Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Got some browser trouble: redirects and random ad pages opening in new tabs

  1. #11
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    We need to clear out all your restore points as ESET found a bad file in there, there may be more, but lets hang off a bit until were done.

    The warning your getting could be part of the rootkit that Combofix removed, there may be more it didn't find.




    Extract the file and run it.

    Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

    Please post the content of the TDSSKiller log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default TDSSKiller Log

    Looks like nothing was found. Here are the results:

    2010/09/13 13:53:37.0687 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
    2010/09/13 13:53:37.0687 ================================================================================
    2010/09/13 13:53:37.0687 SystemInfo:
    2010/09/13 13:53:37.0687
    2010/09/13 13:53:37.0687 OS Version: 5.1.2600 ServicePack: 3.0
    2010/09/13 13:53:37.0687 Product type: Workstation
    2010/09/13 13:53:37.0687 ComputerName: DANIEL
    2010/09/13 13:53:37.0687 UserName: Daniel
    2010/09/13 13:53:37.0687 Windows directory: C:\WINDOWS
    2010/09/13 13:53:37.0687 System windows directory: C:\WINDOWS
    2010/09/13 13:53:37.0687 Processor architecture: Intel x86
    2010/09/13 13:53:37.0687 Number of processors: 2
    2010/09/13 13:53:37.0687 Page size: 0x1000
    2010/09/13 13:53:37.0687 Boot type: Normal boot
    2010/09/13 13:53:37.0687 ================================================================================
    2010/09/13 13:53:37.0984 Initialize success
    2010/09/13 13:53:47.0578 ================================================================================
    2010/09/13 13:53:47.0578 Scan started
    2010/09/13 13:53:47.0578 Mode: Manual;
    2010/09/13 13:53:47.0578 ================================================================================
    2010/09/13 13:53:48.0062 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/09/13 13:53:48.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/09/13 13:53:48.0218 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/09/13 13:53:48.0234 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/09/13 13:53:48.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/09/13 13:53:48.0359 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/09/13 13:53:48.0453 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/09/13 13:53:48.0515 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/09/13 13:53:48.0531 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/09/13 13:53:48.0546 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/09/13 13:53:48.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/09/13 13:53:48.0593 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/09/13 13:53:48.0609 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/09/13 13:53:48.0625 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/09/13 13:53:48.0671 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/09/13 13:53:48.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/09/13 13:53:48.0812 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/09/13 13:53:48.0843 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/09/13 13:53:48.0890 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/09/13 13:53:48.0968 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2010/09/13 13:53:49.0031 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/09/13 13:53:49.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/09/13 13:53:49.0375 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/09/13 13:53:49.0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/09/13 13:53:49.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/09/13 13:53:49.0593 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
    2010/09/13 13:53:49.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/09/13 13:53:49.0890 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/09/13 13:53:49.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/09/13 13:53:50.0015 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/09/13 13:53:50.0093 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/09/13 13:53:50.0187 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/09/13 13:53:50.0234 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/09/13 13:53:50.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/09/13 13:53:50.0375 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/09/13 13:53:50.0406 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/09/13 13:53:50.0453 CT20XUT.DLL (1fc326524a54e2f07caa851a6c92f864) C:\WINDOWS\system32\CT20XUT.DLL
    2010/09/13 13:53:50.0515 ctac32k (a57a4a823b242aad1e090b86b6f8c5bf) C:\WINDOWS\system32\drivers\ctac32k.sys
    2010/09/13 13:53:50.0546 ctaud2k (c4aa86490482104c219c040f9e91eda8) C:\WINDOWS\system32\drivers\ctaud2k.sys
    2010/09/13 13:53:50.0593 ctdvda2k (3e14e6d3cf3ddb9870925a73e7a87432) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2010/09/13 13:53:50.0687 CTEXFIFX.DLL (82bd15b057cc7de8dd17c6ddb030f637) C:\WINDOWS\system32\CTEXFIFX.DLL
    2010/09/13 13:53:50.0750 CTHWIUT.DLL (41e06b6baf8dbd998745a21ea6f01206) C:\WINDOWS\system32\CTHWIUT.DLL
    2010/09/13 13:53:50.0781 ctprxy2k (0c57a7246e8fc0815bd6225a2704c9ea) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2010/09/13 13:53:50.0875 ctsfm2k (6b7c9d1f04b799eb67cc9063f5f754f7) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2010/09/13 13:53:50.0968 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/09/13 13:53:51.0062 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/09/13 13:53:51.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/09/13 13:53:51.0296 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2010/09/13 13:53:51.0328 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2010/09/13 13:53:51.0359 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2010/09/13 13:53:51.0359 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2010/09/13 13:53:51.0375 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2010/09/13 13:53:51.0390 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2010/09/13 13:53:51.0406 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2010/09/13 13:53:51.0437 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2010/09/13 13:53:51.0484 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2010/09/13 13:53:51.0546 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/09/13 13:53:51.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/09/13 13:53:51.0843 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/09/13 13:53:51.0890 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/09/13 13:53:51.0921 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/09/13 13:53:51.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/09/13 13:53:52.0031 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2010/09/13 13:53:52.0093 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2010/09/13 13:53:52.0218 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    2010/09/13 13:53:52.0296 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    2010/09/13 13:53:52.0328 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/09/13 13:53:52.0421 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/09/13 13:53:52.0500 emupia (4265a86853cd409c26ac2f0ff7dbc1c6) C:\WINDOWS\system32\drivers\emupia2k.sys
    2010/09/13 13:53:52.0515 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/09/13 13:53:52.0609 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/09/13 13:53:52.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/09/13 13:53:52.0703 FilterService (52cd33f70a70fa71e051d6f9276c4702) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    2010/09/13 13:53:52.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/09/13 13:53:52.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/09/13 13:53:52.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/09/13 13:53:52.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/09/13 13:53:53.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/09/13 13:53:53.0078 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/09/13 13:53:53.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/09/13 13:53:53.0140 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
    2010/09/13 13:53:53.0250 ha20x2k (e5010dec0f66407735aaf005607ba7ed) C:\WINDOWS\system32\drivers\ha20x2k.sys
    2010/09/13 13:53:53.0343 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
    2010/09/13 13:53:53.0421 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/09/13 13:53:53.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/09/13 13:53:53.0578 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2010/09/13 13:53:53.0640 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2010/09/13 13:53:53.0671 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2010/09/13 13:53:53.0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/09/13 13:53:53.0890 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/09/13 13:53:53.0984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/09/13 13:53:54.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/09/13 13:53:54.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/09/13 13:53:54.0171 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/09/13 13:53:54.0265 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/09/13 13:53:54.0359 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/09/13 13:53:54.0406 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/09/13 13:53:54.0453 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/09/13 13:53:54.0515 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/09/13 13:53:54.0546 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/09/13 13:53:54.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/09/13 13:53:54.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/09/13 13:53:54.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/09/13 13:53:54.0812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/09/13 13:53:54.0890 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/09/13 13:53:54.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/09/13 13:53:55.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/09/13 13:53:55.0156 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2010/09/13 13:53:55.0234 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/09/13 13:53:55.0468 Lvckap (bd0d8c9e3aef163dafa0a3c27106d049) C:\WINDOWS\system32\drivers\Lvckap.sys
