Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Malware or Virus? Can't do web searches (dds included)

  1. #1
    Member
    Join Date
    Apr 2009
    Posts
    38

    Default Malware or Virus? Can't do web searches (dds included)

    Hi! I may have a virus or malware that I cannot detect. My symptoms:

    1- I cannot do a web search via Yahoo or Google. When I type a search term and press enter or click "web search", nothing happens. Google behaves the same way. I am not re-directed; I just don't get any search results. I am able to directly type in URLs and access websites directly, however.

    2- Internet navigation is very slow.

    I have run Spybot, Malwarebytes and Zone Alarm Antivirus/Spyware, Superantispyware, and Windows Live One Care. All appear to run clean. However, I still have the issues listed above. I am concerned there is a bad registry setting that I cannot identify.

    Thanks in advance.


    Sarama711

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 10:15:24 on 2011-06-25
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1733 [GMT -5:00]
    .
    AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\StorageSync\StrgSync.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\program files\companionlink\companionlink.exe
    C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page =
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://us9.hpwis.com/
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    uURLSearchHooks: H - No File
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
    EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
    mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
    mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
    mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\v4.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: turbotax.com
    Trusted Zone: windowsupdate.com\download
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
    DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} - hxxp://63.166.193.103/netagent/objects/emagic.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238645755046
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://63.240.55.130/media/VisitorChat/TLIEFlash.CAB
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.ritzpix.com/upload/FujifilmUploadClient.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - hxxp://lg.home.microsoft.com/search/lobby/searchsettings.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
    TCP: Interfaces\{07E89FDA-32B3-4865-B3FB-C2A8EF03550E} : DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-8-19 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-8-19 317072]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 68168]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-19 528128]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-15 238952]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-15 36608]
    R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-4-28 14336]
    S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-4-28 20736]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-4-28 20096]
    S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-4-28 25088]
    S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-4-28 23168]
    S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [2011-4-28 22272]
    S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-4-28 28032]
    S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-4-28 70016]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-8-8 14336]
    S3 psa128r;Nike psa[128 Player Control Driver;c:\windows\system32\drivers\psa128r.sys [2004-3-30 30613]
    S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\drivers\psa128u.sys [2004-3-30 35246]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    .
    =============== Created Last 30 ================
    .
    2011-06-24 19:06:58 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c6f2bd33-9e43-45d9-9172-d967ff17bd1a}\mpengine.dll
    2011-06-23 01:24:23 -------- dc-h--w- c:\windows\ie8
    2011-06-23 01:23:50 -------- d--h--w- c:\windows\msdownld.tmp
    2011-06-23 01:19:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-06-19 00:06:12 -------- d-----w- C:\spoolerlogs
    2011-06-16 23:42:51 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-10 22:21:50 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-06-10 22:21:50 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-06-10 22:21:43 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2011-06-10 22:21:43 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    .
    ==================== Find3M ====================
    .
    2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-14 18:06:48 90112 ----a-w- c:\windows\DUMP6e98.tmp
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 10:18:04.12 ===============

  2. #2
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Hello and welcome to Safer Networking.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:



    Step # 1 Download and run DDS

    Download DDS and save it to your desktop from here or here or here
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.



    Step # 2: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The two DDS Logs (DDS and Attach.txt)
    2. The GMER Log

    Use multiple posts if you can't fit everything into one post.
    Malware Removal University Master
    Member of ASAP & UNITE

  3. #3
    Member
    Join Date
    Apr 2009
    Posts
    38

    Default

    No problem about the response. We all appreciate your help and understand the demand.

    I *may* have identified and resolve my issue. I noticed that I was able to do yahoo browser searches if I used the search box in the toolbar. However, I also noticed the search results always listed scour.com as a search result. I found information about this as a virus and downloaded the TDSSKiller.exe utility from http://support.kaspersky.com/viruses...?qid=208280684. This identified a virus and removed it. This appears to have resolved my issues, as I can again do web searches and my computer is no longer slow.

    I am attaching the DDS logs for your review. When I downloaded and ran Gmer, however, the screen briefly displayed the initial Gmer screen but then my system completely shut down. It re-boot and I received the message "The system has recovered from a serious error." I cannot run Gmer.

    I believe my issue is resolved but will continue to run checks if that will assure my issue is resolved.

