PDA

View Full Version : Malware seems to remain in my laptop


YuraNee
2010-06-22, 15:29
I have read everything before posting, but I am not familiar with forums, so I may have missed something, so please accept my apologies.

This is my DDS.




DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 14:20:40.75 on 22/06/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2039.1083 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\taskeng.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Reminder_MUI] c:\applications\oem\reminder\Reminder_MUI.exe
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-3 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-2 35712]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-18 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-18 112592]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-18 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-18 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-18 1142224]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [2007-9-6 123776]
R3 GETND6V;VIA Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd6v.sys [2007-9-27 47104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-8 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-6-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GETNDIS;VIA Networking Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd6.sys [2006-11-2 38912]

=============== Created Last 30 ================

2010-06-21 21:40:49 0 d-----w- c:\users\user\Tracing
2010-06-21 20:24:03 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-06-21 20:21:51 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-21 20:21:29 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-21 20:20:34 0 d-----w- c:\program files\Microsoft
2010-06-21 20:20:17 0 d-----w- c:\program files\Windows Live SkyDrive
2010-06-21 19:29:47 0 d-----w- c:\program files\common files\Windows Live
2010-06-21 12:30:47 0 d-----w- C:\download
2010-06-18 12:43:38 0 d-----w- c:\users\user\appdata\roaming\Transana 2
2010-06-18 12:42:41 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-18 12:42:41 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-18 12:42:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-18 12:42:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-18 12:42:40 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-18 12:42:40 1652688 ----a-w- c:\windows\PCTBDCore.dll.old
2010-06-18 12:42:40 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-18 12:42:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-18 12:42:40 131 ----a-w- c:\windows\IDB.zip
2010-06-18 12:42:40 1152444 ----a-w- c:\windows\UDB.zip
2010-06-18 12:41:20 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-18 12:41:20 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-18 12:41:20 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-18 12:41:17 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-18 12:41:17 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-18 12:41:17 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-18 12:41:17 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-18 12:41:14 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-18 12:41:14 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-18 12:41:07 0 d-----w- c:\users\user\appdata\roaming\PC Tools
2010-06-18 12:41:07 0 d-----w- c:\programdata\PC Tools
2010-06-18 12:41:07 0 d-----w- c:\program files\Spyware Doctor
2010-06-18 12:41:07 0 d-----w- c:\program files\common files\PC Tools
2010-06-18 12:40:55 0 d---a-w- c:\programdata\TEMP
2010-06-18 12:40:18 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-18 12:40:18 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 09:12:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-17 12:18:25 0 d-----w- c:\program files\Windows Portable Devices
2010-06-17 12:18:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-17 08:37:49 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-06-17 08:30:52 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-17 08:29:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-17 08:29:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-06-17 08:29:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-17 08:28:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-17 08:28:02 270848 ----a-w- c:\windows\system32\schannel.dll
2010-06-13 15:11:29 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-13 15:11:29 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-13 15:11:29 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-13 15:11:29 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-13 15:11:29 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-06-13 15:11:27 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-13 15:03:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-13 15:00:09 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-06-13 15:00:06 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-13 15:00:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-13 14:57:43 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-06-13 14:57:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-13 14:57:43 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-06-13 14:47:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-13 14:47:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-13 14:47:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-06-13 14:47:16 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-06-13 14:47:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-06-13 14:46:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-10 20:31:05 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-10 20:31:05 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-10 20:30:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-10 20:30:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-10 20:30:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-10 20:30:58 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-10 20:30:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-10 20:30:58 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-10 20:30:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-10 20:30:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-10 20:30:58 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-10 20:30:22 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-10 20:30:21 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:22:04 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-10 20:22:04 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-10 20:22:03 