PDA

View Full Version : PushBot! and hypochondria


optimus357
2010-10-16, 10:57
Hello again friendly moderators. I am in a precarious position of being unsure of whether or not my fresh hard drive is infected with some sort of malware. I put on Windows XP and the service packs and my drivers just today and I was prepping my system for a nice clean image to be made on my brand new hard drive (the old one wore out) but my friend brought over a thumb drive to print off a document he had on it, and Microsoft Security Essentials detected a piece of malware called pushbot. Now obviously I want to make very sure that my machine is squeaky clean before I take a snapshot of it for future recovery, but I am worried that MSE might not have actually caught everything that could have been lingering on that accursed flash drive. I am not actually experiencing any problems that I know of, but I was hoping my DDS logs might enlighten the keen observer as to whether or not there is any potential malware on my machine. I don't want to waste anyone's time over nothing, but pushbot and a questionable flash drive have made me expect the worst. I hope you can help restore my confidence in my HD without having to format and reinstall again and your insight is greatly appreciated.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Administrator at 1:57:51.34 on Sat 10/16/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1346 [GMT -6:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
D:\program files\steam\steam.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EvtMgr6] d:\program files\setpointp\SetPoint.exe /launchGaming
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRunOnce: [HPWebUpdate]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287178764437
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-10-15 10448]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2010-10-14 5824]
S3 cpuz134;cpuz134;\??\c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]