    2010/09/13 13:53:55.0718 lvmvdrv (c2ad4603075b1c58d92b6bb00e08e958) C:\WINDOWS\system32\drivers\lvmvdrv.sys
    2010/09/13 13:53:55.0953 lvpopflt (7f30e9ac611438039c79ca4bcd0a2610) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    2010/09/13 13:53:56.0109 LVPrcMon (4fd5a6335fb4fc1f758088b2f90613fe) C:\WINDOWS\system32\drivers\LVPrcMon.sys
    2010/09/13 13:53:56.0156 LVUSBSta (c0883f7914afa7feaa41ada0d513ac16) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2010/09/13 13:53:56.0296 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    2010/09/13 13:53:56.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/09/13 13:53:56.0421 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/09/13 13:53:56.0500 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/09/13 13:53:56.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/09/13 13:53:56.0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/09/13 13:53:56.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/09/13 13:53:56.0812 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/09/13 13:53:56.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/09/13 13:53:57.0093 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/09/13 13:53:57.0187 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/09/13 13:53:57.0281 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/09/13 13:53:57.0343 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/09/13 13:53:57.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/09/13 13:53:57.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/09/13 13:53:57.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/09/13 13:53:57.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/09/13 13:53:57.0671 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/09/13 13:53:57.0859 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100910.003\naveng.sys
    2010/09/13 13:53:57.0921 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100910.003\navex15.sys
    2010/09/13 13:53:58.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/09/13 13:53:58.0125 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/09/13 13:53:58.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/09/13 13:53:58.0203 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/09/13 13:53:58.0234 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/09/13 13:53:58.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/09/13 13:53:58.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/09/13 13:53:58.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/09/13 13:53:58.0687 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/09/13 13:53:58.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/09/13 13:53:58.0890 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    2010/09/13 13:53:58.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/09/13 13:53:59.0031 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/09/13 13:53:59.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/09/13 13:53:59.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/09/13 13:53:59.0203 ossrv (b0a7d75c6be3dd5ca4e87f8f20a48601) C:\WINDOWS\system32\drivers\ctoss2k.sys
    2010/09/13 13:53:59.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/09/13 13:53:59.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/09/13 13:53:59.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/09/13 13:53:59.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/09/13 13:53:59.0500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/09/13 13:53:59.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/09/13 13:53:59.0828 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/09/13 13:53:59.0906 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/09/13 13:54:00.0000 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
    2010/09/13 13:54:00.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/09/13 13:54:00.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/09/13 13:54:00.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/09/13 13:54:00.0156 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/09/13 13:54:00.0250 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/09/13 13:54:00.0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/09/13 13:54:00.0390 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/09/13 13:54:00.0421 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/09/13 13:54:00.0468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/09/13 13:54:00.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/09/13 13:54:00.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/09/13 13:54:00.0578 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/09/13 13:54:00.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/09/13 13:54:00.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/09/13 13:54:00.0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/09/13 13:54:00.0812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/09/13 13:54:00.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/09/13 13:54:00.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/09/13 13:54:00.0968 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
    2010/09/13 13:54:01.0093 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys
    2010/09/13 13:54:01.0109 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    2010/09/13 13:54:01.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/09/13 13:54:01.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/09/13 13:54:01.0328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/09/13 13:54:01.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/09/13 13:54:01.0562 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/09/13 13:54:01.0625 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/09/13 13:54:01.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/09/13 13:54:01.0828 SPBBCDrv (cc22bf5631c4837abcd81d75de8fb1aa) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2010/09/13 13:54:01.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/09/13 13:54:01.0953 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/09/13 13:54:02.0031 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/09/13 13:54:02.0078 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/09/13 13:54:02.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/09/13 13:54:02.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/09/13 13:54:02.0187 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/09/13 13:54:02.0203 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/09/13 13:54:02.0281 SymEvent (5156f63e684e8c864ff40e40d5309f41) C:\Program Files\Symantec\SYMEVENT.SYS
    2010/09/13 13:54:02.0359 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    2010/09/13 13:54:02.0500 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    2010/09/13 13:54:02.0562 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/09/13 13:54:02.0625 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/09/13 13:54:02.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/09/13 13:54:02.0906 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/09/13 13:54:02.0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/09/13 13:54:03.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/09/13 13:54:03.0046 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/09/13 13:54:03.0078 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/09/13 13:54:03.0125 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/09/13 13:54:03.0171 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/09/13 13:54:03.0234 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/09/13 13:54:03.0312 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/09/13 13:54:03.0359 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/09/13 13:54:03.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/09/13 13:54:03.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/09/13 13:54:03.0515 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/09/13 13:54:03.0578 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/09/13 13:54:03.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/09/13 13:54:03.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/09/13 13:54:03.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/09/13 13:54:03.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/09/13 13:54:03.0937 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/09/13 13:54:04.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/09/13 13:54:04.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/09/13 13:54:04.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/09/13 13:54:04.0343 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/09/13 13:54:04.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/09/13 13:54:04.0578 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/09/13 13:54:04.0671 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/09/13 13:54:04.0781 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/09/13 13:54:04.0875 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/09/13 13:54:04.0937 ================================================================================
    2010/09/13 13:54:04.0937 Scan finished
    2010/09/13 13:54:04.0937 ================================================================================