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-10 20:22:03 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-10 20:22:03 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-10 20:22:03 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-10 20:21:49 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-10 20:21:40 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-10 20:21:40 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-10 20:21:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-10 20:21:34 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-10 20:21:10 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-10 20:21:10 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-10 20:20:50 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 20:20:48 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-06-10 20:13:33 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-10 20:10:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-10 20:10:26 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-06-10 20:10:24 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-06-10 20:10:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-10 20:10:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 20:10:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 20:10:16 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-10 20:10:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-10 20:10:13 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-06-10 20:08:12 623616 ----a-w- c:\windows\system32\localspl.dll
2010-06-10 20:06:03 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-06-10 20:06:03 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-06-10 20:05:58 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-10 20:05:57 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-10 20:05:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-10 20:05:57 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-10 19:59:50 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-10 19:59:50 471552 ----a-w- c:\windows\system32\secproc.dll
2010-06-10 19:59:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-10 19:59:49 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-10 19:59:49 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-10 19:59:49 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-10 19:59:48 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-06-10 19:59:48 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-10 19:59:48 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-10 19:58:46 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-06-10 19:58:45 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-10 19:57:54 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-10 19:57:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-10 19:57:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-10 19:56:36 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-10 19:56:35 243712 ----a-w- c:\windows\system32\rastls.dll
2010-06-10 19:56:33 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 19:56:31 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-06-10 19:53:25 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-06-10 19:53:25 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-10 19:53:25 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-10 19:53:25 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-10 19:53:25 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-06-10 19:53:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-10 19:53:25 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-10 19:53:25 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-10 19:53:24 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-06-08 22:07:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-08 22:06:39 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-08 22:06:35 98304 ----a-w- c:\windows\system32\cabview.dll
2010-06-08 21:59:40 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-06-08 21:59:29 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-06-08 21:59:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-06-08 21:59:24 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-06-08 21:55:39 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-06-08 21:54:29 0 d-----w- c:\program files\Microsoft IntelliType Pro
2010-06-08 21:52:32 92032 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-06-08 21:52:32 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-06-08 21:51:51 0 d-----w- c:\program files\T-Mobile
2010-06-08 21:26:43 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-08 21:25:42 0 d-----w- c:\windows\PCHEALTH
2010-06-08 21:23:16 0 d-----w- c:\programdata\Microsoft Help
2010-06-08 12:31:50 0 d-----w- c:\windows\system32\vi-VN
2010-06-08 12:31:50 0 d-----w- c:\windows\system32\eu-ES
2010-06-08 12:31:50 0 d-----w- c:\windows\system32\ca-ES
2010-06-08 12:31:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-06-08 12:30:03 0 d-----w- c:\windows\system32\SPReview
2010-06-08 12:20:06 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-06-08 12:18:59 860160 ----a-w- c:\windows\system32\WerFaultSecure.exe
2010-06-08 12:16:32 0 d-----w- c:\windows\system32\EventProviders
2010-06-08 12:05:07 0 d-----w- C:\PerfLogs
2010-06-08 11:40:13 193024 ----a-w- c:\windows\system32\recdisc.exe
2010-06-08 11:40:08 6656 ----a-w- c:\windows\system32\sdspres.dll
2010-06-08 11:38:59 84480 ----a-w- c:\windows\system32\MP3DMOD.DLL
2010-06-08 11:37:59 52736 ----a-w- c:\windows\system32\inetmib1.dll
2010-06-08 11:35:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-06-08 11:33:00 196608 ----a-w- c:\windows\SPInstall.etl
2010-06-08 10:16:23 0 d-----w- c:\programdata\Adobe

==================== Find3M ====================

2010-06-17 12:18:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 12:18:17 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-17 12:18:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-17 12:18:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-08 12:28:38 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-06-08 12:11:52 174 --sha-w- c:\program files\desktop.ini
2010-06-08 11:57:35 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-08 11:57:22 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-16 23:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 21:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-07-13 10:29:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:22:08.94 ===============
Blade81
2010-06-26, 10:46
Hi,

Please post fresh DDS logs (both dds.txt & attach.txt).

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checked.
Click Scan
Wait for the scan to finish and post back the report.
YuraNee
2010-06-27, 20:53
Sorry I was unable to reply earlier. I am scanning right now and post the DDs soon. Tahnks
YuraNee
2010-06-27, 21:16
That's the DDS:



DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 20:10:34.83 on 27/06/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2039.850 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEM6GG38\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Reminder_MUI] c:\applications\oem\reminder\Reminder_MUI.exe
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-3 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-2 35712]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-18 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-18 198608]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-18 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-18 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-18 1142224]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [2007-9-6 123776]
R3 GETND6V;VIA Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd6v.sys [2007-9-27 47104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-8 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-6-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GETNDIS;VIA Networking Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd6.sys [2006-11-2 38912]

=============== Created Last 30 ================

2010-06-27 18:27:05 0 d-----w- c:\program files\ESET
2010-06-24 08:23:50 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:23:50 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:23:49 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:23:49 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:23:49 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 19:03:56 0 d-----w- c:\program files\Transana 2
2010-06-23 19:00:39 0 d-----w- c:\programdata\Apple Computer
2010-06-23 18:58:24 0 d-----w- c:\programdata\Apple
2010-06-23 08:48:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 08:48:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-21 21:40:49 0 d-----w- c:\users\user\Tracing
2010-06-21 20:24:03 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-06-21 20:21:51 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-21 20:21:29 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-21 20:20:34 0 d-----w- c:\program files\Microsoft
2010-06-21 20:20:17 0 d-----w- c:\program files\Windows Live SkyDrive
2010-06-21 19:29:47 0 d-----w- c:\program files\common files\Windows Live
2010-06-21 12:30:47 0 d-----w- C:\download
2010-06-18 12:43:38 0 d-----w- c:\users\user\appdata\roaming\Transana 2
2010-06-18 12:42:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-18 12:42:41 763832 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-18 12:42:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-18 12:42:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-18 12:42:40 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-06-18 12:42:40 192 ----a-w- c:\windows\UDB.zip
2010-06-18 12:42:40 1652664 ----a-w- c:\windows\PCTBDCore.dll.old
2010-06-18 12:42:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-18 12:42:40 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-06-18 12:42:40 131 ----a-w- c:\windows\IDB.zip
2010-06-18 12:41:20 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-18 12:41:20 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-18 12:41:20 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-18 12:41:17 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-18 12:41:17 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-18 12:41:17 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-18 12:41:17 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-18 12:41:14 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-18 12:41:14 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-18 12:41:07 0 d-----w- c:\users\user\appdata\roaming\PC Tools
2010-06-18 12:41:07 0 d-----w- c:\programdata\PC Tools
2010-06-18 12:41:07 0 d-----w- c:\program files\Spyware Doctor
2010-06-18 12:41:07 0 d-----w- c:\program files\common files\PC Tools
2010-06-18 12:40:55 0 d---a-w- c:\programdata\TEMP
2010-06-18 12:40:18 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-18 12:40:18 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 09:12:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-17 12:18:25 0 d-----w- c:\program files\Windows Portable Devices
2010-06-17 12:18:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-17 08:37:49 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-06-17 08:30:52 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-17 08:29:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-17 08:29:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-06-17 08:29:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-17 08:28:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-17 08:28:02 270848 ----a-w- c:\windows\system32\schannel.dll
2010-06-13 15:11:29 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-13 15:11:29 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-13 15:11:29 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-13 15:11:29 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-13 15:11:29 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-06-13 15:11:27 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-13 15:03:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-13 15:00:09 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-06-13 15:00:06 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-13 15:00:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-13 14:57:43 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-06-13 14:57:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-13 14:57:43 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-06-13 14:47:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-13 14:47:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-13 14:47:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-06-13 14:47:16 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-06-13 14:47:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-06-13 14:46:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-10 20:31:05 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-10 20:31:05 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-10 20:30:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-10 20:30:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-10 20:30:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-10 20:30:58 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-10 20:30:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-10 20:30:58 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-10 20:30:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-10 20:30:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-10 20:30:58 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-10 20:30:22 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-10 20:30:21 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:22:04 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-10 20:22:04 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-10 20:22:03 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-10 20:22:03 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-10 20:22:03 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-10 20:22:03 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-10 20:21:49 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-10 20:21:40 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-10 20:21:40 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-10 20:21:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-10 20:21:34 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-10 20:21:10 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-10 20:21:10 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-10 20:20:50 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 20:20:48 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-06-10 20:13:33 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-10 20:10:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-10 20:10:26 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-06-10 20:10:24 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-06-10 20:10:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-10 20:10:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 20:10:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 20:10:16 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-10 20:10:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-10 20:10:13 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-06-10 20:08:12 623616 ----a-w- c:\windows\system32\localspl.dll
2010-06-10 20:06:03 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-06-10 20:06:03 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-06-10 20:05:58 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-10 20:05:57 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-10 20:05:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-10 20:05:57 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-10 19:59:50 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-10 19:59:50 471552 ----a-w- c:\windows\system32\secproc.dll
2010-06-10 19:59:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-10 19:59:49 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-10 19:59:49 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-10 19:59:49 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-10 19:59:48 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-06-10 19:59:48 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-10 19:59:48 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-10 19:58:46 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-06-10 19:58:45 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-10 19:57:54 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-10 19:56:36 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-10 19:56:35 243712 ----a-w- c:\windows\system32\rastls.dll
2010-06-10 19:56:33 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 19:56:31 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-06-10 19:53:25 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-06-10 19:53:25 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-10 19:53:25 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-10 19:53:25 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-10 19:53:25 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-06-10 19:53:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-10 19:53:25 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-10 19:53:25 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-10 19:53:24 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-06-08 22:07:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-06-08 22:06:39 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-08 22:06:35 98304 ----a-w- c:\windows\system32\cabview.dll
2010-06-08 21:59:40 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-06-08 21:59:29 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-06-08 21:59:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-06-08 21:59:24 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-06-08 21:55:39 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-06-08 21:54:29 0 d-----w- c:\program files\Microsoft IntelliType Pro
2010-06-08 21:52:32 92032 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-06-08 21:52:32 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-06-08 21:51:51 0 d-----w- c:\program files\T-Mobile
2010-06-08 21:26:43 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-08 21:25:42 0 d-----w- c:\windows\PCHEALTH
2010-06-08 21:23:16 0 d-----w- c:\programdata\Microsoft Help
2010-06-08 12:31:50 0 d-----w- c:\windows\system32\vi-VN
2010-06-08 12:31:50 0 d-----w- c:\windows\system32\eu-ES
2010-06-08 12:31:50 0 d-----w- c:\windows\system32\ca-ES
2010-06-08 12:31:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-06-08 12:30:03 0 d-----w- c:\windows\system32\SPReview
2010-06-08 12:20:06 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-06-08 12:18:59 860160 ----a-w- c:\windows\system32\WerFaultSecure.exe
2010-06-08 12:16:32 0 d-----w- c:\windows\system32\EventProviders
2010-06-08 12:05:07 0 d-----w- C:\PerfLogs
2010-06-08 11:40:13 193024 ----a-w- c:\windows\system32\recdisc.exe
2010-06-08 11:40:08 6656 ----a-w- c:\windows\system32\sdspres.dll
2010-06-08 11:38:59 84480 ----a-w- c:\windows\system32\MP3DMOD.DLL
2010-06-08 11:37:59 52736 ----a-w- c:\windows\system32\inetmib1.dll
2010-06-08 11:35:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-06-08 11:33:00 196608 ----a-w- c:\windows\SPInstall.etl
2010-06-08 10:16:23 0 d-----w- c:\programdata\Adobe

==================== Find3M ====================

2010-06-17 12:18:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 12:18:17 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-17 12:18:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-17 12:18:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-08 12:28:38 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-06-08 12:11:52 174 --sha-w- c:\program files\desktop.ini
2010-06-08 11:57:35 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-08 11:57:22 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-16 23:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 21:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-07-13 10:29:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:11:34.71 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/06/2010 11:02:12
System Uptime: 27/06/2010 19:19:04 (1 hours ago)

Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | CPU 1 | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 65.021 GiB free.
E: is CDROM ()
S: is FIXED (NTFS) - 1 GiB total, 1.417 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Apple Application Support
Apple Software Update
Bluesoleil3.2.1.2 Release 070314
Browser Defender 3.0.0.2
ERUNT 1.1j
ESET Online Scanner v3
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Junk Mail filter update
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Motorola SM56 Data Fax Modem
MSVCRT
O2Micro Flash Memory Card Reader Driver Installer(x86)
Power2Go 5.0
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Spybot - Search & Destroy
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Transana 2.30
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Velocity Family Gigabit Ethernet Adapter
web'n'walk USB manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================



The scan did not find any infection, but my external HD, which I used to back up my files before the re-formating, now does not contain any of the pictures, and several other files went missing as well. It seems that the external hd is infected.

Thanks for your help.
YuraNee
2010-06-27, 21:21
Now I was thinking, should I to the scan with the external drive connected? I have not used it any more, as I think it is infected and seems to destroy its files evry time that I connect it. So sorry to be a pain, I really am not an expert in any of this and feel very confused and scared of losing more important things, as already has happened.
Blade81
2010-06-27, 22:31
Hi,

You could scan your external drive too. Before plugging it in run flash disinfector first:

1. Download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to desktop.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.

Then run the scanner against internal + external hard drives.
YuraNee
2010-06-28, 22:51
I have tried to download, but when I click to run, nothing happens :(
YuraNee
2010-06-28, 23:05
I've tried several times, but it is always the same. It seems to download, then I click on run, run again, and then it says it seems the installation was not correct. Goes to a sort of loop on that.
YuraNee
2010-06-28, 23:20
Have you seen anything suspicious on my DDS log? Does the computer seem to be infected yet?
Blade81
2010-06-29, 07:50
Hi,


I have tried to download, but when I click to run, nothing happens :(
Please try Panda USB Vaccine (http://research.pandasecurity.com/Panda-USB-and-AutoRun-Vaccine/) instead.


Have you seen anything suspicious on my DDS log? Does the computer seem to be infected yet?
Didn't spot anything infection related there.
YuraNee
2010-06-29, 12:13
Hi,


Please try Panda USB Vaccine (http://research.pandasecurity.com/Panda-USB-and-AutoRun-Vaccine/) instead.
I did the download, and it says the drive is vaccinated now. But I am not sure if there was a scan before that, it was nearly automatic, after clicking to vaccinate and the result.


Didn't spot anything infection related there.
This sounds great news. I am just still not sure if there is still any infection on this drive. But hopefully everything is ok after the reformating of my laptop.

Many thanks for your help
Blade81
2010-06-29, 17:31
Hi,

Panda's product works a bit differently from the Flash disinfector. If it reported that drive is vaccinated then you are able to scan the drive with online scanner now.
YuraNee
2010-06-29, 17:32
Oh great, I'll try then. thnx
YuraNee
2010-06-29, 20:00
Unfortunately I still didn't manage to scan the external drive with that. I downloaded again, more than once, and always the same. It says the software was not installed correctly and offers the open to install again as reccommended. I click on that and it is exactly the same thing every time.
Blade81
2010-06-29, 20:03
Hi,

Are you talking about ESET online scanner or flash disinfector here?
YuraNee
2010-06-29, 20:17
Flash desinfector
Blade81
2010-06-29, 20:20
There's no need to run it after Panda's tool. Just scan the drive with ESET online scanner.
YuraNee
2010-06-29, 20:48
Ok, done. It didn't find any threads :)
Blade81
2010-06-29, 22:31
Good :)

Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.

If there're no other issues left then this case looks like resolved.
YuraNee
2010-06-30, 18:47
Ran the Secunia and no threads found. Yes, it seems to be everything ok. Many thanks for your time.
Blade81
2010-06-30, 19:04
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.