=============== Created Last 30 ================

2010-10-16 07:16:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-16 01:18:52 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-10-16 01:18:52 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-10-16 01:18:52 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-10-16 01:18:52 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-10-16 01:17:45 -------- d-----w- c:\program files\HP
2010-10-16 01:10:07 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-10-16 01:10:07 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-16 01:07:01 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-16 01:07:01 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-16 00:56:47 -------- d-----w- c:\documents and settings\all users\Microsoft
2010-10-16 00:54:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-16 00:54:45 -------- d-----w- c:\windows\SHELLNEW
2010-10-16 00:54:34 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Microsoft Help
2010-10-16 00:27:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-16 00:27:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-16 00:27:24 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-15 23:52:45 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-10-15 23:36:29 -------- d-----w- c:\windows\system32\scripting
2010-10-15 23:36:28 -------- d-----w- c:\windows\l2schemas
2010-10-15 23:36:27 -------- d-----w- c:\windows\system32\en
2010-10-15 23:32:51 -------- d-----w- c:\windows\network diagnostic
2010-10-15 23:26:59 245760 -c----w- c:\windows\system32\dllcache\mswmdm.dll
2010-10-15 22:04:40 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-15 21:59:26 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-15 21:59:19 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-15 21:59:02 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-15 21:58:19 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-15 21:58:19 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-15 21:57:53 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-15 21:55:27 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-15 21:53:46 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-10-15 21:50:00 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-15 21:49:55 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-10-15 21:49:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-15 21:49:03 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-15 20:12:47 6084944 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{5c71925a-b877-4988-aae5-7aa6ee7cd1d9}\mpengine.dll
2010-10-15 20:12:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-15 20:08:29 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-15 18:33:27 53248 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-10-15 18:33:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-10-15 18:33:07 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-15 18:32:51 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-10-15 18:29:21 -------- d-----w- c:\docume~1\admini~1\applic~1\Logishrd
2010-10-15 18:15:46 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2010-10-15 18:15:44 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2010-10-15 18:03:03 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-10-15 17:59:06 -------- d-----w- c:\windows\provisioning
2010-10-15 17:59:06 -------- d-----w- c:\windows\peernet
2010-10-15 17:58:31 -------- d-----w- c:\windows\ServicePackFiles
2010-10-15 17:56:56 -------- d-----w- c:\windows\EHome
2010-10-15 17:55:47 11264 ------w- c:\windows\system32\spnpinst.exe
2010-10-15 06:52:35 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-15 06:52:35 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-15 06:52:35 10604128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-10-15 06:52:35 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-15 06:52:33 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-15 06:52:33 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-15 06:52:33 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-15 06:52:33 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-10-15 06:52:33 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-10-15 06:52:33 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-15 06:52:26 -------- d-----w- C:\NVIDIA
2010-10-15 06:47:58 -------- d-----w- c:\program files\SIW
2010-10-15 06:40:56 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Roxio
2010-10-15 06:39:58 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-15 06:39:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-10-15 06:39:57 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-15 06:39:57 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-15 06:39:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-15 06:32:06 -------- d-s---w- c:\documents and settings\administrator\UserData
2010-10-15 06:31:56 -------- d-----w- c:\windows\system32\bits
2010-10-15 06:30:47 -------- d-----w- c:\program files\Sonic
2010-10-15 06:30:47 -------- d-----w- c:\program files\common files\Sonic Shared
2010-10-15 06:30:38 -------- d-----w- c:\windows\system32\PreInstall
2010-10-15 06:30:36 -------- d--h--w- c:\windows\$hf_mig$
2010-10-15 06:30:12 8192 ------w- c:\windows\system32\bitsprx2.dll
2010-10-15 06:30:12 7168 ------w- c:\windows\system32\bitsprx3.dll
2010-10-15 06:30:12 438784 ------w- c:\windows\system32\xpob2res.dll
2010-10-15 06:30:12 354816 ----a-w- c:\windows\system32\winhttp.dll
2010-10-15 06:30:12 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-10-15 06:27:16 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-10-15 06:27:16 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2010-10-15 06:27:16 165888 ----a-w- c:\windows\system32\wuauclt1.exe
2010-10-15 06:14:12 -------- d-----w- c:\program files\Marvell
2010-10-15 06:14:04 -------- d-----w- c:\windows\system32\Lang
2010-10-15 06:13:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-10-15 06:13:09 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-15 06:13:09 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-10-15 06:13:09 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-10-15 06:13:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-10-15 06:13:08 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-10-15 06:13:08 40960 ------r- c:\windows\system32\ChCfg.exe
2010-10-15 06:13:08 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-10-15 06:13:08 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-10-15 06:13:08 135168 ------r- c:\windows\system32\RtlCPAPI.dll
2010-10-15 06:12:50 -------- d-----w- c:\windows\system32\RTCOM
2010-10-15 06:12:49 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-10-15 06:12:49 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-10-15 06:12:29 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-10-15 06:12:24 86016 ------r- c:\windows\SoundMan.exe
2010-10-15 06:12:23 364544 ------r- c:\windows\RtlUpd.exe
2010-10-15 06:12:19 4262912 ------r- c:\windows\system32\drivers\RtkHDAud.Sys
2010-10-15 06:12:19 266240 ------r- c:\windows\system32\RTSndMgr.Cpl
2010-10-15 06:12:11 9711104 ------r- c:\windows\RTLCPL.exe
2010-10-15 06:11:54 16143872 ------r- c:\windows\RTHDCPL.exe
2010-10-15 06:11:52 2158592 ------r- c:\windows\MicCal.exe
2010-10-15 06:11:49 69632 ------r- c:\windows\Alcmtr.exe
2010-10-15 06:11:47 2809344 ------r- c:\windows\alcwzrd.exe
2010-10-15 06:11:46 299008 ------r- c:\windows\system32\ALSndMgr.Cpl
2010-10-15 06:11:45 -------- d-----w- c:\program files\Realtek
2010-10-15 06:11:42 487424 ------r- c:\windows\RtlExUpd.dll
2010-10-15 06:11:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-10-15 05:52:18 74240 ----a-w- c:\windows\system32\usbui.dll
2010-10-15 05:52:17 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-10-15 05:52:17 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-10-15 05:52:16 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-10-15 05:52:16 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-10-15 05:52:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-10-15 05:52:11 3328 -c--a-w- c:\windows\system32\dllcache\pciide.sys
2010-10-15 05:52:11 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-10-15 05:52:11 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-10-15 05:52:09 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-10-15 05:52:07 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-10-15 05:51:26 -------- d-----w- c:\windows\ASUSInstAll
2010-10-15 05:51:24 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-10-15 05:51:19 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-10-15 05:48:22 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-10-15 05:48:22 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-10-15 05:48:20 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-10-15 05:48:20 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-10-15 05:48:20 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-15 05:48:06 89088 ----a-w- c:\windows\system32\atl71.dll
2010-10-15 05:48:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-15 05:48:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-15 05:48:06 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2010-10-15 05:48:05 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-10-15 05:37:44 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-10-15 05:37:35 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-10-15 05:37:35 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-10-15 05:37:35 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2010-10-15 05:37:35 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-10-15 05:37:34 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-10-15 05:36:54 -------- d-----w- c:\program files\VID_0E8F&PID_0003
2010-10-15 05:36:47 634880 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll
2010-10-15 05:36:47 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll
2010-10-15 05:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe
2010-10-15 05:36:47 270468 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll
2010-10-15 05:36:47 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll
2010-10-15 05:36:47 159876 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll
2010-10-15 05:36:47 151552 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll
2010-10-15 05:26:24 -------- d-s---w- c:\windows\system32\Microsoft
2010-10-15 05:26:06 -------- d-----w- c:\program files\ASUSTeK
2010-10-15 05:22:43 11264 ------r- c:\windows\system32\drivers\EIO.sys
2010-10-15 05:00:44 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ------w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 1:58:33.68 ===============
peku006
2010-10-19, 19:24
Hi optimus357

Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop. If needed...Tutorial w/screenshots (http://thespykiller.co.uk/index.php/topic,5946.0.html)
Alternate download sites available here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or here (http://www.besttechie.net/tools/mbam-setup.exe).
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
Problems downloading the updates? Manually download them from here (http://malwarebytes.gt500.org/mbam-rules.exe) and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please reply with

Malwarebytes' Anti-Malware Log

Thanks peku006
peku006
2010-10-27, 14:25
Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh DDS log, and wait for a new helper.

Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)