  3. #13
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Ok, lets run another rootkit scanner. That one just checked for the TDSS rootkit which appears gone, but there are others that may not be showing on your logs.


    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)

        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Please copy and paste the report into your Post.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default I'm getting the blue screen :(

    Hey Ken, sorry I have been MIA for a couple of days here. I ran the GMER scan the same day you suggested it. It was taking a long time, so I left my computer running overnight and came back to it in the morning. It had finished the scan, but as I went to click on the "Save" button, I got the blue screen error. At the time, I was running late for class, so I didn't have the chance to write down the technical information there, and I just manually shut off the computer.

    The next time I got on my computer, I did the Microsoft Error Reporting when it popped up, telling me I had a recovered from a serious error. The website page that eventually opened from Microsoft said that the error had something to do with a driver. Well, I wasn't sure what it could be, but I suspected that it may have had something to do with installing and uninstalling the software for an external hard drive from Seagate.

    I ran Windows update next, and found that there were 8 updates (mostly Microsoft security updates) that needed to be downloaded (I'm not sure why they weren't brought to my attention by the update checker--they normally are). So, I downloaded them and restarted my computer.

    Once the computer was up and running again, I decided to update my drivers via the hardware device manager. I went down the list of hardware devices on my computer, searching to see if there were any available updates, but I wasn't finding any until I got to my sound card. An updated driver was downloaded for my audio codecs, but as soon as that was done, I got another blue screen.

    I shut off and restarted my computer yet again, this time going into safe mode as the blue screen prompt suggested. I used Windows System restore to revert back to the settings I had from the 10th (last Friday), but after the restoration was complete and I restarted the computer, I was sent immediately to the blue screen.

    Well, at this point, I decided I should let you know what was going on. I'm using my laptop now to post here. The technical information given by the most recent blue screen, the one I get on starting the computer, says:

    STOP: 0x0000007E (0xC0000005,0xA936E978,0xBA5031A4,0xBA502EA0)

    I'm kind of lost right now as to what to do. I'm thinking of trying to restore to an even earlier point, but I wanted to see what you say about it. I'm hoping you can shed some light on the matter! Thanks again for your help!

  5. #15
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go ahead and restore to an earlier time if you can. One of the things about cleaning malware off of a system is to just leave it be until the computer is clean. I have always gone by the saying "If it ain't broke dont fix it" what I mean by that is if say your sound card is running fine, leave it be , but thats me. The problem your having now is software related updating those drivers , if the restore does not get you up and running let me know and I can link you to some great windows support sites as we just do malware removal on this one.

    Let me know how it went
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default Bullet dodged (I hope!)

    Well, it looks like the second system restore I did worked. I was able to successfully complete the GMER scan and save the log file, so here it is...

    After pasting the log here, it looks like the formatting is off, so I'll also upload the original file for ease in reading it.

    GMER Scan Log:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-16 20:36:41
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Daniel\LOCALS~1\Temp\kwdyqfog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A71B1F8 ZwConnectPort
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8DF6CB0]
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8DF6F10]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99B7000, 0x1C5D58, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device A42A7D20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:692] A863083A

    ---- EOF - GMER 1.0.15 ----

  7. #17
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    This is what I would like you to do since you used System Restore.

    1.
    Do not install anymore drivers, programs , hardware , this goes for uninstalling them also, just leave things be until where done.


    2.
    Drag Combofix to the trash and redownload it as its updated on a regular basis and run it again and post the log.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default New Combofix log

    Hey Ken, here are the results from the ComboFix scan...

    ComboFix 10-09-17.04 - Daniel 09/17/2010 19:22:59.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -5:00]
    Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
    .

    2010-09-16 04:12 . 2008-07-11 20:40 321512 ----a-w- c:\windows\system32\ctdlang.dat
    2010-09-13 01:18 . 2010-09-13 01:18 -------- d-----w- c:\program files\ESET
    2010-09-12 21:44 . 2010-09-12 21:44 -------- d-sh--w- c:\documents and settings\LocalService\UserData
    2010-09-12 21:44 . 2010-09-12 21:44 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
    2010-09-12 21:43 . 2010-09-12 21:43 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\program files\Seagate
    2010-09-12 03:53 . 2010-09-13 00:14 -------- d-----w- c:\program files\Carbonite
    2010-09-11 19:16 . 2010-09-11 19:16 -------- d-----w- c:\program files\Common Files\Skype
    2010-09-11 00:38 . 2010-09-11 00:39 -------- d-----w- c:\program files\ERUNT
    2010-09-10 21:19 . 2010-09-10 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:50 . 2010-09-10 01:50 -------- d-----w- C:\SIERRA
    2010-09-09 04:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40 . 2010-09-09 03:40 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Sunbelt Software
    2010-09-09 03:40 . 2010-09-09 03:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:40 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
    2010-09-09 03:39 . 2010-09-09 03:39 -------- d-----w- c:\program files\Lavasoft
    2010-09-03 02:04 . 2010-09-03 02:04 214040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 00:18 . 2006-07-22 02:31 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-09-17 20:31 . 2006-07-23 19:33 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-09-12 23:48 . 2006-07-19 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-09-12 18:01 . 2006-07-19 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-12 11:13 . 2010-08-11 05:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-11 22:39 . 2010-01-11 18:37 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype
    2010-09-11 19:10 . 2010-01-11 18:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM
    2010-09-10 20:09 . 2007-06-28 03:33 -------- d-----w- c:\program files\QuickTime
    2010-09-10 20:06 . 2007-06-28 03:32 -------- d-----w- c:\program files\Apple Software Update
    2010-09-09 03:39 . 2009-03-17 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-20 00:58 . 2010-08-20 00:58 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3B.tmp
    2010-08-20 00:54 . 2010-08-20 00:54 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx39.tmp
    2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-17 00:15 . 2010-08-17 00:15 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1B.tmp
    2010-08-17 00:13 . 2010-08-17 00:13 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx19.tmp
    2010-08-15 23:22 . 2010-08-15 23:22 -------- d-----w- c:\program files\Common Files\Java
    2010-08-15 23:21 . 2010-08-15 23:21 503808 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\msvcp71.dll
    2010-08-15 23:21 . 2010-08-15 23:21 499712 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\jmc.dll
    2010-08-15 23:21 . 2010-08-15 23:21 61440 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4227d90b-n\decora-sse.dll
    2010-08-15 23:21 . 2010-08-15 23:21 348160 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\msvcr71.dll
    2010-08-15 23:21 . 2010-08-15 23:21 12800 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4227d90b-n\decora-d3d.dll
    2010-08-15 23:21 . 2010-08-15 23:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-15 23:20 . 2006-07-19 16:59 -------- d-----w- c:\program files\Java
    2010-08-15 04:13 . 2009-10-15 22:57 -------- d-----w- c:\program files\Windows Desktop Search
    2010-08-12 21:09 . 2006-07-19 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
    2010-08-12 21:07 . 2006-07-19 17:03 -------- d-----w- c:\program files\Dell
    2010-08-12 21:07 . 2006-07-19 17:07 -------- d-----w- c:\program files\Real
    2010-08-12 20:57 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-08-12 20:56 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-08-12 20:52 . 2007-06-28 18:48 -------- d-----w- c:\program files\Steam
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\AOL
    2010-08-12 20:43 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\aolshare
    2010-08-10 23:29 . 2007-12-25 20:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29 . 2007-12-25 20:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx22.tmp
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx21.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx20.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1F.tmp