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 20:17:46 on 2011-07-05
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1717 [GMT -5:00]
    .
    AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\java.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\program files\companionlink\companionlink.exe
    C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page =
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://us9.hpwis.com/
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    uURLSearchHooks: H - No File
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
    EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
    mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
    mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
    mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\v4.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: turbotax.com
    Trusted Zone: windowsupdate.com\download
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
    DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} - hxxp://63.166.193.103/netagent/objects/emagic.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238645755046
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://63.240.55.130/media/VisitorChat/TLIEFlash.CAB
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.ritzpix.com/upload/FujifilmUploadClient.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - hxxp://lg.home.microsoft.com/search/lobby/searchsettings.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
    TCP: Interfaces\{07E89FDA-32B3-4865-B3FB-C2A8EF03550E} : DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-8-19 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-8-19 317072]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 68168]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-19 528128]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-15 238952]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-15 36608]
    S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-4-28 14336]
    S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-4-28 20736]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-4-28 20096]
    S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-4-28 25088]
    S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-4-28 23168]
    S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [2011-4-28 22272]
    S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-4-28 28032]
    S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-4-28 70016]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-8-8 14336]
    S3 psa128r;Nike psa[128 Player Control Driver;c:\windows\system32\drivers\psa128r.sys [2004-3-30 30613]
    S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\drivers\psa128u.sys [2004-3-30 35246]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-14 18:06:48 90112 ----a-w- c:\windows\DUMP6e98.tmp
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 20:20:06.84 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/3/2004 11:38:32 AM
    System Uptime: 7/5/2011 5:16:12 PM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 143 GiB total, 19.727 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 0.952 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP839: 6/25/2011 12:27:42 PM - Software Distribution Service 3.0
    RP840: 6/25/2011 2:40:19 PM - System Checkpoint
    RP841: 6/26/2011 4:55:05 PM - System Checkpoint
    RP842: 6/27/2011 5:35:17 PM - System Checkpoint
    RP843: 6/28/2011 5:51:43 PM - Software Distribution Service 3.0
    RP844: 6/28/2011 6:07:10 PM - Software Distribution Service 3.0
    RP845: 6/29/2011 9:25:45 PM - System Checkpoint
    RP846: 7/1/2011 3:06:14 PM - Software Distribution Service 3.0
    RP847: 7/2/2011 6:20:13 PM - System Checkpoint
    RP848: 7/3/2011 8:41:29 PM - System Checkpoint
    RP849: 7/4/2011 9:39:10 PM - System Checkpoint
    RP850: 7/5/2011 5:23:58 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    ACDSee for PENTAX
    Acrobat.com
    Ad-Aware SE Personal
    Adaptec ASPI XP v4.71.1
    Adobe AIR
    Adobe Community Help
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 9
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 9.4.0
    Adobe Shockwave Player
    Amazon MP3 Downloader 1.0.5
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft ShowBiz 2
    AutoShrinkIso 3.1
    Band-in-a-Box and RealBand 2011
    Band-in-a-Box Server
    BIAS SoundSoap PE 2.1
    Blackhawk Striker from Hewlett-Packard Desktops (remove only)
    Blasterball 2 from Hewlett-Packard Desktops (remove only)
    bodybugg® Software
    Bonjour
    Bounce from Hewlett-Packard Desktops (remove only)
    burnatonce
    Cannonballs from Hewlett-Packard Desktops (remove only)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.8
    Canon Utilities EOS Utility
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities WFT Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CloneDVD2
    CompanionLink
    CoyoteWT 1.0
    CreativeProjects
    Critical Update for Windows Media Player 11 (KB959772)
    Cucusoft DVD to iPod + iPod Video Converter Suite 7.15.7.8
    Daniusoft DVD to BlackBerry Converter(Build 1.4.0)
    DeskAlarm
    Director
