Jump to content

Recommended Posts

I've been over this one a million times... i like to think (or i USED to like to think) i had a pretty good handle on windows systems, but this is just beyond me.

the last infection found was by malwarebytes and was flagged as a malware.trace infection in secushr.dat, but prior to that misc. trojans and spyware has been caught by spybot and avfree. i didn't keep track, because i didn't realize it would become such a huge problem.

even though i am running a dell desktop with windows xp sp3 with no internet connection (i use the ICS on my windows mobile to get online on the desktop), from everything i can gather it seems my pc is now part of a network, and i can't find where it's coming from. a lot of goofy behavior from the machine, even after a full resinstall of xp and all the microsoft patches and updates downloaded and installed installed.

i'm running GMER as i type this, but earlier today it got so far and crashed, giving me a blue screen with the following:

Problem Detected

Driver IRQL NOT LESS OR EQUAL

Technical info:

Stop: 0x000000D1

0x00014B3E

0X00000005

0X00000001

0XF923889B

atapi.sys address F923889B

base at F922F000

Date Stamp 4802539D

----

i've gone through every malware/spyware/virus tool i have, and checked into some of the windows information built in to XP, and it looks bad, but i'm still lost.

i re-ran a registry cleaner, mbam, ccleaner and now everything is coming up clean, but the machine still seems to be a slave on an unknown network. i have a ton of suspicious exe files blocked in zonealarm, and that seems to be stopping some of the problems, but i can't wrap my head around how bad this must be.

i even got an email from lastpass password management, even though i've never used their site or service. i requested they delete any information related to my email and contact me with any information regarding the creation of the account that they could.

any help at all would be appreciated!

----

here is the info requested in the new post instructions:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Owner at 19:29:03.76 on Tue 05/10/2011

Internet Explorer: 8.0.6001.18702

.

============== Running Processes ===============

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\Ace Explorer\Aexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.msn.com

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbzone.dll

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

IE: Save image with m&yBase - c:\program files\wjjsoft\webcollect\imagesave.htm

IE: Save with &myBase - c:\program files\wjjsoft\webcollect\websave.htm

IE: Share via PhotoRocket - c:\documents and settings\owner\local settings\application data\photorocket\bin\plugins\internetexplorer\iexplore.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: kuaiche.com\software

Handler: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - c:\program files\wjjsoft\nyfedit5\ienyf.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R? IS360service;IS360service

R? MpKsl247efd0a;MpKsl247efd0a

R? MpKsl2a9bd537;MpKsl2a9bd537

R? MpKsl4f21dbbc;MpKsl4f21dbbc

R? MpKsl53c01064;MpKsl53c01064

R? MpKsl7e4b2aff;MpKsl7e4b2aff

R? MpKsl8e10ee4e;MpKsl8e10ee4e

R? MpKslaf31db41;MpKslaf31db41

R? MpKslc83b448c;MpKslc83b448c

R? MpKsld9408db5;MpKsld9408db5

R? MpKsldc7b5941;MpKsldc7b5941

R? MpKslfca6bc8a;MpKslfca6bc8a

R? MpKslfe10b916;MpKslfe10b916

R? msav;Moon Secure Antivirus Core

R? nosGetPlusHelper;getPlus® Helper 3004

R? Secunia PSI Agent;Secunia PSI Agent

R? WinRM;Windows Remote Management (WS-Management)

S? PSI;PSI

S? Secunia Update Agent;Secunia Update Agent

S? vsdatant;vsdatant

S? vsmon;TrueVector Internet Monitor

.

=============== Created Last 30 ================

.

2011-05-10 20:35:27 -------- d-----w- c:\docume~1\owner\applic~1\CintaNotes

2011-05-10 19:14:03 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-10 19:13:53 -------- d-----w- c:\program files\Trend Micro

2011-05-10 15:21:43 -------- d-----w- c:\docume~1\owner\applic~1\Ace Explorer

2011-05-10 15:18:06 -------- d-----w- c:\program files\Ace Explorer

2011-05-09 06:35:31 -------- d-----w- c:\program files\Sonork

2011-05-09 01:53:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\CheckPoint

2011-05-08 06:17:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avanquest Software

2011-05-08 06:17:20 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\BVRP Software

2011-05-08 00:35:21 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WMTools Downloaded Files

2011-05-07 02:07:59 10240 -c--a-w- c:\windows\system32\dllcache\atipcxxx.sys

2011-05-07 02:06:34 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-05-07 02:05:04 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-05-06 18:34:05 -------- d-----w- c:\program files\CintaNotes

2011-05-06 18:29:13 14336 ----a-w- c:\windows\system32\rtffilt.dll

2011-05-06 18:29:12 -------- d-----w- c:\program files\wjjsoft

2011-05-06 18:28:26 -------- d-----w- c:\docume~1\owner\applic~1\TreeDBNotes 3

2011-05-06 18:28:15 -------- d-----w- c:\program files\TreeDBNotes 3

2011-05-06 18:27:45 -------- d-----w- c:\program files\AllMyNotes Organizer

2011-05-06 18:27:01 -------- d-----w- c:\program files\KeyNote

2011-05-06 18:26:16 -------- d-----w- c:\program files\FolderSize

2011-05-06 18:25:48 160285 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe

2011-05-06 18:25:47 -------- d-----w- c:\program files\Sqirlz Morph

2011-05-06 18:25:28 -------- d-----w- c:\program files\Bulk Rename Utility

2011-05-06 18:25:01 -------- d-----w- c:\program files\SpyTheSpy

2011-05-06 18:23:52 -------- d-----w- c:\program files\common files\debugmode

2011-05-06 18:23:51 -------- d-----w- c:\program files\Debugmode

2011-05-06 17:31:54 -------- d-----w- c:\docume~1\owner\applic~1\DVDVideoSoftIEHelpers

2011-05-06 17:23:17 -------- d-----w- c:\docume~1\owner\applic~1\DVDVideoSoft

2011-05-06 17:22:34 -------- d-----w- c:\program files\common files\DVDVideoSoft

2011-05-06 17:22:09 -------- d-----w- c:\program files\DVDVideoSoft

2011-05-06 17:08:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PhotoRocket

2011-05-06 15:10:08 -------- d-----w- c:\program files\AVAST Software

2011-05-06 14:55:59 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-05-06 14:55:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-06 14:55:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-06 14:55:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-06 14:55:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-06 14:18:57 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS

2011-05-05 03:13:03 -------- d-----w- c:\docume~1\owner\applic~1\CheckPoint

2011-05-05 03:06:02 -------- d-----w- c:\program files\Conduit

2011-05-05 03:05:58 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\ZoneAlarm_Security

2011-05-05 03:05:57 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Conduit

2011-05-05 03:05:25 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-05-05 02:57:01 -------- d-----w- c:\program files\CheckPoint

2011-05-05 02:31:35 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-05-05 02:31:35 -------- d-----w- c:\windows\system32\ZoneLabs

2011-05-05 02:25:01 -------- d-----w- c:\program files\Zone Labs

2011-05-05 02:17:43 -------- d-----w- c:\windows\Internet Logs

2011-05-05 01:35:24 -------- d-----w- c:\program files\Moon Secure Antivirus

2011-05-04 09:26:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-05-04 09:12:25 -------- d-----w- c:\docume~1\owner\applic~1\GlarySoft

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-05-04 08:09:59 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Google

2011-05-04 08:09:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Deployment

2011-05-04 07:39:50 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Secunia PSI

2011-05-04 07:35:15 -------- d-----w- c:\program files\Secunia

2011-05-04 07:34:32 -------- d-----w- c:\program files\Glary Utilities

2011-05-04 07:02:16 900608 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{7aaa27e4-cdb3-49c0-aa2d-41827c001ba3}\StartMenuIcon.exe

2011-05-04 07:01:37 -------- d-----w- c:\program files\Microsoft

2011-05-04 06:59:19 67376 ----a-w- c:\windows\system32\sysinfo.ocx

2011-05-04 06:59:18 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Winsonar

2011-05-04 06:57:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\SystemExplorer

2011-05-04 06:57:39 -------- d-----w- c:\program files\System Explorer

2011-05-04 06:46:53 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\G DATA

2011-05-04 06:45:39 -------- d-----w- c:\program files\Malware Removal Tool

2011-05-04 03:58:54 -------- d-----w- c:\program files\jv16 PowerTools 2011

2011-05-03 19:33:20 -------- d-----w- c:\program files\Unlocker

2011-05-03 19:28:05 -------- d-----w- c:\program files\Innovative Solutions

2011-05-03 19:21:42 -------- d-----w- c:\program files\YourWare Solutions

2011-05-03 19:14:22 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2011-05-03 19:14:21 -------- d-----w- c:\program files\SpywareBlaster

2011-05-03 19:10:46 -------- d-----w- c:\program files\Emsisoft HiJackFree

2011-05-03 19:06:14 -------- d-----w- c:\program files\X-Setup

2011-05-03 18:58:27 -------- d-----w- c:\docume~1\owner\applic~1\PMW

2011-05-03 18:57:11 -------- d-----w- c:\program files\ToniArts

2011-05-03 18:56:27 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll

2011-05-03 18:56:27 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll

2011-05-03 18:56:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe

2011-05-03 18:56:27 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll

2011-05-03 18:56:27 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll

2011-05-03 18:56:23 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll

2011-05-03 18:56:22 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll

2011-05-03 18:56:09 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2011-05-03 18:40:36 -------- d-----w- c:\docume~1\owner\applic~1\Uniblue

2011-05-03 18:39:55 -------- dc----w- c:\docume~1\alluse~1\applic~1\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-05-03 18:39:29 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PackageAware

2011-05-03 18:30:42 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\v_k_softwares

2011-05-03 18:29:19 -------- d-----w- c:\program files\Yet Another (remote) Process Monitor

2011-05-03 18:28:14 -------- d-----w- c:\program files\PMW

2011-05-03 18:21:45 -------- d-----w- c:\docume~1\owner\applic~1\Process Hacker 2

2011-05-03 18:01:11 -------- d-----w- c:\program files\Uniblue

2011-05-03 17:58:47 -------- d-----w- c:\program files\Daphne

2011-05-03 17:58:24 -------- d-----w- c:\program files\Process Hacker 2

2011-05-03 17:24:05 -------- d-----w- c:\program files\BitPim

2011-05-03 17:20:04 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-05-03 17:20:04 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2011-05-03 17:19:09 -------- d-----w- c:\program files\Motorola Phone Tools

2011-05-03 17:18:01 9232 ----a-w- c:\documents and settings\owner\mqdmmdfl.sys

2011-05-03 17:18:01 92064 ----a-w- c:\documents and settings\owner\mqdmmdm.sys

2011-05-03 17:18:01 79328 ----a-w- c:\documents and settings\owner\mqdmserd.sys

2011-05-03 17:18:01 66656 ----a-w- c:\documents and settings\owner\mqdmbus.sys

2011-05-03 17:18:01 6208 ----a-w- c:\documents and settings\owner\mqdmcmnt.sys

2011-05-03 17:18:01 5936 ----a-w- c:\documents and settings\owner\mqdmwhnt.sys

2011-05-03 17:18:01 4048 ----a-w- c:\documents and settings\owner\mqdmcr.sys

2011-05-03 17:18:01 25600 ----a-w- c:\windows\system32\drivers\usbsermptxp.sys

2011-05-03 17:18:01 25600 ----a-w- c:\documents and settings\owner\usbsermptxp.sys

2011-05-03 17:18:01 22768 ----a-w- c:\documents and settings\owner\usbsermpt.sys

2011-05-03 17:12:06 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll

2011-05-03 17:12:05 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll

2011-05-03 17:12:05 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll

2011-05-03 17:12:05 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe

2011-05-03 17:12:05 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll

2011-05-03 17:12:04 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll

2011-05-03 17:12:03 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll

2011-05-03 14:02:54 -------- d-----w- c:\program files\WinDirStat

2011-04-29 19:22:30 -------- d-----w- c:\program files\GreenBrowser

2011-04-29 08:21:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Thunderbird

2011-04-28 13:24:23 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\AOL

2011-04-28 13:24:23 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\AIM

2011-04-28 13:23:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\AIM

2011-04-28 13:23:41 -------- d-----w- c:\program files\AIM

2011-04-28 13:23:37 -------- d-----w- c:\program files\common files\AOL

2011-04-28 13:18:02 -------- d-----w- c:\docume~1\owner\applic~1\AOLLifestream.38DDEF08F290DDEE890E6397840BD9770BA0A787.1

2011-04-28 13:17:05 -------- d-----w- c:\program files\AOL Lifestream

2011-04-27 19:53:43 -------- d-----w- c:\windows\pss

2011-04-25 06:57:41 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll

2011-04-24 23:50:43 -------- d-----w- c:\docume~1\owner\applic~1\Mipony

2011-04-22 06:08:51 -------- d-----w- C:\f1807d2ecd7bae36c2b9

2011-04-22 04:05:48 -------- d-----w- c:\docume~1\owner\applic~1\Launchy

2011-04-21 21:04:23 -------- d-----w- c:\windows\Downloaded Installations

2011-04-21 20:20:40 -------- d-----w- c:\program files\KGP Software

2011-04-21 05:27:30 -------- d-----w- c:\program files\Defraggler

2011-04-21 05:25:17 -------- d-----w- c:\program files\Speccy

2011-04-21 03:12:01 -------- d-----w- c:\docume~1\owner\applic~1\GetGo Software

2011-04-21 03:09:12 -------- d-----w- c:\docume~1\owner\applic~1\ProgSense

2011-04-21 02:54:57 -------- d-----w- c:\docume~1\owner\applic~1\BITS

2011-04-21 02:54:56 -------- d-----w- c:\docume~1\owner\applic~1\FlashGet

2011-04-21 02:54:45 -------- d-----w- c:\docume~1\owner\applic~1\FlashGetBHO

2011-04-21 00:50:20 -------- d-----w- C:\Downloads

2011-04-21 00:34:41 -------- d-----w- c:\docume~1\owner\applic~1\HTSK

2011-04-21 00:11:23 -------- d-----w- c:\program files\Star Downloader

2011-04-20 22:09:10 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\K-Meleon

2011-04-20 22:08:11 -------- d-----w- c:\docume~1\owner\applic~1\K-Meleon

2011-04-20 22:04:13 -------- d-----w- c:\program files\K-Meleon

2011-04-20 15:20:14 8704 ----a-w- c:\windows\system32\sef.exe

2011-04-20 14:54:25 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-04-20 14:53:06 -------- d-----w- c:\windows\system32\winrm

2011-04-20 14:53:06 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-20 14:52:51 -------- dc----w- c:\windows\$968930Uinstall_KB968930$

2011-04-20 14:34:00 -------- d-----w- c:\docume~1\owner\applic~1\IObit

2011-04-20 14:33:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-04-20 14:33:44 -------- d-----w- c:\program files\IObit

2011-04-20 14:33:14 -------- d-----w- c:\program files\OneClick Spyware Expert

2011-04-20 14:32:29 -------- d-----w- c:\program files\PC-Clean

2011-04-20 14:32:28 36864 ----a-w- c:\windows\system32\NliaControlRes.dll

2011-04-20 14:32:28 139264 ----a-w- c:\windows\system32\NliaControl.cpl

2011-04-20 14:32:28 -------- d-----w- c:\program files\NLIA

2011-04-18 14:54:47 -------- d-----w- c:\docume~1\owner\applic~1\AnvSoft

2011-04-18 14:54:28 -------- d-----w- c:\program files\AnvSoft

2011-04-18 14:49:48 -------- d-----w- c:\docume~1\owner\applic~1\HandBrake

2011-04-18 14:49:47 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\HandBrake

2011-04-18 11:24:58 -------- d-----w- c:\program files\Sony Media Go Install

2011-04-15 08:20:51 -------- d-----w- c:\docume~1\owner\applic~1\enchant

2011-04-15 07:41:11 -------- d-----w- c:\documents and settings\owner\AbiSuite

2011-04-15 05:04:04 -------- d-----w- c:\program files\PicPick

2011-04-15 04:33:36 -------- d-----w- c:\program files\AbiWord

2011-04-14 16:06:19 519 ----a-w- C:\ATX.REG

2011-04-14 02:45:34 -------- d-----w- c:\program files\Photodex

2011-04-13 09:02:05 -------- d-----w- c:\program files\VLMC

.

==================== Find3M ====================

.

2011-04-29 16:48:08 110592 ----a-w- c:\windows\system32\services.exe

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 19:31:28.98 ===============

---

attach.zipmbam-log-2011-05-10 (19-23-14).txthijackthis.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

With that said, please update MBAM, run a Quick Scan, and post its log.

Next, Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I apologize for the attachments, I think I was taking the suggestion of the DDS pop-up that that appears when it completes about not posting the log file itself but zipping it first. I'll keep everything posted as text going forward.

At any rate, thanks so much for getting back to me, it's great to have some help on this.

I updated MBAM and re-ran, but even for a "Quick Scan" it seemed to finish pretty fast. I uninstalled MBAM, tried to clean out any references to it I could find, downloaded the install file on a clean system and re-installed. Once I did it, it seemed to be the real program, but updating it gave me error:

----

An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING (12007, 0, WinHttrpSendRequest)

-----

I went throgh the whole process again and this time it seemed to update and do the scan properly, the log is below.

Combofix crashed twice once it started, even though I made sure to follow all the instructions on their site about disabling other programs and not clicking anywhere once it got going. The first crash it just completely disappeared, the way a program will if you were to kill the process in task manager. The second time I got hit with a bluescreen with:

A PROBLEM HAS BEEN DETECTED. WINDOWS HAS SHUT DOWN TO PREVENT DAMAGE TO YOUR SYSTEM.

BAD_POOL_CALLER

STOP: 0X000000CZ (0X00000040, 0X00000000, OX80000000, 0X00000000)

Combofix stopped the first time re-running it to alert it had found rootkit activity and needed to restart. Once the system rebooted it appeared it ran itself prior to the other windows boot programs, which I am hoping is a good thing.

I also have to keep setting the preferences on my taskbar to show recently closed documents and recently used programs, as they change on the fly. When i re-enable the view, it shows program and document access that wasn't done by me. It really is a pretty creepy feeling. I found shared folders using a tool in a program I downloaded to do complete uninstalls of programs (Revo Uninstaller), but I don't have permissions to kill the connections through the regular Windows GUI or using the command line. I can't install printers or manage modems without getting the error that I do not have admin provledges.

I also just switched to using Notepad++, since one of the usual suspects - notepad.exe - seems to overappear in a few directories and is the target of some shortcuts that don't make sense.

At this point I'm assuming all my information has been compromised, and that the many, many programs I downloaded trying to fix it myself probably made it worse, but I'll create a new post at some point looking for insight on how to best deal with those issues.

To the best of my knowledge, the scans you requested be performed did go through successfully, but one of the other problems I've found is that many windows processes and even regular shortcuts have been changed to point to what I can only assume are malicious programs and services. Hopefully there is enough here for you to work with. Please let me know if you need more information before you can take the next steps? Otherwise, I'll look forward to hearing from you.

Thanks again!

Jay

----

LOGS:

5/13/2011 MBAM LOG (the system failed after cleaning these, so i wasn't able to rescan and run the other tools.)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6563

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/12/2011 8:03:46 PM

mbam-log-2011-05-12 (20-03-46).txt

Scan type: Quick scan

Objects scanned: 146536

Time elapsed: 16 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MBAM LOG:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6563

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/13/2011 3:34:02 AM

mbam-log-2011-05-13 (03-34-02).txt

Scan type: Quick scan

Objects scanned: 141760

Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------

COMBOFIX LOG:

ComboFix 11-05-13.02 - Owner 05/14/2011 4:14.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.71 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\usbsermpt.sys

c:\documents and settings\Owner\usbsermptxp.sys

.

---- Previous Run -------

.

c:\documents and settings\Owner\Application Data\EurekaLog\cleaner8\BugReport.zip

c:\documents and settings\Owner\mqdmbus.sys

c:\documents and settings\Owner\mqdmcmnt.sys

c:\documents and settings\Owner\mqdmcr.sys

c:\documents and settings\Owner\mqdmmdfl.sys

c:\documents and settings\Owner\mqdmmdm.sys

c:\documents and settings\Owner\mqdmserd.sys

c:\documents and settings\Owner\mqdmwhnt.sys

c:\documents and settings\Owner\usbsermpt.sys

c:\documents and settings\Owner\usbsermptxp.sys

C:\install.exe

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\NTVBSvcW.tlb

.

.

((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))

.

.

2011-05-14 06:32 . 2011-05-14 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-05-14 06:31 . 2011-05-14 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite

2011-05-14 04:21 . 2011-05-14 04:21 25 ----a-w- c:\windows\wpd99.drv

2011-05-14 04:21 . 2011-05-14 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2011-05-14 04:21 . 2011-05-14 04:21 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2011-05-14 04:21 . 2011-05-14 04:21 249856 ----a-w- c:\windows\system32\pdfmona.dll

2011-05-14 04:20 . 2011-05-14 04:20 -------- d-----w- c:\program files\pdf995

2011-05-14 03:33 . 2011-05-14 03:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Fernando_Cerqueira

2011-05-13 15:26 . 2011-05-13 15:28 -------- d-----w- c:\program files\Motorola

2011-05-13 15:24 . 2011-05-13 15:24 -------- d-----w- c:\program files\QPST

2011-05-13 15:21 . 2011-05-13 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Samsung

2011-05-13 15:19 . 2011-05-13 15:19 -------- d-----w- c:\program files\Common Files\PCSuite

2011-05-13 15:18 . 2008-07-03 00:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2011-05-13 15:16 . 2011-05-13 15:16 -------- d-----w- c:\program files\MSXML 4.0

2011-05-13 15:15 . 2011-05-13 15:15 -------- d-----w- c:\program files\DIFX

2011-05-13 15:15 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-05-13 15:15 . 2011-05-13 15:15 -------- d-----w- c:\program files\PC Connectivity Solution

2011-05-13 15:15 . 2007-05-02 20:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-05-13 15:09 . 2011-05-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2011-05-13 14:48 . 2011-05-13 14:48 -------- d-----w- c:\program files\Phone Manager

2011-05-13 14:17 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

2011-05-13 13:35 . 2011-05-10 18:15 502095 ----a-w- C:\unhide.exe

2011-05-13 10:00 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2011-05-13 05:37 . 2011-05-13 05:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help

2011-05-12 18:59 . 2011-05-12 18:59 -------- d-----w- c:\program files\IObit

2011-05-12 16:04 . 2011-05-12 16:04 -------- d-----w- c:\program files\AMS Beauty Studio

2011-05-12 16:01 . 2011-05-12 16:01 -------- d-----w- c:\windows\Internet Logs

2011-05-12 15:39 . 2011-05-13 01:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-05-12 11:08 . 2011-05-12 11:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Xilisoft Corporation

2011-05-12 11:02 . 2011-05-12 11:02 -------- d-----w- c:\program files\Xilisoft

2011-05-12 11:01 . 2011-05-12 11:01 -------- d-----w- c:\program files\CleverCell Phone Manager

2011-05-12 10:51 . 2011-05-12 11:00 -------- d-----w- c:\program files\CallerID-Events

2011-05-12 09:20 . 2005-03-27 06:32 6272 ----a-w- c:\windows\system32\drivers\ramdisk.sys

2011-05-12 09:20 . 2002-08-30 02:08 36992 ----a-w- c:\windows\system32\drivers\filedisk.sys

2011-05-12 09:20 . 2011-05-12 10:49 -------- d-----w- c:\program files\ID Security Suite

2011-05-12 09:16 . 2011-05-12 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5

2011-05-12 09:16 . 2011-05-12 09:19 -------- d-----w- c:\documents and settings\Owner\Application Data\River Past G5

2011-05-12 09:16 . 2011-05-12 09:16 161231 ----a-w- c:\windows\DirectShow Detective Uninstaller.exe

2011-05-12 09:16 . 2011-05-12 09:16 -------- d-----w- c:\program files\River Past

2011-05-12 09:16 . 2011-05-12 09:16 -------- d-----w- c:\program files\Common Files\River Past

2011-05-12 05:55 . 2011-05-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2011-05-12 05:55 . 2011-05-12 05:55 -------- d-----w- c:\program files\NOS

2011-05-12 03:01 . 2011-05-12 03:00 720896 ----a-w- c:\windows\iun6002.exe

2011-05-12 03:00 . 2011-05-12 03:00 -------- d-----w- c:\program files\Multiicon

2011-05-12 02:40 . 2011-05-12 02:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Map Loader

2011-05-12 02:38 . 2011-05-12 02:38 -------- d-----w- c:\program files\MAKEMSI Package Documentation

2011-05-12 02:38 . 2011-05-12 02:38 -------- d-----w- c:\program files\Wayfinder MapLoader

2011-05-11 13:03 . 2011-05-11 13:03 -------- d-----w- c:\documents and settings\Guest

2011-05-11 12:44 . 2011-05-11 12:44 -------- d-----w- c:\program files\XnView

2011-05-11 11:08 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-05-11 11:05 . 2010-09-29 21:13 24064 ----a-w- c:\windows\system32\drivers\motport.sys

2011-05-11 11:05 . 2010-09-29 21:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys

2011-05-11 11:05 . 2009-01-29 20:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys

2011-05-11 11:05 . 2010-12-03 18:03 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys

2011-05-11 11:05 . 2008-03-27 20:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2011-05-11 11:05 . 2007-11-02 18:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys

2011-05-11 11:05 . 2009-12-21 17:42 15616 ----a-w- c:\windows\system32\mot_ci.dll

2011-05-11 11:05 . 2011-05-13 15:15 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-11 11:05 . 2009-05-08 14:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys

2011-05-11 11:03 . 2011-05-11 11:03 -------- d-----w- c:\program files\Common Files\Motorola Shared

2011-05-11 08:07 . 2011-05-11 08:14 -------- d-----w- c:\program files\Spiceworks

2011-05-11 06:13 . 2011-05-11 06:13 -------- d-----w- c:\program files\SecurityXploded

2011-05-11 06:06 . 2011-05-11 06:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter

2011-05-11 06:05 . 2011-05-11 06:05 -------- d-----w- c:\program files\Update Notifier

2011-05-11 06:05 . 2011-05-11 06:07 -------- d-----w- c:\documents and settings\Owner\Application Data\cspa

2011-05-11 05:45 . 2011-05-11 05:45 -------- d-----w- c:\documents and settings\Owner\Application Data\DeviceDoctorSoftware

2011-05-11 05:45 . 2011-05-11 05:45 -------- d-----w- c:\program files\Device Doctor

2011-05-11 05:45 . 2011-05-11 05:45 -------- d-----w- c:\windows\MATS

2011-05-11 05:45 . 2011-05-11 05:45 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-05-11 05:34 . 2011-05-11 05:34 -------- d-----w- c:\program files\VS Revo Group

2011-05-11 05:00 . 2011-05-11 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-10 20:35 . 2011-05-10 20:35 -------- d-----w- c:\documents and settings\Owner\Application Data\CintaNotes

2011-05-10 19:14 . 2011-05-10 19:14 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-10 19:13 . 2011-05-10 19:13 -------- d-----w- c:\program files\Trend Micro

2011-05-10 15:21 . 2011-05-12 11:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Ace Explorer

2011-05-10 15:18 . 2011-05-10 20:08 -------- d-----w- c:\program files\Ace Explorer

2011-05-09 01:53 . 2011-05-09 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint

2011-05-08 06:17 . 2011-05-11 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest Software

2011-05-08 06:17 . 2011-05-08 06:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\BVRP Software

2011-05-08 06:17 . 2011-05-09 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2011-05-08 00:35 . 2011-05-08 00:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

2011-05-07 02:07 . 2001-08-17 16:49 10240 -c--a-w- c:\windows\system32\dllcache\atipcxxx.sys

2011-05-07 02:06 . 2001-08-17 18:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-05-07 02:05 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-05-06 18:34 . 2011-05-06 18:34 -------- d-----w- c:\program files\CintaNotes

2011-05-06 18:29 . 2001-09-06 16:09 14336 ----a-w- c:\windows\system32\rtffilt.dll

2011-05-06 18:29 . 2011-05-06 18:31 -------- d-----w- c:\program files\wjjsoft

2011-05-06 18:28 . 2011-05-06 18:50 -------- d-----w- c:\documents and settings\Owner\Application Data\TreeDBNotes 3

2011-05-06 18:28 . 2011-05-06 18:28 -------- d-----w- c:\program files\TreeDBNotes 3

2011-05-06 18:27 . 2011-05-07 06:55 -------- d-----w- c:\program files\AllMyNotes Organizer

2011-05-06 18:27 . 2011-05-10 20:36 -------- d-----w- c:\program files\KeyNote

2011-05-06 18:26 . 2011-05-06 18:26 -------- d-----w- c:\program files\FolderSize

2011-05-06 18:25 . 2011-05-06 18:25 160285 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe

2011-05-06 18:25 . 2011-05-06 18:25 -------- d-----w- c:\program files\Sqirlz Morph

2011-05-06 18:25 . 2011-05-06 18:25 -------- d-----w- c:\program files\Bulk Rename Utility

2011-05-06 18:25 . 2011-05-07 02:03 -------- d-----w- c:\program files\SpyTheSpy

2011-05-06 18:23 . 2011-05-06 18:23 -------- d-----w- c:\program files\Common Files\debugmode

2011-05-06 18:23 . 2011-05-06 18:23 -------- d-----w- c:\program files\Debugmode

2011-05-06 17:23 . 2011-05-06 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\DVDVideoSoft

2011-05-06 17:22 . 2011-05-06 17:30 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2011-05-06 17:22 . 2011-05-06 17:22 -------- d-----w- c:\program files\DVDVideoSoft

2011-05-06 17:08 . 2011-05-06 17:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PhotoRocket

2011-05-06 14:55 . 2011-05-06 14:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-05-06 14:55 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-06 14:55 . 2011-05-06 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-06 14:55 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-06 14:18 . 2011-05-06 14:18 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS

2011-05-05 03:13 . 2011-05-05 03:13 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint

2011-05-05 03:06 . 2011-05-05 03:06 -------- d-----w- c:\program files\Conduit

2011-05-05 03:05 . 2011-05-07 19:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ZoneAlarm_Security

2011-05-05 03:05 . 2011-05-07 19:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit

2011-05-05 03:05 . 2011-05-05 03:05 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-05-05 02:57 . 2011-05-05 02:57 -------- d-----w- c:\program files\CheckPoint

2011-05-05 01:35 . 2011-05-10 20:08 -------- d-----w- c:\program files\Moon Secure Antivirus

2011-05-04 13:36 . 2011-05-12 08:22 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

2011-05-04 09:26 . 2011-05-04 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-05-04 09:12 . 2011-05-11 03:40 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-05-04 09:03 . 2011-05-10 21:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-05-04 08:58 . 2011-05-10 20:08 -------- d-----w- c:\program files\QuickTime

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-29 16:48 . 2004-08-04 10:00 110592 ----a-w- c:\windows\system32\services.exe

2011-03-11 14:10 . 2004-08-04 10:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33 . 2011-03-20 03:04 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-08-04 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2011-03-20 02:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sef

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

backup=c:\windows\pss\Secunia PSI Tray.lnk01058BCF.startup

backupExtension=01058BCF.startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsl247efd0a.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCFFED9-FAE3-4E81-B251-8C8639D2937F}\MpKsl247efd0a.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsl2a9bd537.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9840D0BF-33E1-4864-B069-5B8FE6549C3E}\MpKsl2a9bd537.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsl4f21dbbc.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCFFED9-FAE3-4E81-B251-8C8639D2937F}\MpKsl4f21dbbc.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsl53c01064.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{310D874E-799A-4005-BCD9-A0175F621523}\MpKsl53c01064.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsl7e4b2aff.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCFFED9-FAE3-4E81-B251-8C8639D2937F}\MpKsl7e4b2aff.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsl8e10ee4e.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCFFED9-FAE3-4E81-B251-8C8639D2937F}\MpKsl8e10ee4e.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKslaf31db41.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E07662B5-513A-4FF5-A91E-C2D8A47691A7}\MpKslaf31db41.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKslc83b448c.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9840D0BF-33E1-4864-B069-5B8FE6549C3E}\MpKslc83b448c.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsld9408db5.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CD82F24-48BD-4885-9731-8ECBE8336D21}\MpKsld9408db5.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKsldc7b5941.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCFFED9-FAE3-4E81-B251-8C8639D2937F}\MpKsldc7b5941.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKslfca6bc8a.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9840D0BF-33E1-4864-B069-5B8FE6549C3E}\MpKslfca6bc8a.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MpKslfe10b916.sys]

\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9840D0BF-33E1-4864-B069-5B8FE6549C3E}\MpKslfe10b916.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerDriver5.sys]

\??\c:\program files\Unlocker\UnlockerDriver5.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiKeyloggerService.exe]

2009-09-06 15:54 572096 ----a-w- c:\program files\ID Security Suite\ID AntiKeylogger\AntiKeyloggerService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragglerShell.dll]

2011-04-13 10:26 189752 ----a-w- c:\program files\Defraggler\DefragglerShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeColumn.dll]

2010-04-06 04:41 90112 ----a-w- c:\program files\FolderSize\FolderSizeColumn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeSvc.exe]

2010-04-06 04:41 116224 ----a-w- c:\program files\FolderSize\FolderSizeSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP Pro.exe]

2006-03-23 04:13 1591808 ----a-r- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleUpdate.exe]

2011-05-04 08:09 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask.exe]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerCOM.dll]

2010-07-04 21:32 10752 ----a-w- c:\program files\Unlocker\UnlockerCOM.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webcheck.dll]

2009-03-08 09:34 236544 ----a-w- c:\windows\system32\webcheck.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsonar.exe]

2010-04-13 02:13 549888 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\Winsonar\winsonar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XnViewShellExt.dll]

2010-09-07 15:39 1490944 ----a-w- c:\program files\XnView\ShellEx\XnViewShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\AIM\\aim.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Spiceworks\\httpd\\bin\\spiceworks-httpd.exe"=

"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=

"c:\\Program Files\\River Past\\DirectShow Detective\\DSDetective.exe"=

"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 5:13 PM 226624]

R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [5/12/2011 2:59 PM 140848]

S0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\ramdisk.sys [5/12/2011 5:20 AM 6272]

S1 MpKsl247efd0a;MpKsl247efd0a; [x]

S1 MpKsl2a9bd537;MpKsl2a9bd537; [x]

S1 MpKsl4f21dbbc;MpKsl4f21dbbc; [x]

S1 MpKsl53c01064;MpKsl53c01064; [x]

S1 MpKsl7e4b2aff;MpKsl7e4b2aff; [x]

S1 MpKsl8e10ee4e;MpKsl8e10ee4e; [x]

S1 MpKslaf31db41;MpKslaf31db41; [x]

S1 MpKslc83b448c;MpKslc83b448c; [x]

S1 MpKsld9408db5;MpKsld9408db5; [x]

S1 MpKsldc7b5941;MpKsldc7b5941; [x]

S1 MpKslfca6bc8a;MpKslfca6bc8a; [x]

S1 MpKslfe10b916;MpKslfe10b916; [x]

S2 AntiKeylogger;Anti Keylogger; [x]

S2 msav;Moon Secure Antivirus Core; [x]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [5/11/2011 7:05 AM 20352]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [5/11/2011 7:05 AM 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [5/11/2011 7:05 AM 42752]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [5/11/2011 7:05 AM 24064]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 6:00 AM 14336]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-11 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 05:09]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com

uDefault_Search_URL = https://www.google.com

mStart Page = https://www.google.com

IE: Save image with m&yBase - c:\program files\wjjsoft\WebCollect\imagesave.htm

IE: Save with &myBase - c:\program files\wjjsoft\WebCollect\websave.htm

IE: Share via PhotoRocket - c:\documents and settings\Owner\Local Settings\Application Data\PhotoRocket\bin\plugins\internetexplorer\iexplore.htm

Trusted Zone: kuaiche.com\software

Handler: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - c:\program files\wjjsoft\nyfedit5\ienyf.dll

.

.

------- File Associations -------

.

JSEFile=c:\windows\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-vsdatant - System32\vsdatant.sys

MSConfigStartUp-vsmon - c:\windows\system32\ZoneLabs\vsmon.exe

MSConfigStartUp-zlclient - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-14 04:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-05-14 04:33:14

ComboFix-quarantined-files.txt 2011-05-14 08:33

.

Pre-Run: 67,531,808,768 bytes free

Post-Run: 67,571,601,408 bytes free

.

- - End Of File - - 9A4188581829F096F56871505CFE96CF

-----------

DDS LOG

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Owner at 15:44:13.00 on Sat 05/14/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.18 [GMT -4:00]

.

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Ace Explorer\Aexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com

uDefault_Search_URL = https://www.google.com

mStart Page = https://www.google.com

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

dRun: [samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog

IE: Save image with m&yBase - c:\program files\wjjsoft\webcollect\imagesave.htm

IE: Save with &myBase - c:\program files\wjjsoft\webcollect\websave.htm

IE: Share via PhotoRocket - c:\documents and settings\owner\local settings\application data\photorocket\bin\plugins\internetexplorer\iexplore.htm

Trusted Zone: kuaiche.com\software

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - c:\program files\wjjsoft\nyfedit5\ienyf.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R? AntiKeylogger;Anti Keylogger

R? MatSvc;Microsoft Automated Troubleshooting Service

R? motccgp;Motorola USB Composite Device Driver

R? motccgpfl;MotCcgpFlService

R? MotDev;Motorola Inc. USB Device

R? motport;Motorola USB Diagnostic Port

R? MpKsl247efd0a;MpKsl247efd0a

R? MpKsl2a9bd537;MpKsl2a9bd537

R? MpKsl4f21dbbc;MpKsl4f21dbbc

R? MpKsl53c01064;MpKsl53c01064

R? MpKsl7e4b2aff;MpKsl7e4b2aff

R? MpKsl8e10ee4e;MpKsl8e10ee4e

R? MpKslaf31db41;MpKslaf31db41

R? MpKslc83b448c;MpKslc83b448c

R? MpKsld9408db5;MpKsld9408db5

R? MpKsldc7b5941;MpKsldc7b5941

R? MpKslfca6bc8a;MpKslfca6bc8a

R? MpKslfe10b916;MpKslfe10b916

R? msav;Moon Secure Antivirus Core

R? nosGetPlusHelper;getPlus® Helper 3004

R? Ramdisk;Ramdisk Driver

R? WinRM;Windows Remote Management (WS-Management)

S? MotoHelper;MotoHelper Service

S? PfFilter;PfFilter

.

=============== File Associations ===============

.

JSEFile=c:\windows\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-05-14 06:32:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-05-14 04:21:31 25 ----a-w- c:\windows\wpd99.drv

2011-05-14 04:21:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\pdf995

2011-05-14 04:21:26 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2011-05-14 04:21:26 249856 ----a-w- c:\windows\system32\pdfmona.dll

2011-05-14 04:20:52 -------- d-----w- c:\program files\pdf995

2011-05-14 03:33:08 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Fernando_Cerqueira

2011-05-13 15:26:25 -------- d-----w- c:\program files\Motorola

2011-05-13 15:24:08 -------- d-----w- c:\program files\QPST

2011-05-13 15:21:43 -------- d-----w- c:\docume~1\owner\applic~1\Samsung

2011-05-13 15:19:02 -------- d-----w- c:\program files\common files\PCSuite

2011-05-13 15:18:42 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2011-05-13 15:16:06 -------- d-----w- c:\program files\MSXML 4.0

2011-05-13 15:15:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-05-13 15:15:32 -------- d-----w- c:\program files\PC Connectivity Solution

2011-05-13 15:15:00 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-05-13 14:48:30 -------- d-----w- c:\program files\Phone Manager

2011-05-13 14:17:20 266360 ----a-w- c:\windows\system32\TweakUI.exe

2011-05-13 13:35:59 502095 ----a-w- C:\unhide.exe

2011-05-13 05:37:13 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Help

2011-05-13 01:22:42 -------- d-sha-r- C:\cmdcons

2011-05-13 01:08:34 98816 ----a-w- c:\windows\sed.exe

2011-05-13 01:08:34 89088 ----a-w- c:\windows\MBR.exe

2011-05-13 01:08:34 256512 ----a-w- c:\windows\PEV.exe

2011-05-13 01:08:34 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 18:59:19 -------- d-----w- c:\program files\IObit

2011-05-12 16:04:21 -------- d-----w- c:\program files\AMS Beauty Studio

2011-05-12 16:01:24 -------- d-----w- c:\windows\Internet Logs

2011-05-12 11:08:32 -------- d-----w- c:\docume~1\owner\applic~1\Xilisoft Corporation

2011-05-12 11:02:59 -------- d-----w- c:\program files\Xilisoft

2011-05-12 11:01:51 -------- d-----w- c:\program files\CleverCell Phone Manager

2011-05-12 10:51:02 -------- d-----w- c:\program files\CallerID-Events

2011-05-12 09:20:30 6272 ----a-w- c:\windows\system32\drivers\ramdisk.sys

2011-05-12 09:20:30 36992 ----a-w- c:\windows\system32\drivers\filedisk.sys

2011-05-12 09:20:29 -------- d-----w- c:\program files\ID Security Suite

2011-05-12 09:16:19 161231 ----a-w- c:\windows\DirectShow Detective Uninstaller.exe

2011-05-12 09:16:19 -------- d-----w- c:\program files\River Past

2011-05-12 09:16:19 -------- d-----w- c:\program files\common files\River Past

2011-05-12 09:16:19 -------- d-----w- c:\docume~1\owner\applic~1\River Past G5

2011-05-12 09:16:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\River Past G5

2011-05-12 03:01:30 720896 ----a-w- c:\windows\iun6002.exe

2011-05-12 03:00:37 -------- d-----w- c:\program files\Multiicon

2011-05-12 02:40:48 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Map Loader

2011-05-12 02:38:34 -------- d-----w- c:\program files\MAKEMSI Package Documentation

2011-05-12 02:38:17 -------- d-----w- c:\program files\Wayfinder MapLoader

2011-05-11 12:44:52 -------- d-----w- c:\program files\XnView

2011-05-11 11:08:33 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-05-11 11:05:13 24064 ----a-w- c:\windows\system32\drivers\motport.sys

2011-05-11 11:05:11 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys

2011-05-11 11:05:10 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys

2011-05-11 11:05:09 6400 ----a-w- c:\windows\system32\drivers\motswch.sys

2011-05-11 11:05:09 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys

2011-05-11 11:05:09 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2011-05-11 11:05:05 15616 ----a-w- c:\windows\system32\mot_ci.dll

2011-05-11 11:05:04 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys

2011-05-11 11:03:27 -------- d-----w- c:\program files\common files\Motorola Shared

2011-05-11 08:07:50 -------- d-----w- c:\program files\Spiceworks

2011-05-11 06:13:15 -------- d-----w- c:\program files\SecurityXploded

2011-05-11 06:06:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\FixItCenter

2011-05-11 06:05:29 -------- d-----w- c:\program files\Update Notifier

2011-05-11 06:05:13 -------- d-----w- c:\docume~1\owner\applic~1\cspa

2011-05-11 05:45:57 -------- d-----w- c:\docume~1\owner\applic~1\DeviceDoctorSoftware

2011-05-11 05:45:26 -------- d-----w- c:\program files\Device Doctor

2011-05-11 05:45:18 -------- d-----w- c:\windows\MATS

2011-05-11 05:45:14 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-05-11 05:34:01 -------- d-----w- c:\program files\VS Revo Group

2011-05-11 05:00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-10 20:35:27 -------- d-----w- c:\docume~1\owner\applic~1\CintaNotes

2011-05-10 19:14:03 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-10 19:13:53 -------- d-----w- c:\program files\Trend Micro

2011-05-10 15:21:43 -------- d-----w- c:\docume~1\owner\applic~1\Ace Explorer

2011-05-10 15:18:06 -------- d-----w- c:\program files\Ace Explorer

2011-05-09 01:53:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\CheckPoint

2011-05-08 06:17:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avanquest Software

2011-05-08 06:17:20 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\BVRP Software

2011-05-08 00:35:21 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WMTools Downloaded Files

2011-05-07 02:07:59 10240 -c--a-w- c:\windows\system32\dllcache\atipcxxx.sys

2011-05-07 02:06:34 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-05-07 02:05:04 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-05-06 18:34:05 -------- d-----w- c:\program files\CintaNotes

2011-05-06 18:29:13 14336 ----a-w- c:\windows\system32\rtffilt.dll

2011-05-06 18:29:12 -------- d-----w- c:\program files\wjjsoft

2011-05-06 18:28:26 -------- d-----w- c:\docume~1\owner\applic~1\TreeDBNotes 3

2011-05-06 18:28:15 -------- d-----w- c:\program files\TreeDBNotes 3

2011-05-06 18:27:45 -------- d-----w- c:\program files\AllMyNotes Organizer

2011-05-06 18:27:01 -------- d-----w- c:\program files\KeyNote

2011-05-06 18:26:16 -------- d-----w- c:\program files\FolderSize

2011-05-06 18:25:48 160285 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe

2011-05-06 18:25:47 -------- d-----w- c:\program files\Sqirlz Morph

2011-05-06 18:25:28 -------- d-----w- c:\program files\Bulk Rename Utility

2011-05-06 18:25:01 -------- d-----w- c:\program files\SpyTheSpy

2011-05-06 18:23:52 -------- d-----w- c:\program files\common files\debugmode

2011-05-06 18:23:51 -------- d-----w- c:\program files\Debugmode

2011-05-06 17:31:54 -------- d-----w- c:\docume~1\owner\applic~1\DVDVideoSoftIEHelpers

2011-05-06 17:23:17 -------- d-----w- c:\docume~1\owner\applic~1\DVDVideoSoft

2011-05-06 17:22:34 -------- d-----w- c:\program files\common files\DVDVideoSoft

2011-05-06 17:22:09 -------- d-----w- c:\program files\DVDVideoSoft

2011-05-06 17:08:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PhotoRocket

2011-05-06 14:55:59 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-05-06 14:55:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-06 14:55:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-06 14:55:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-06 14:18:57 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS

2011-05-05 03:13:03 -------- d-----w- c:\docume~1\owner\applic~1\CheckPoint

2011-05-05 03:06:02 -------- d-----w- c:\program files\Conduit

2011-05-05 03:05:58 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\ZoneAlarm_Security

2011-05-05 03:05:57 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Conduit

2011-05-05 03:05:25 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-05-05 02:57:01 -------- d-----w- c:\program files\CheckPoint

2011-05-05 01:35:24 -------- d-----w- c:\program files\Moon Secure Antivirus

2011-05-04 09:26:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-05-04 09:12:25 -------- d-----w- c:\docume~1\owner\applic~1\GlarySoft

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-05-04 09:03:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-05-04 08:09:59 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Google

2011-05-04 08:09:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Deployment

2011-05-04 07:39:50 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Secunia PSI

2011-05-04 07:34:32 -------- d-----w- c:\program files\Glary Utilities

2011-05-04 07:02:16 900608 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{7aaa27e4-cdb3-49c0-aa2d-41827c001ba3}\StartMenuIcon.exe

2011-05-04 07:01:37 -------- d-----w- c:\program files\Microsoft

2011-05-04 06:59:19 67376 ----a-w- c:\windows\system32\sysinfo.ocx

2011-05-04 06:59:18 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Winsonar

2011-05-04 06:57:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\SystemExplorer

2011-05-04 06:57:39 -------- d-----w- c:\program files\System Explorer

2011-05-04 06:46:53 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\G DATA

2011-05-04 06:45:39 -------- d-----w- c:\program files\Malware Removal Tool

2011-05-04 03:58:54 -------- d-----w- c:\program files\jv16 PowerTools 2011

2011-05-03 19:33:20 -------- d-----w- c:\program files\Unlocker

2011-05-03 19:28:05 -------- d-----w- c:\program files\Innovative Solutions

2011-05-03 19:21:42 -------- d-----w- c:\program files\YourWare Solutions

2011-05-03 19:14:21 -------- d-----w- c:\program files\SpywareBlaster

2011-05-03 19:10:46 -------- d-----w- c:\program files\Emsisoft HiJackFree

2011-05-03 19:06:14 -------- d-----w- c:\program files\X-Setup

2011-05-03 18:58:27 -------- d-----w- c:\docume~1\owner\applic~1\PMW

2011-05-03 18:57:11 -------- d-----w- c:\program files\ToniArts

2011-05-03 18:56:27 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll

2011-05-03 18:56:27 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll

2011-05-03 18:56:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe

2011-05-03 18:56:27 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll

2011-05-03 18:56:27 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll

2011-05-03 18:56:23 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll

2011-05-03 18:56:22 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll

2011-05-03 18:56:09 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2011-05-03 18:40:36 -------- d-----w- c:\docume~1\owner\applic~1\Uniblue

2011-05-03 18:39:55 -------- dc----w- c:\docume~1\alluse~1\applic~1\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-05-03 18:39:29 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PackageAware

2011-05-03 18:30:42 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\v_k_softwares

2011-05-03 18:28:14 -------- d-----w- c:\program files\PMW

2011-05-03 18:21:45 -------- d-----w- c:\docume~1\owner\applic~1\Process Hacker 2

2011-05-03 18:01:11 -------- d-----w- c:\program files\Uniblue

2011-05-03 17:58:47 -------- d-----w- c:\program files\Daphne

2011-05-03 17:58:24 -------- d-----w- c:\program files\Process Hacker 2

2011-05-03 17:24:05 -------- d-----w- c:\program files\BitPim

2011-05-03 17:20:04 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-05-03 17:20:04 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2011-05-03 17:19:09 -------- d-----w- c:\program files\Motorola Phone Tools

2011-05-03 17:18:01 25600 ----a-w- c:\windows\system32\drivers\usbsermptxp.sys

2011-05-03 17:12:06 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll

2011-05-03 17:12:05 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll

2011-05-03 17:12:05 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll

2011-05-03 17:12:05 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe

2011-05-03 17:12:05 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll

2011-05-03 17:12:04 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll

2011-05-03 17:12:03 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll

2011-05-03 14:02:54 -------- d-----w- c:\program files\WinDirStat

2011-04-29 19:22:30 -------- d-----w- c:\program files\GreenBrowser

2011-04-29 08:21:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Thunderbird

2011-04-28 13:24:23 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\AOL

2011-04-28 13:24:23 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\AIM

2011-04-28 13:23:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\AIM

2011-04-28 13:23:41 -------- d-----w- c:\program files\AIM

2011-04-28 13:23:37 -------- d-----w- c:\program files\common files\AOL

2011-04-28 13:18:02 -------- d-----w- c:\docume~1\owner\applic~1\AOLLifestream.38DDEF08F290DDEE890E6397840BD9770BA0A787.1

2011-04-27 19:53:43 -------- d-----w- c:\windows\pss

2011-04-25 06:57:41 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll

2011-04-24 23:50:43 -------- d-----w- c:\docume~1\owner\applic~1\Mipony

2011-04-22 04:05:48 -------- d-----w- c:\docume~1\owner\applic~1\Launchy

2011-04-21 21:04:23 -------- d-----w- c:\windows\Downloaded Installations

2011-04-21 20:20:40 -------- d-----w- c:\program files\KGP Software

2011-04-21 05:27:30 -------- d-----w- c:\program files\Defraggler

2011-04-21 05:25:17 -------- d-----w- c:\program files\Speccy

2011-04-21 03:12:01 -------- d-----w- c:\docume~1\owner\applic~1\GetGo Software

2011-04-21 03:09:12 -------- d-----w- c:\docume~1\owner\applic~1\ProgSense

2011-04-21 02:54:57 -------- d-----w- c:\docume~1\owner\applic~1\BITS

2011-04-21 02:54:56 -------- d-----w- c:\docume~1\owner\applic~1\FlashGet

2011-04-21 02:54:45 -------- d-----w- c:\docume~1\owner\applic~1\FlashGetBHO

2011-04-21 00:34:41 -------- d-----w- c:\docume~1\owner\applic~1\HTSK

2011-04-21 00:11:23 -------- d-----w- c:\program files\Star Downloader

2011-04-20 22:09:10 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\K-Meleon

2011-04-20 22:08:11 -------- d-----w- c:\docume~1\owner\applic~1\K-Meleon

2011-04-20 22:04:13 -------- d-----w- c:\program files\K-Meleon

2011-04-20 15:20:14 8704 ----a-w- c:\windows\system32\sef.exe

2011-04-20 14:54:25 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-04-20 14:53:06 -------- d-----w- c:\windows\system32\winrm

2011-04-20 14:53:06 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-20 14:52:51 -------- dc----w- c:\windows\$968930Uinstall_KB968930$

2011-04-20 14:34:00 -------- d-----w- c:\docume~1\owner\applic~1\IObit

2011-04-20 14:33:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-04-20 14:33:14 -------- d-----w- c:\program files\OneClick Spyware Expert

2011-04-18 14:54:47 -------- d-----w- c:\docume~1\owner\applic~1\AnvSoft

2011-04-18 14:54:28 -------- d-----w- c:\program files\AnvSoft

2011-04-18 14:49:48 -------- d-----w- c:\docume~1\owner\applic~1\HandBrake

2011-04-18 14:49:47 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\HandBrake

2011-04-18 11:24:58 -------- d-----w- c:\program files\Sony Media Go Install

2011-04-15 08:20:51 -------- d-----w- c:\docume~1\owner\applic~1\enchant

2011-04-15 07:41:11 -------- d-----w- c:\documents and settings\owner\AbiSuite

2011-04-15 05:04:04 -------- d-----w- c:\program files\PicPick

2011-04-15 04:33:36 -------- d-----w- c:\program files\AbiWord

.

==================== Find3M ====================

.

2011-04-29 16:48:08 110592 ----a-w- c:\windows\system32\services.exe

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 15:46:57.33 ===============

DDS ATTACH LOG (Please advise if this should be removed and attached as a .zip or sent more securely)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/19/2011 11:10:06 PM

System Uptime: 5/14/2011 3:28:02 PM (0 hours ago)

.

Motherboard: Dell Computer Corp. | | 0F8403

Processor: Intel® Celeron® CPU 2.40GHz | Microprocessor | 2394/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 74 GiB total, 62.95 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Motorola USB Modem

Device ID: ROOT\MODEM\0001

Manufacturer: Motorola

Name: Motorola USB Modem #3

PNP Device ID: ROOT\MODEM\0001

Service: Modem

.

Class GUID: {78A1C341-4539-11D3-B88D-00C04FAD5171}

Description: Ramdisk Driver

Device ID: ROOT\RAMDISK\0000

Manufacturer: Microsoft

Name: Ramdisk Driver

PNP Device ID: ROOT\RAMDISK\0000

Service: Ramdisk

.

==== System Restore Points ===================

.

RP1: 5/12/2011 9:09:25 PM - System Checkpoint

RP2: 5/13/2011 10:48:26 AM - Installed Phone Manager

RP3: 5/13/2011 11:27:59 AM - Installed Motorola Software Update

.

==== Installed Programs ======================

.

7-Zip 9.20

AbiWord 2.8.6

Ace Explorer (remove only)

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Advanced Disk Cleaner

AIM 7

AllMyNotes Organizer

Any Video Converter 3.2.2

Apple Application Support

Apple Software Update

Beauty Studio 1.85

BitPim 1.0.7

Bulk Rename Utility 2.7.1.2

CCleaner

CintaNotes 1.4.3

CleverCell Phone Manager v1.2

CompuPic Pro

Conexant D850 56K V.9x DFVc Modem

Daphne 1.47

Defraggler

Dell ResourceCD

Device Doctor

EasyCleaner

Emsisoft HiJackFree 4.5

Eusing Free Registry Cleaner

Folder Size for Windows

Free Studio version 5.0.8

GetBot

Glary Utilities 2.33.0.1158

Google Chrome

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

HTML Slideshow Powertoy for Windows XP

ID AntiDialer 3.5.0.0

ID AntiKeylogger 3.5.0.0

ID Directory Shield 3.5.0.0

ID Disk Creator 3.5.0.0

ID Harddisk SmartChecker 3.5.0.0

ID Network Watch 3.5.0.0

ID Process Manager 3.5.0.0

Image Resizer Powertoy for Windows XP

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Internet Explorer (Enable DEP)

jv16 PowerTools 2011

K-Meleon 1.5.4 en-US (remove only)

KeyNote 1.6.5

Malware Removal Tool

Malwarebytes' Anti-Malware

MassMail 1.07

Media Go

Media Go Video Playback Engine 1.64.102.02270

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Fix it Center

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Small Basic v0.95

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MotoHelper 2.0.46 Driver 5.0.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.0.0

Motorola Phone Tools

Motorola Software Update

Mozilla Thunderbird (3.1.10)

MSVC80_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

myBase Desktop 5.5.1 (Unicode Build)

PC Connectivity Solution

Phone Manager

PhotoRocket

PicPick

PlayStation®Store

PMW

Process Hacker 2.14

Protected Folder

QPST

QuickTime

Revo Uninstaller 1.92

River Past DirectShow Detective

SAMSUNG Mobile Modem Driver Set

Samsung PC Studio 7

SAMSUNG SYMBIAN USB Download Driver

SamsungConnectivityCableDriver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows XP (KB923789)

SMS GUN 8.1

SoundMAX

Speccy

Spiceworks

SpyTheSpy

Spyware Expert 1.17.1.0

SpywareBlaster 4.4

Sqirlz Morph

System Explorer 2.8.0

TreeDBNotes 3

Tweak UI

Uniblue ProcessQuickLink 2

Uniblue ProcessScanner

Uniblue RegistryBooster

Uninstall 1.0.0.1

Unlocker 1.9.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update Notifier

Virtual Desktop Manager Powertoy for Windows XP

VLC media player 1.1.9

Wayfinder MapLoader

WebCollect For myBase Ver 1.8

WebFldrs XP

WinDirStat 1.1.2

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows XP Creativity Fun Packs - Digital Photography

Windows XP Service Pack 3

WinMorph

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

NOTE - I looked into the rest of the win32 directory, and there are quite a few .dat files making me nervous after checking out the creat and modified dates, as well as the "owners" column in Windows Explorer.

There should be. Don't worry about them.

What antivirus are you currently using?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.