    2010-08-10 01:23 . 2010-08-10 01:23 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1E.tmp
    2010-08-10 01:19 . 2010-08-10 01:19 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1D.tmp
    2010-08-10 00:39 . 2010-08-10 00:39 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx5C.tmp
    2010-08-10 00:37 . 2010-08-10 00:37 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx56.tmp
    2010-08-10 00:33 . 2010-08-10 00:33 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3D.tmp
    2010-08-03 21:15 . 2006-09-04 19:56 -------- d-----w- c:\documents and settings\Daniel\Application Data\Image Zone Express
    2010-08-01 04:13 . 2010-08-01 04:13 -------- d-----w- c:\documents and settings\Daniel\Application Data\MSNInstaller
    2010-07-30 05:29 . 2010-07-30 05:29 21409808 ----a-w- c:\documents and settings\All Users\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
    2010-07-30 03:43 . 2010-07-30 03:43 -------- d-----w- c:\program files\Belkin
    2010-07-22 15:49 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57 . 2009-04-15 15:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 04:47 . 2010-06-24 04:47 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb52.tmp.exe
    2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2008-02-18 02:10 . 2006-07-22 22:12 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10 . 2006-07-22 22:12 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-13_00.06.27 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-17 20:32 . 2010-09-17 20:32 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
    + 2010-09-16 04:12 . 2008-07-15 23:11 92696 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\emupia2k.sys
    + 2010-09-16 04:12 . 2008-07-15 23:09 14360 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctprxy2k.sys
    + 2010-09-16 04:12 . 2008-07-11 20:53 86016 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctcoinst.dll
    + 2010-09-16 04:12 . 2008-07-11 20:37 26919 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\ctd20x.dat
    + 2010-09-16 04:12 . 2008-07-11 20:40 56509 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\ctdnlstr.dat
    + 2010-09-16 04:12 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0032\DriverFiles\i386\wdmaud.drv
    + 2010-09-16 04:12 . 2008-04-13 17:45 49408 c:\windows\system32\ReinstallBackups\0032\DriverFiles\i386\stream.sys
    + 2010-09-16 04:12 . 2008-04-13 17:45 60160 c:\windows\system32\ReinstallBackups\0032\DriverFiles\i386\drmk.sys
    + 2010-09-16 04:12 . 2005-11-08 10:14 33792 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\regplib.exe
    + 2010-09-16 04:12 . 2008-07-11 20:39 64512 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\piaproxy.dll
    + 2010-09-16 04:12 . 2008-07-11 20:37 10240 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\killapps.exe
    + 2010-09-16 04:12 . 2001-07-11 15:51 77824 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\eaxac3.dll
    + 2010-09-16 04:12 . 2008-07-11 20:36 32768 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\devreg.dll
    + 2010-09-16 04:12 . 2008-07-11 20:50 45056 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CTxfiSpk.dll
    + 2010-09-16 04:12 . 2008-07-11 20:46 43520 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\Ctxfireg.exe
    + 2010-09-16 04:12 . 2008-07-11 20:50 19968 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\Ctxfihlp.exe
    + 2010-09-16 04:12 . 2008-07-11 20:50 35840 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CTxfiBtn.dll
    + 2010-09-16 04:12 . 2007-03-13 15:32 89336 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ctpxst32.exe
    + 2010-09-16 04:12 . 2007-03-19 16:06 45568 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ctppld.dll
    + 2010-09-16 04:12 . 2008-07-11 20:39 69120 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ctosuser.dll
    + 2010-09-16 04:12 . 2008-07-15 22:23 72728 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CTHWIUT.DLL
    + 2010-09-16 04:12 . 2008-07-11 20:39 49152 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ctdproxy.dll
    + 2010-09-16 04:12 . 2008-07-11 20:39 46592 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ctasio.dll
    + 2010-09-16 04:12 . 2008-07-11 20:46 10752 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\Ct20xspi.dll
    + 2010-09-16 04:12 . 2006-12-05 19:52 48400 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\AddCat.exe
    + 2010-09-16 04:12 . 2008-07-11 20:51 27648 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ac3api.dll
    + 2010-09-16 04:12 . 2005-11-08 10:38 33792 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\a3d.dll
    + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
    - 2006-07-19 16:40 . 2008-07-11 20:37 26919 c:\windows\system32\data\ctd20x.dat
    + 2010-09-16 04:12 . 2008-07-11 20:37 26919 c:\windows\system32\data\ctd20x.dat
    + 2010-09-16 04:12 . 2005-11-08 10:40 9216 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\pfmodnt.sys
    + 2010-09-16 04:12 . 2008-07-11 20:37 2091 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\cts20x.dat
    + 2010-09-16 04:12 . 2008-07-11 20:50 3072 c:\windows\system32\ReinstallBackups\0032\DriverFiles\lang\i386\CtxfiRes.dll
    + 2010-09-16 04:12 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0032\DriverFiles\i386\ksuser.dll
    + 2010-09-16 04:12 . 2008-07-11 20:39 6144 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\sfman32.dll
    + 2010-09-16 04:12 . 2008-07-11 20:37 5120 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\enlocstr.exe
    - 2006-07-19 16:40 . 2008-07-11 20:37 2091 c:\windows\system32\data\cts20x.dat
    + 2010-09-16 04:12 . 2008-07-11 20:37 2091 c:\windows\system32\data\cts20x.dat
    + 2006-07-19 16:40 . 2005-11-08 10:30 9216 c:\windows\CTPRES.DLL
    + 2004-08-11 22:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
    - 2004-08-11 22:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
    - 2004-08-11 22:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
    + 2004-08-11 22:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
    + 2010-09-16 04:19 . 2010-09-16 19:51 347300 c:\windows\system32\Restore\rstrlog.dat
    + 2010-09-16 04:12 . 2008-07-15 23:10 157208 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctsfm2k.sys
    + 2010-09-16 04:12 . 2008-07-15 23:08 127000 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctoss2k.sys
    + 2010-09-16 04:12 . 2008-07-11 20:53 181248 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctdvinst.dll
    + 2010-09-16 04:12 . 2008-07-15 23:08 347080 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctdvda2k.sys
    + 2010-09-16 04:12 . 2008-07-15 23:07 527384 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctaud2k.sys
    + 2010-09-16 04:12 . 2008-07-15 23:06 511000 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ctac32k.sys
    + 2010-09-16 04:12 . 2008-07-11 20:39 275257 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0760W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 277688 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP073AW.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 277688 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0730W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 357983 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0679W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 357983 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0678W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275766 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP055AW.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 276094 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0550W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275508 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP046CW.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275508 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP046BW.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275508 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP046AW.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0469W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0468W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0466W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0465W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0464W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 276282 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0463W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0462W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:39 275836 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\Data\CTP0460W.DAT
    + 2010-09-16 04:12 . 2008-07-11 20:40 321512 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\ctdlang.dat
    + 2010-09-16 04:12 . 2008-04-13 18:19 146048 c:\windows\system32\ReinstallBackups\0032\DriverFiles\i386\portcls.sys
    + 2010-09-16 04:12 . 2008-04-13 18:16 141056 c:\windows\system32\ReinstallBackups\0032\DriverFiles\i386\ks.sys
    + 2010-09-16 04:12 . 2008-07-11 20:39 104448 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\sfms32.dll
    + 2010-09-16 04:12 . 2007-07-11 07:30 782336 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\OALInst.exe
    + 2010-09-16 04:12 . 2008-07-11 20:46 969216 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CTxfispi.exe
    + 2010-09-16 04:12 . 2008-07-11 20:40 110080 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ctemupia.dll
    + 2010-09-16 04:12 . 2007-03-19 16:05 512000 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CTAPO32.dll
    + 2010-09-16 04:12 . 2008-07-15 22:23 170520 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CT20XUT.DLL
    + 2010-09-16 04:12 . 2008-07-11 20:39 174592 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\ct_oal.dll
    + 2010-09-16 04:12 . 2007-08-29 19:22 557159 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\APOIM32.exe
    + 2006-10-19 02:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll
    - 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
    + 2004-08-11 22:12 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
    + 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
    + 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
    + 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
    + 2010-01-29 15:01 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2010-09-16 04:12 . 2008-07-15 23:12 1173016 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Win2K_XP\i386\ha20x2k.sys
    + 2010-09-16 04:12 . 2008-07-15 22:22 1323544 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\CTEXFIFX.DLL
    + 2010-09-16 04:12 . 2008-07-15 06:08 24089151 c:\windows\system32\ReinstallBackups\0032\DriverFiles\Common\i386\AppSetup.exe
    + 2006-07-22 18:46 . 2010-09-16 03:25 35552200 c:\windows\system32\MRT.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^YouTube Uploader.lnk]
    path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\YouTube Uploader.lnk
    backup=c:\windows\pss\YouTube Uploader.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-09-09 03:42 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-07-23 00:42 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 06:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-07-30 14:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2007-04-01 18:04 67128 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    2005-12-07 14:26 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    2005-12-07 14:33 73728 ----a-w- c:\program files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
    2005-09-14 19:40 229466 ------w- c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-12 04:08 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-16 04:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2006-03-17 10:34 124656 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Aim6"=
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "CTxfiHlp"=CTXFIHLP.EXE
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\dmw2788\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Steam\\steamapps\\tubabubba\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/8/2010 10:43 PM 64288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 12:02 AM 102448]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\Google\Update\GoogleUpdate.exe [11/1/2008 8:15 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:42]