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
    Eazy VCD 1.15a
    Elements 9 Organizer
    Elements STI Installer
    EPSON Copy Utility
    EPSON PERF 2400 Guide
    EPSON Photo Print
    EPSON Scan
    EPSON Smart Panel
    ERUNT 1.1j
    Excavation from Hewlett-Packard Desktops (remove only)
    First Step Guide
    Five Card Frenzy from Hewlett-Packard Desktops (remove only)
    GemMaster 3 from Hewlett-Packard Desktops (remove only)
    getPlus(R) for Adobe
    Guitar Pro 5.2
    HijackThis 2.0.2
    Honeycombs from Hewlett-Packard Desktops (remove only)
    Hot Corners
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 5100
    HP Deskjet Preloaded Printer Drivers
    HP Instant Support
    HP Organize
    HP Photo & Imaging 3.0
    HP Photo and Imaging 2.0 - Photosmart Cameras
    HP Software Update
    HPImageZone
    HPIZ Fix2
    hpmdtab
    HpSdpAppCoreApp
    HPSystemDiagnostics
    ImageMixer VCD2
    InstantShare
    Intel(R) Extreme Graphics Driver
    IntelliMover Data Transfer Demo
    InterActual Player
    InterVideo WinDVD Player
    iPod for Windows 2006-03-23
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    KBD
    KeyText v3
    LG United Mobile Driver
    LG USB Modem Driver
    Linksys EasyLink Advisor
    LiveUpdate 2.6 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech iTouch Software
    Logitech MouseWare 9.75
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Mars Rover from Hewlett-Packard Desktops (remove only)
    Memories Disc Creator 2.0
    MemoriesOnTV 2.1.5
    MemoriesOnTV 3.0.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Links LS 2000
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition
    Microsoft Silverlight
    Microsoft Streets and Trips 2005 with USB GPS
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    MUSICMATCH® Jukebox
    MXpie Patch for WinMX Network/WPNP 3.6.3.6
    Nero 6 Demo
    Nike psa[128 Player
    Nokia Connectivity Cable Driver
    Norton WMI Update
    NVIDIA Drivers
    OmniPass
    Orbital from Hewlett-Packard Desktops (remove only)
    Otto from Hewlett-Packard Desktops (remove only)
    Palm Desktop
    PC-Doctor for Windows
    PC Connectivity Solution
    PENTAX USB DISK Device
    PG Music DirectX Plugins 2.0.0.0
    PhotoGallery
    Photosmart 140,240,7200,7600,7700,7900 Series
    Picture Package
    Pinnacle Instant DVD Recorder
    Playlist Creator 3.6
    Polar Bowler from Hewlett-Packard Desktops (remove only)
    PrintScreen
    proDAD Heroglyph 2.5
    proDAD Vitascene 1.0
    PS2
    PSShortcutsP
    Pure Networks Platform
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    Quicken 2010
    QuickProjects
    QuickTime
    RealPlayer
    RecordNow!
    RegAlyzer (OpenSBI Edition)
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Samsung New PC Studio
    SAMSUNG USB Driver for Mobile Phones
    ScanToWeb
    Seagate Manager Installer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    SkinsHP2
    Slyder from Hewlett-Packard Desktops (remove only)
    SnagIt 7
    Sony USB Driver
    Spybot - Search & Destroy
    SpywareBlaster 4.3
    StorageSync Backup Software
    Studio 11
    Studio 11 Bonus DVD
    Studio Ultimate
    STX from Hewlett-Packard Desktops (remove only)
    SUPER © Version 2008.bld.32 (July 8, 2008)
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    toolkit
    Total Recorder 5.1
    TrayApp
    TurboTax 2008
    TurboTax 2008 wiliper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wiliper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wiliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax Deluxe 2007
    Uniblue DriverScanner 2009
    Uninstall MPEG2 Plugin
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updates from HP
    VC 9.0 Runtime
    Virtual Sound Canvas DXi
    Virtual Warfare from Hewlett-Packard Desktops (remove only)
    WebEx Support Manager for Internet Explorer
    WebFldrs XP
    Weblink
    WexTech AnswerWorks
    Window Shopper
    Windows Defender
    Windows Defender Signatures
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
    Windows Driver Package - Nokia Modem (08/08/2007 3.3)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Wise Registry Cleaner 4 Free 4.22
    Yahoo! Browser Services
    Yahoo! Desktop Login
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
    Yahoo! Software Update
    Yahoo! Toolbar
    ZoneAlarm Security Suite
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/3/2011 8:26:58 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8056ca2e, parameter3 9042f608, parameter4 00000000.
    7/3/2011 8:24:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/3/2011 8:24:53 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/1/2011 3:03:03 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    6/30/2011 6:56:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000C6EC8E86E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    6/29/2011 7:42:20 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 000C6EC8E86E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    6/28/2011 11:02:41 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
    6/28/2011 10:53:49 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================

  4. #4
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Since GMER gave you problems, we'll try another rootkit scanner in its place.


    Step # 1: Download and Run RKUnHooker

    • Please Download Rootkit Unhooker Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.

    Note** you may get the following warning, just click OK and continue.

    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"



    I'd also like for you to post the TDSSKiller Log, if you still have it. The log is named like UtilityName.Version_Date_Time_log.txt. For example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt. The log will have been created on your root (usually C: ) drive.



    In your next post/reply, I need to see the following:

    1. RKUnhooker Log
    2. TDSSKiller Log
    Malware Removal University Master
    Member of ASAP & UNITE

  5. #5
    Member
    Join Date
    Apr 2009
    Posts
    38

    Default

    RKUnhooker runs for about 10 seconds and then closes down. It appears to complete the Drivers tab and then moves to the Stealth tab for about 5 seconds before closing down. During the time the app is running, I only have an option for "Quick Reporting". I cannot complete this step.

    Attached is the TDSSKiller log.



    2011/07/03 20:06:05.0250 253416 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
    2011/07/03 20:06:05.0843 253416 ================================================================================
    2011/07/03 20:06:05.0843 253416 SystemInfo:
    2011/07/03 20:06:05.0843 253416
    2011/07/03 20:06:05.0843 253416 OS Version: 5.1.2600 ServicePack: 3.0
    2011/07/03 20:06:05.0843 253416 Product type: Workstation
    2011/07/03 20:06:05.0843 253416 ComputerName: HP-A350N
    2011/07/03 20:06:05.0843 253416 UserName: Owner
    2011/07/03 20:06:05.0843 253416 Windows directory: C:\WINDOWS
    2011/07/03 20:06:05.0843 253416 System windows directory: C:\WINDOWS
    2011/07/03 20:06:05.0843 253416 Processor architecture: Intel x86
    2011/07/03 20:06:05.0843 253416 Number of processors: 2
    2011/07/03 20:06:05.0843 253416 Page size: 0x1000
    2011/07/03 20:06:05.0843 253416 Boot type: Normal boot
    2011/07/03 20:06:05.0843 253416 ================================================================================
    2011/07/03 20:06:07.0468 253416 Initialize success
    2011/07/03 20:06:17.0968 254872 ================================================================================
    2011/07/03 20:06:17.0968 254872 Scan started
    2011/07/03 20:06:17.0968 254872 Mode: Manual;
    2011/07/03 20:06:17.0968 254872 ================================================================================
    2011/07/03 20:06:19.0500 254872 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    2011/07/03 20:06:19.0875 254872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/07/03 20:06:20.0015 254872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/07/03 20:06:20.0281 254872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/07/03 20:06:20.0437 254872 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/07/03 20:06:20.0578 254872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/07/03 20:06:21.0093 254872 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    2011/07/03 20:06:21.0296 254872 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2011/07/03 20:06:21.0578 254872 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    2011/07/03 20:06:21.0843 254872 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
    2011/07/03 20:06:21.0968 254872 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
    2011/07/03 20:06:22.0109 254872 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
    2011/07/03 20:06:22.0265 254872 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
    2011/07/03 20:06:22.0406 254872 AndNetDiag (e82d3f882dcb594b100827523c2d5c70) C:\WINDOWS\system32\DRIVERS\lgandnetdiag.sys
    2011/07/03 20:06:22.0562 254872 AndNetGps (88175c5db95eeb6de8f46f8089c5d755) C:\WINDOWS\system32\DRIVERS\lgandnetgps.sys
    2011/07/03 20:06:22.0718 254872 ANDNetModem (398222fb93404883f573f8a01241cd25) C:\WINDOWS\system32\DRIVERS\lgandnetmodem.sys
    2011/07/03 20:06:22.0859 254872 andnetndis (05318079baa15f42d889fa90cb39181e) C:\WINDOWS\system32\DRIVERS\lgandnetndis.sys
    2011/07/03 20:06:22.0984 254872 AnyDVD (4b55e7593d9c9acf5e2511f840edcf98) C:\WINDOWS\system32\Drivers\AnyDVD.sys
    2011/07/03 20:06:23.0140 254872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/07/03 20:06:23.0656 254872 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\WINDOWS\system32\drivers\aspi32.sys
    2011/07/03 20:06:23.0796 254872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/07/03 20:06:23.0937 254872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/07/03 20:06:24.0203 254872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/07/03 20:06:24.0343 254872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/07/03 20:06:24.0484 254872 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    2011/07/03 20:06:24.0656 254872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/07/03 20:06:24.0812 254872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/07/03 20:06:24.0968 254872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/07/03 20:06:25.0203 254872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/07/03 20:06:25.0359 254872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/07/03 20:06:25.0500 254872 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    2011/07/03 20:06:25.0656 254872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/07/03 20:06:26.0484 254872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/07/03 20:06:26.0671 254872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/07/03 20:06:26.0875 254872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/07/03 20:06:27.0015 254872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/07/03 20:06:27.0156 254872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/07/03 20:06:27.0437 254872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/07/03 20:06:27.0593 254872 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    2011/07/03 20:06:27.0781 254872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/07/03 20:06:27.0953 254872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/07/03 20:06:28.0125 254872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/07/03 20:06:28.0281 254872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/07/03 20:06:28.0437 254872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/07/03 20:06:28.0562 254872 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
    2011/07/03 20:06:28.0734 254872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/07/03 20:06:28.0875 254872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/07/03 20:06:29.0046 254872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/07/03 20:06:29.0187 254872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/07/03 20:06:29.0359 254872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/07/03 20:06:29.0718 254872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/07/03 20:06:30.0109 254872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/07/03 20:06:30.0281 254872 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/07/03 20:06:30.0437 254872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/07/03 20:06:30.0750 254872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    2011/07/03 20:06:30.0906 254872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/07/03 20:06:31.0078 254872 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/07/03 20:06:31.0234 254872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/07/03 20:06:31.0390 254872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/07/03 20:06:31.0562 254872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/07/03 20:06:31.0734 254872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/07/03 20:06:31.0875 254872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/07/03 20:06:32.0046 254872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/07/03 20:06:32.0203 254872 itchfltr (936123d83e80c1cb3ea042d7fb98da25) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
    2011/07/03 20:06:32.0359 254872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/07/03 20:06:32.0515 254872 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
    2011/07/03 20:06:32.0671 254872 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
    2011/07/03 20:06:32.0828 254872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/07/03 20:06:32.0984 254872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/07/03 20:06:33.0140 254872 L8042pr2 (733ececf4371ac99410ee0f00bfd51e7) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
    2011/07/03 20:06:33.0421 254872 LMouFlt2 (128f0b4cd156872d440ae77202923a32) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    2011/07/03 20:06:33.0593 254872 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
    2011/07/03 20:06:33.0750 254872 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
    2011/07/03 20:06:33.0937 254872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/07/03 20:06:34.0078 254872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/07/03 20:06:34.0234 254872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/07/03 20:06:34.0468 254872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/07/03 20:06:34.0640 254872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/07/03 20:06:34.0906 254872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/07/03 20:06:35.0078 254872 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/07/03 20:06:35.0265 254872 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    2011/07/03 20:06:35.0421 254872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/07/03 20:06:35.0578 254872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/07/03 20:06:35.0734 254872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/07/03 20:06:35.0875 254872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/07/03 20:06:36.0031 254872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/07/03 20:06:36.0187 254872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/07/03 20:06:36.0343 254872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/07/03 20:06:36.0500 254872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/07/03 20:06:36.0671 254872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/07/03 20:06:36.0812 254872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/07/03 20:06:36.0968 254872 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/07/03 20:06:37.0125 254872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/07/03 20:06:37.0265 254872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/07/03 20:06:37.0421 254872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/07/03 20:06:37.0578 254872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/07/03 20:06:37.0750 254872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/07/03 20:06:37.0937 254872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/07/03 20:06:38.0109 254872 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
    2011/07/03 20:06:38.0250 254872 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
    2011/07/03 20:06:38.0406 254872 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2011/07/03 20:06:38.0562 254872 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2011/07/03 20:06:38.0718 254872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/07/03 20:06:38.0921 254872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/07/03 20:06:39.0125 254872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/07/03 20:06:39.0406 254872 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/07/03 20:06:39.0578 254872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/07/03 20:06:39.0734 254872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/07/03 20:06:39.0890 254872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/07/03 20:06:40.0062 254872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/07/03 20:06:40.0218 254872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/07/03 20:06:40.0359 254872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/07/03 20:06:40.0515 254872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/07/03 20:06:40.0781 254872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/07/03 20:06:40.0937 254872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/07/03 20:06:41.0093 254872 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2011/07/03 20:06:41.0859 254872 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
    2011/07/03 20:06:42.0156 254872 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    2011/07/03 20:06:42.0328 254872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/07/03 20:06:42.0515 254872 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/07/03 20:06:42.0734 254872 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
    2011/07/03 20:06:42.0875 254872 psa128r (9954847e7d82dd67cdcaa312cf0e03f8) C:\WINDOWS\system32\Drivers\psa128r.sys
    2011/07/03 20:06:43.0046 254872 psa128u (67cfb181f0b253be81603d7bde845a8e) C:\WINDOWS\system32\Drivers\psa128u.sys
    2011/07/03 20:06:43.0203 254872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/07/03 20:06:43.0375 254872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/07/03 20:06:43.0531 254872 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
    2011/07/03 20:06:43.0671 254872 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    2011/07/03 20:06:44.0421 254872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/07/03 20:06:44.0593 254872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/07/03 20:06:44.0750 254872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/07/03 20:06:44.0921 254872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/07/03 20:06:45.0078 254872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/07/03 20:06:45.0234 254872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/07/03 20:06:45.0406 254872 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/07/03 20:06:45.0562 254872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/07/03 20:06:45.0750 254872 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    2011/07/03 20:06:45.0843 254872 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
    2011/07/03 20:06:46.0031 254872 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
    2011/07/03 20:06:46.0234 254872 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/07/03 20:06:46.0390 254872 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2011/07/03 20:06:46.0531 254872 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2011/07/03 20:06:46.0703 254872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/07/03 20:06:46.0875 254872 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/07/03 20:06:47.0031 254872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/07/03 20:06:47.0218 254872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/07/03 20:06:47.0515 254872 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    2011/07/03 20:06:47.0656 254872 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    2011/07/03 20:06:47.0812 254872 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    2011/07/03 20:06:47.0953 254872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/07/03 20:06:48.0125 254872 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    2011/07/03 20:06:48.0375 254872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/07/03 20:06:48.0531 254872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/07/03 20:06:48.0828 254872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/07/03 20:06:49.0000 254872 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    2011/07/03 20:06:49.0140 254872 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    2011/07/03 20:06:49.0281 254872 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
    2011/07/03 20:06:49.0437 254872 StMp3Rec (1c9ee2c640b6f899cc3d84bcd1ea526f) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
    2011/07/03 20:06:49.0593 254872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/07/03 20:06:49.0734 254872 SunkFilt (a3df1466aafdc62b21765072c5edaa9a) C:\WINDOWS\System32\Drivers\sunkfilt.sys
    2011/07/03 20:06:50.0015 254872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/07/03 20:06:50.0187 254872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/07/03 20:06:50.0828 254872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/07/03 20:06:50.0984 254872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/07/03 20:06:51.0156 254872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/07/03 20:06:51.0312 254872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/07/03 20:06:51.0468 254872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/07/03 20:06:51.0765 254872 TSP (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\drivers\klif.sys
    2011/07/03 20:06:51.0921 254872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/07/03 20:06:52.0218 254872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/07/03 20:06:52.0406 254872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/07/03 20:06:52.0578 254872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/07/03 20:06:52.0734 254872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/07/03 20:06:52.0875 254872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/07/03 20:06:53.0046 254872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/07/03 20:06:53.0218 254872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/07/03 20:06:53.0375 254872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/07/03 20:06:53.0546 254872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/07/03 20:06:53.0718 254872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/07/03 20:06:53.0859 254872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/07/03 20:06:54.0015 254872 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    2011/07/03 20:06:54.0187 254872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    2011/07/03 20:06:54.0328 254872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/07/03 20:06:54.0500 254872 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
    2011/07/03 20:06:54.0687 254872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/07/03 20:06:54.0968 254872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/07/03 20:06:55.0218 254872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/07/03 20:06:55.0390 254872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/07/03 20:06:55.0562 254872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/07/03 20:06:55.0718 254872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/07/03 20:06:56.0125 254872 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
    2011/07/03 20:06:56.0296 254872 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
    2011/07/03 20:06:56.0343 254872 MBR (0x1B8) (3374d1b13e5e3e471ad756cba4f2915a) \Device\Harddisk0\DR0
    2011/07/03 20:06:56.0343 254872 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
    2011/07/03 20:06:56.0359 254872 Boot (0x1200) (490164e4512d0f4d37804f97805c82cd) \Device\Harddisk0\DR0\Partition0
    2011/07/03 20:06:56.0390 254872 Boot (0x1200) (7ffb850c45478cb49d857141bb47c647) \Device\Harddisk0\DR0\Partition1
    2011/07/03 20:06:56.0406 254872 ================================================================================
    2011/07/03 20:06:56.0406 254872 Scan finished
    2011/07/03 20:06:56.0406 254872 ================================================================================
    2011/07/03 20:06:56.0437 254860 Detected object count: 1
    2011/07/03 20:06:56.0437 254860 Actual detected object count: 1
    2011/07/03 20:19:10.0281 254860 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
    2011/07/03 20:19:10.0312 254860 \Device\Harddisk0\DR0 - ok
    2011/07/03 20:19:10.0312 254860 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
    2011/07/03 20:19:44.0437 253308 Deinitialize success

  6. #6
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Ok, I have one more rootkit scanner we can try.


    ROOTKIT REVEALER

    Please download Rootkit Revealer
    http://www.microsoft.com/technet/sys...tRevealer.mspx
    (link is at the very bottom of the page)

    Unzip it to your desktop.

    Open the rootkitrevealer folder and double-click rootkitrevealer.exe

    Click the Scan button (bottom right)
    It may take a while to scan (don't do anything while it's running - leave the PC idle while scanning)

    When it's done, go up to File > Save. Choose to save it to your desktop.

    Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here.
    Malware Removal University Master
    Member of ASAP & UNITE

  7. #7
    Member
    Join Date
    Apr 2009
    Posts
    38

    Default

    Ok, third time is the charm! That one executed successfully.

    Note that while the app was running, my Zone Alarm quarantined the following item:

    Exploit.HTML.CVE-2010-4452.bw was found in C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1Z64WOPL\java_trust[1].htm on 7/7/2011 19:07:08

    RootkitRevealer Log:


    HKLM\SECURITY\Policy\Secrets\SAC* 8/23/2003 1:06 AM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 8/23/2003 1:06 AM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 11/21/2007 11:38 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Pure Networks\Platform\PlatformLastOnline 7/7/2011 6:49 PM 8 bytes Data mismatch between Windows API and raw hive data.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1Z64WOPL\java_trust[1].htm 6/26/2011 10:30 PM 1.18 KB Visible in Windows API, but not in MFT or directory index.
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP852\A0785629.RDB 7/7/2011 6:55 PM 2.36 MB Hidden from Windows API.
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP852\A0785630.RDB 7/7/2011 7:07 PM 2.36 MB Hidden from Windows API.
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP852\A0785631.RDB 7/7/2011 7:47 PM 2.36 MB Hidden from Windows API.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\emu\i386 7/7/2011 5:58 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\emu\i386\klavemu03.kdc 7/7/2011 5:58 PM 173.71 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base01cc.kdc 7/7/2011 5:58 PM 109.90 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base056c.kdc 7/7/2011 5:58 PM 110.38 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base089c.kdc 7/7/2011 5:58 PM 112.41 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base101c.kdc 7/7/2011 5:58 PM 103.22 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base104c.kdc 7/7/2011 5:58 PM 113.39 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base122c.kdc 7/7/2011 5:58 PM 107.32 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\av\kdb\i386\base234c.kdc 7/7/2011 5:58 PM 102.42 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf 7/7/2011 5:58 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf-0607g.krg 7/7/2011 5:58 PM 929 bytes Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf-0607g.xml 7/7/2011 5:58 PM 4.88 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf.stt 7/7/2011 5:58 PM 21 bytes Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0012.dat 7/7/2011 5:58 PM 87.81 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0020.dat 7/7/2011 5:58 PM 49.25 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\Temp\av169.tmp 7/7/2011 5:58 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\Temp\av1D6.tmp 7/7/2011 7:48 PM 0 bytes Hidden from Windows API.
    D: 0 bytes Error mounting volume

  8. #8
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1 Update Java

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u26.
    • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Remove the following old versions of Java:

    • Java(TM) 6 Update 22

    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • From your desktop double-click on the download to install the newest version.




    Step # 2: Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program



    Step # 3 Run Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware.
    • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
    • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • You can also access the log by doing the following:
    • Click on the Malwarebytes' Anti-Malware icon to launch the program.
    • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open.



    In your next post/reply, I need to see the following:

    1. MalwareBytes' Log
    2. A fresh DDS Log
    Malware Removal University Master
    Member of ASAP & UNITE

  9. #9
    Member
    Join Date
    Apr 2009
    Posts
    38

    Default

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7053

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/8/2011 10:58:55 PM
    mbam-log-2011-07-08 (22-58-55).txt

    Scan type: Quick scan
    Objects scanned: 180407
    Time elapsed: 10 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    _________________________________________________________________



    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 22:59:56 on 2011-07-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1745 [GMT -5:00]
    .
    AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\program files\companionlink\companionlink.exe
    C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page =
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://us9.hpwis.com/
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

    files\yahoo!\companion\installs\cpn2\yt.dll
    uURLSearchHooks: H - No File
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

    files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

    files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
    EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
    mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
    mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
    mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop

    messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop

    messenger\8876480\program\LDMConf.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

    files\yahoo!\common\yiesrvc.dll
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window

    shopper\SuperfishIEAddon.dll
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\v4.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: turbotax.com
    Trusted Zone: windowsupdate.com\download
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
    DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} - hxxp://63.166.193.103/netagent/objects/emagic.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

    hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

    hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238645755046
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://63.240.55.130/media/VisitorChat/TLIEFlash.CAB
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.ritzpix.com/upload/FujifilmUploadClient.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - hxxp://lg.home.microsoft.com/search/lobby/searchsettings.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
    TCP: Interfaces\{07E89FDA-32B3-4865-B3FB-C2A8EF03550E} : DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.72.134
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks

    shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe

    c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet

    explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-8-19 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-8-19 317072]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 68168]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-19 528128]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9

    organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26

    189736]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-15 238952]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service -->

    c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-15 36608]
    S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-4-28 14336]
    S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-4-28 20736]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-4-28 20096]
    S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-4-28 25088]
    S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-4-28 23168]
    S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [2011-4-28 22272]
    S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-4-28 28032]
    S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-4-28 70016]
    S3 BlackBox;BlackBox SR2; [x]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-8-8 14336]
    S3 psa128r;Nike psa[128 Player Control Driver;c:\windows\system32\drivers\psa128r.sys [2004-3-30 30613]
    S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\drivers\psa128u.sys [2004-3-30 35246]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-09 03:43:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-08 16:23:14 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows

    defender\definition updates\{6f46333d-a128-4dda-9658-edc4164ac8e9}\mpengine.dll
    2011-07-01 21:38:30 1409 ----a-w- c:\windows\system32\PGMUS.FOT
    2011-07-01 21:38:30 1409 ----a-w- c:\windows\system32\pgjazz__.FOT
    2011-07-01 21:37:13 -------- d-----w- c:\program files\Roland
    2011-07-01 21:37:10 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2011-07-01 21:37:05 -------- d-----w- c:\program files\Coyote
    2011-07-01 21:34:56 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
    2011-07-01 21:34:36 -------- d-----w- C:\bb
    2011-06-23 01:24:23 -------- dc-h--w- c:\windows\ie8
    2011-06-23 01:23:50 -------- d--h--w- c:\windows\msdownld.tmp
    2011-06-23 01:19:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-06-19 00:06:12 -------- d-----w- C:\spoolerlogs
    2011-06-16 23:42:51 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-10 22:21:50 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-06-10 22:21:50 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-06-10 22:21:43 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2011-06-10 22:21:43 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    .
    ==================== Find3M ====================
    .
    2011-07-09 03:43:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-14 18:06:48 90112 ----a-w- c:\windows\DUMP6e98.tmp
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 23:02:12.45 ===============

  10. #10
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1 Update Adobe Acrobat Reader

    There is a newer version of Adobe Acrobat Reader available. (See Note below)

    • First, go to Add/Remove Programs and uninstall Adobe Reader 9.4.0.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick McAfee® Security Scan Plus if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts


    Note: Adobe Reader X (10.1.0) is a large program and if you prefer a smaller program you can get Foxit 5.0.0 instead from http://www.foxitsoftware.com/downloads/index.php

    If you decide to install Foxit 5.0.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

    Uncheck the following boxes:

    I accept the License Terms and want to install Foxit Toolbar

    Make Ask.com my default search

    Create desktop, quick launch and start menu icon to eBay



    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here to run the scan.
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



    In your next post/reply, I need to see the following:

    1. ESET Log
    2. How is your computer doing, any problems?
    Malware Removal University Master
    Member of ASAP & UNITE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •