3476 ----a-w- c:\program files\mpc7.reg

2008-04-08 17:46 . 2008-04-08 17:44 3026 ----a-w- c:\program files\mpc3.reg

2008-04-08 17:46 . 2008-04-08 17:44 27260 ----a-w- c:\program files\ffdssetts.reg

2008-04-08 17:46 . 2008-04-08 17:44 24316 ----a-w- c:\program files\ffdsvsetts.reg

2008-04-08 17:46 . 2008-04-08 17:44 18156 ----a-w- c:\program files\mpc6.reg

2008-04-08 17:46 . 2008-04-08 17:44 16486 ----a-w- c:\program files\mpc5.reg

2008-02-14 22:23 . 2008-02-14 22:23 231944 ----a-w- c:\program files\gwflash.exe

2007-09-22 03:42 . 2007-09-22 03:42 19008 ----a-w- c:\program files\markfun.a64

2007-08-22 03:49 . 2007-08-22 03:49 17912 ----a-w- c:\program files\markfun.w32

2007-03-02 12:48 . 2007-03-02 12:48 240448 ----a-w- c:\program files\gwf32.exe

2006-11-24 07:47 . 2006-11-24 07:47 207680 ----a-w- c:\program files\BIOS_Run.exe

2005-04-28 03:40 . 2005-04-28 03:40 6800 ----a-w- c:\program files\W95_HUA.vxd

2011-03-18 17:53 . 2011-03-24 05:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-4-23 6144]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA Games\\Ultima Online 2D Client\\client.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\update.exe"=

"c:\\Program Files\\gwflash.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\BIOS_Run.exe"=

"c:\\Documents and Settings\\Vamos Rafa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Vamos Rafa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\ijji\\ENGLISH\\u_gunz.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

"c:\\Program Files\\Razer\\DeathAdder\\razertra.exe"=

"c:\\Program Files\\Razer\\DeathAdder\\razerofa.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\jameshieu@yahoo.com\\counter-strike\\hl.exe"=

"c:\\Program Files\\Steam\\steamapps\\jameshieu@yahoo.com\\dark messiah might and magic multi-player\\mm.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Kodak\\PACS\\uvapa\\mv_client\\LoaderExe.exe"=

"c:\\Program Files\\Kodak\\PACS\\uvapa\\mv_client\\mp.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/24/2011 4:33 PM 218688]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 10:24 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 10:24 PM 74480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/19/2011 10:57 PM 135336]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/20/2008 3:15 PM 22784]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [3/20/2008 3:13 PM 651712]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\VAMOSR~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\VAMOSR~1\LOCALS~1\Temp\cpuz_x32.sys [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [1/21/2009 2:21 AM 10744]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 10:24 PM 7408]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [9/4/2008 3:53 PM 33400]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/21/2008 2:48 AM 715248]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1292428093-725345543-1003Core1cbff877ea096b4.job

- c:\documents and settings\Vamos Rafa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-28 01:54]

.

2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1292428093-725345543-1003UA.job

- c:\documents and settings\Vamos Rafa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-28 01:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {8E49176D-5B2E-4391-AA56-212161D660DE} - hxxp://pacs.hscs.virginia.edu/plugin/JavaSettings.exe

FF - ProfilePath - c:\documents and settings\Vamos Rafa\Application Data\Mozilla\Firefox\Profiles\6320ji3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-26 21:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\controlset004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1008)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

- - - - - - - > 'explorer.exe'(8000)

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Razer\DeathAdder\razertra.exe

c:\program files\Razer\DeathAdder\razerofa.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-04-26 21:49:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-27 01:49

ComboFix2.txt 2011-04-26 21:18

ComboFix3.txt 2011-04-22 17:55

.

Pre-Run: 92,119,138,304 bytes free

Post-Run: 92,119,826,432 bytes free

.

Current=4 Default=4 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 7380E01DF97FA0C05A2265A408E4A3DD

[Kenny94]

Your good to go....

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

[warehouse]

Done and done. Can't find anything wrong with my PC currently and hope it stays that way

Kenny, thank you again for your awesome help.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!