    2009-09-02 c:\windows\Tasks\Blue Devils - F-Tuning (Ditty Cadence).job
    - c:\documents and settings\Daniel\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Naruto\11 Track 11 (rap).m4a [2007-10-07 06:11]

    2010-06-16 c:\windows\Tasks\Cancel apartment insurance policy reminder.job
    - c:\documents and settings\Daniel\My Documents\Cancel your apartment insurance.doc [2010-06-16 18:24]

    2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005Core.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005UA.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2009-01-03 c:\windows\Tasks\Journal reminder.job
    - c:\documents and settings\Daniel\My Documents\Journal\reminder 2.txt [2007-08-24 02:00]

    2010-09-17 c:\windows\Tasks\Microsoft Office Word 2003.job
    - c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk [2006-07-22 02:03]

    2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{1BF8318D-0EC3-416B-BC83-385052EB66C3}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\me7gvhrl.default\
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-17 19:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    scanning hidden files ...


    c:\docume~1\Daniel\LOCALS~1\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3311269471-1733383960-847243865-1005\Software\SecuROM\License information*]
    "datasecu"=hex:ec,d2,b5,c5,5b,e0,ba,21,79,a9,45,83,db,8a,91,83,3f,3d,41,48,f7,
    01,26,3b,18,b4,d9,d4,20,e8,31,a7,d7,4d,ba,ab,dc,43,ce,bc,a6,9d,f5,eb,71,b7,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(780)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2232)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-09-17 19:33:51
    ComboFix-quarantined-files.txt 2010-09-18 00:33
    ComboFix2.txt 2010-09-13 00:09
    ComboFix3.txt 2010-09-12 14:51

    Pre-Run: 91,426,734,080 bytes free
    Post-Run: 91,402,031,104 bytes free

    - - End Of File - - CE306411340539E25BD72F09CBEEEF01

  9. #19
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.


    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


    Code:
    File::
    c:\windows\system32\drivers\lvuvc.hs
    c:\documents and settings\All Users\Application Data\Viewpoint
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default Combofix run

    Before I ran Combofix with the text file, I double-checked to make sure that Viewpoint wasn't on my progams list, because I remembered having uninstalled it earlier. It looks like it was already uninstalled, though the folder mentioned in the Notepad file was still present in the directory (albeit empty). I went ahead and ran Combofix. Here are the results:

    ComboFix 10-09-17.04 - Daniel 09/19/2010 17:24:51.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1177 [GMT -5:00]
    Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Created a new restore point

    FILE ::
    "c:\documents and settings\All Users\Application Data\Viewpoint"
    "c:\windows\system32\drivers\lvuvc.hs"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\lvuvc.hs

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
    .

    2010-09-16 04:12 . 2008-07-11 20:40 321512 ----a-w- c:\windows\system32\ctdlang.dat
    2010-09-13 01:18 . 2010-09-13 01:18 -------- d-----w- c:\program files\ESET
    2010-09-12 21:44 . 2010-09-12 21:44 -------- d-sh--w- c:\documents and settings\LocalService\UserData
    2010-09-12 21:44 . 2010-09-12 21:44 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
    2010-09-12 21:43 . 2010-09-12 21:43 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\program files\Seagate
    2010-09-12 03:53 . 2010-09-13 00:14 -------- d-----w- c:\program files\Carbonite
    2010-09-11 19:16 . 2010-09-11 19:16 -------- d-----w- c:\program files\Common Files\Skype
    2010-09-11 00:38 . 2010-09-11 00:39 -------- d-----w- c:\program files\ERUNT
    2010-09-10 21:19 . 2010-09-10 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:50 . 2010-09-10 01:50 -------- d-----w- C:\SIERRA
    2010-09-09 04:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40 . 2010-09-09 03:40 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Sunbelt Software
    2010-09-09 03:40 . 2010-09-09 03:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:40 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
    2010-09-09 03:39 . 2010-09-09 03:39 -------- d-----w- c:\program files\Lavasoft
    2010-09-03 02:04 . 2010-09-03 02:04 214040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-19 22:23 . 2006-07-22 02:31 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-09-12 23:48 . 2006-07-19 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-09-12 18:01 . 2006-07-19 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-12 11:13 . 2010-08-11 05:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-11 22:39 . 2010-01-11 18:37 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype
    2010-09-11 19:10 . 2010-01-11 18:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM
    2010-09-10 20:09 . 2007-06-28 03:33 -------- d-----w- c:\program files\QuickTime
    2010-09-10 20:06 . 2007-06-28 03:32 -------- d-----w- c:\program files\Apple Software Update
    2010-09-09 03:39 . 2009-03-17 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-20 00:58 . 2010-08-20 00:58 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3B.tmp
    2010-08-20 00:54 . 2010-08-20 00:54 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx39.tmp
    2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-17 00:15 . 2010-08-17 00:15 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1B.tmp
    2010-08-17 00:13 . 2010-08-17 00:13 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx19.tmp
    2010-08-15 23:22 . 2010-08-15 23:22 -------- d-----w- c:\program files\Common Files\Java
    2010-08-15 23:21 . 2010-08-15 23:21 503808 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\msvcp71.dll
    2010-08-15 23:21 . 2010-08-15 23:21 499712 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\jmc.dll
    2010-08-15 23:21 . 2010-08-15 23:21 61440 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4227d90b-n\decora-sse.dll
    2010-08-15 23:21 . 2010-08-15 23:21 348160 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\msvcr71.dll
    2010-08-15 23:21 . 2010-08-15 23:21 12800 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4227d90b-n\decora-d3d.dll
    2010-08-15 23:21 . 2010-08-15 23:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-15 23:20 . 2006-07-19 16:59 -------- d-----w- c:\program files\Java
    2010-08-15 04:13 . 2009-10-15 22:57 -------- d-----w- c:\program files\Windows Desktop Search
    2010-08-12 21:09 . 2006-07-19 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
    2010-08-12 21:07 . 2006-07-19 17:03 -------- d-----w- c:\program files\Dell
    2010-08-12 21:07 . 2006-07-19 17:07 -------- d-----w- c:\program files\Real
    2010-08-12 20:57 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-08-12 20:56 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-08-12 20:52 . 2007-06-28 18:48 -------- d-----w- c:\program files\Steam
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\AOL
    2010-08-12 20:43 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\aolshare
    2010-08-10 23:29 . 2007-12-25 20:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29 . 2007-12-25 20:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx22.tmp
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx21.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx20.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1F.tmp
    2010-08-10 01:23 . 2010-08-10 01:23 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1E.tmp
    2010-08-10 01:19 . 2010-08-10 01:19 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1D.tmp
    2010-08-10 00:39 . 2010-08-10 00:39 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx5C.tmp
    2010-08-10 00:37 . 2010-08-10 00:37 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx56.tmp
    2010-08-10 00:33 . 2010-08-10 00:33 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3D.tmp
    2010-08-03 21:15 . 2006-09-04 19:56 -------- d-----w- c:\documents and settings\Daniel\Application Data\Image Zone Express
    2010-08-01 04:13 . 2010-08-01 04:13 -------- d-----w- c:\documents and settings\Daniel\Application Data\MSNInstaller
    2010-07-30 05:29 . 2010-07-30 05:29 21409808 ----a-w- c:\documents and settings\All Users\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
    2010-07-30 03:43 . 2010-07-30 03:43 -------- d-----w- c:\program files\Belkin
    2010-07-22 15:49 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57 . 2009-04-15 15:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 04:47 . 2010-06-24 04:47 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb52.tmp.exe
    2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2008-02-18 02:10 . 2006-07-22 22:12 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10 . 2006-07-22 22:12 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-09-18_00.31.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-19 21:52 . 2010-09-19 21:52 16384 c:\windows\Temp\Perflib_Perfdata_100.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^YouTube Uploader.lnk]
    path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\YouTube Uploader.lnk
    backup=c:\windows\pss\YouTube Uploader.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-09-09 03:42 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-07-23 00:42 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 06:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-07-30 14:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2007-04-01 18:04 67128 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    2005-12-07 14:26 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    2005-12-07 14:33 73728 ----a-w- c:\program files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
    2005-09-14 19:40 229466 ------w- c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-12 04:08 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-16 04:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2006-03-17 10:34 124656 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Aim6"=
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "CTxfiHlp"=CTXFIHLP.EXE
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\dmw2788\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Steam\\steamapps\\tubabubba\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/8/2010 10:43 PM 64288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 12:02 AM 102448]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\Google\Update\GoogleUpdate.exe [11/1/2008 8:15 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:42]

    2009-09-02 c:\windows\Tasks\Blue Devils - F-Tuning (Ditty Cadence).job
    - c:\documents and settings\Daniel\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Naruto\11 Track 11 (rap).m4a [2007-10-07 06:11]

    2010-06-16 c:\windows\Tasks\Cancel apartment insurance policy reminder.job
    - c:\documents and settings\Daniel\My Documents\Cancel your apartment insurance.doc [2010-06-16 18:24]

    2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005Core.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005UA.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2009-01-03 c:\windows\Tasks\Journal reminder.job
    - c:\documents and settings\Daniel\My Documents\Journal\reminder 2.txt [2007-08-24 02:00]

    2010-09-18 c:\windows\Tasks\Microsoft Office Word 2003.job
    - c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk [2006-07-22 02:03]

    2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{1BF8318D-0EC3-416B-BC83-385052EB66C3}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\me7gvhrl.default\
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-19 17:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3311269471-1733383960-847243865-1005\Software\SecuROM\License information*]
    "datasecu"=hex:ec,d2,b5,c5,5b,e0,ba,21,79,a9,45,83,db,8a,91,83,3f,3d,41,48,f7,
    01,26,3b,18,b4,d9,d4,20,e8,31,a7,d7,4d,ba,ab,dc,43,ce,bc,a6,9d,f5,eb,71,b7,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(792)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-09-19 17:37:30
    ComboFix-quarantined-files.txt 2010-09-19 22:37
    ComboFix2.txt 2010-09-18 00:33
    ComboFix3.txt 2010-09-13 00:09
    ComboFix4.txt 2010-09-12 14:51

    Pre-Run: 91,402,461,184 bytes free
    Post-Run: 91,382,018,048 bytes free

    - - End Of File - - 8F6C0AC3647AB895C383006CA8FF89DF

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •