Help!

Status
Not open for further replies.
Hi kar1897,

Great job getting that log! I want you to go ahead and uninstall Spybot Search and Destroy. We will install it after we get this infection cleaned up. :) You can do this by going to Start > Control Panel > Add/Remove Programs. If it asks you to reboot go ahead and do so.
----------

After you get Spybot uninstalled, go ahead and please run ComboFix once more. If it asks you to update please do so and be sure to run this in Normal Mode. After it finishes it will create a log that I will need in your next reply. :bigthumb:
 
This time it only took an hour and 20 minutes to run combofix we must be making progress. :thanks:

ComboFix 11-09-19.01 - ME 09/19/2011 19:00:14.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.114 [GMT -5:00]
Running from: C:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse
Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\windows\
.
Infected copy of c:\windows\system32\drivers\fips.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fips.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))
.
.
2011-09-19 02:34 . 2011-09-19 02:35 -------- d-----w- C:\f1a57df13e9e481fe205
2011-09-19 01:01 . 2011-09-19 01:02 40780 ----a-w- c:\windows\edokoziyequ.dll
2011-09-18 20:16 . 2011-09-18 20:17 40780 ----a-w- c:\windows\icohigus.dll
2011-09-18 17:46 . 2011-09-18 17:46 40780 ----a-w- c:\windows\osisiyovupomub.dll
2011-09-18 15:33 . 2011-09-18 15:33 40780 ----a-w- c:\windows\ejusomizihawag.dll
2011-09-18 13:22 . 2011-09-18 13:22 40780 ----a-w- c:\windows\ilusubacaxo.dll
2011-09-18 11:08 . 2011-09-18 11:08 40780 ----a-w- c:\windows\azocubuwo.dll
2011-09-18 09:00 . 2011-09-18 09:00 40780 ----a-w- c:\windows\erevawubixaxayug.dll
2011-09-18 06:41 . 2011-09-18 06:41 40780 ----a-w- c:\windows\otuxekuv.dll
2011-09-18 04:29 . 2011-09-18 04:29 40780 ----a-w- c:\windows\utitijih.dll
2011-09-18 02:17 . 2011-09-18 02:17 40780 ----a-w- c:\windows\aludipok.dll
2011-09-18 00:07 . 2011-09-18 00:07 40780 ----a-w- c:\windows\icamabimonusijeg.dll
2011-09-17 22:04 . 2011-09-17 22:04 40780 ----a-w- c:\windows\usevofamana.dll
2011-09-17 19:57 . 2011-09-17 19:58 40780 ----a-w- c:\windows\iwewiwif.dll
2011-09-17 17:52 . 2011-09-17 17:52 40780 ----a-w- c:\windows\aduzacufotizi.dll
2011-09-17 15:49 . 2011-09-17 15:49 40780 ----a-w- c:\windows\uzijidifemeyuda.dll
2011-09-15 08:35 . 2011-09-17 05:26 48016 --sha-w- c:\windows\system32\c_26305.nl_
2011-09-14 01:30 . 2011-09-14 01:31 -------- d-----w- c:\program files\ERUNT
2011-09-13 23:46 . 2011-09-13 23:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Sun
2011-09-13 23:43 . 2011-09-19 15:45 0 ----a-w- c:\windows\Twojucenafidac.bin
2011-09-13 23:42 . 2011-09-13 23:42 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{15BBA956-ED8B-4953-9620-753A36A1B56F}
2011-09-13 02:03 . 2011-09-13 02:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Macromedia
2011-09-13 02:03 . 2011-09-13 02:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 02:35 . 2002-08-29 07:27 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-14 00:06 . 2011-09-14 00:06 219136 ----a-w- c:\windows\system32\ineltw32.dll
2011-09-14 00:06 . 2011-09-14 00:06 35840 ----a-w- c:\windows\system32\ilnetw32.dll
2011-09-09 09:12 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-04-12 03:41 . 2004-04-12 03:41 1268639 ----a-w- c:\program files\TaxCut_2003_Illinois_InstallerB.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-25 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-27 995328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ilnetw32]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetworks]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\tdsskiller\\TDSSKiller.exe"=
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2005-05-10 61643]
S1 aswSP;avast! Self Protection; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 itlperf;Network Location Awarenes;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2001-03-27 35600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ITLPERF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
itnetsvcs REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\2014770103:1208805767.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\ilnetw32.dll
.
- - - - - - - > 'explorer.exe'(800)
c:\windows\system32\WININET.dll
c:\docume~1\ME\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Adobe\Acrobat 10.0\Acrobat\LogTransport2.exe
.
**************************************************************************
.
Completion time: 2011-09-19 20:14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-20 01:14
ComboFix2.txt 2011-09-19 18:42
ComboFix3.txt 2008-05-13 05:45
ComboFix4.txt 2008-05-13 02:04
.
Pre-Run: 49,252,249,600 bytes free
Post-Run: 49,248,206,848 bytes free
.
- - End Of File - - 406B2EE5D6D0DEA8F43B917870373AB8
 
Hi kar1897,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
c:\windows\2014770103:1208805767.exe

File::
c:\windows\system32\c_26305.nl_
c:\windows\edokoziyequ.dll
c:\windows\icohigus.dll
c:\windows\osisiyovupomub.dll
c:\windows\ejusomizihawag.dll
c:\windows\ilusubacaxo.dll
c:\windows\azocubuwo.dll
c:\windows\erevawubixaxayug.dll
c:\windows\otuxekuv.dll
c:\windows\utitijih.dll
c:\windows\aludipok.dll
c:\windows\icamabimonusijeg.dll
c:\windows\usevofamana.dll
c:\windows\iwewiwif.dll
c:\windows\aduzacufotizi.dll
c:\windows\uzijidifemeyuda.dll
c:\windows\Twojucenafidac.bin

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"itnetsvcs"=-

Driver::
itlperf

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
----------
 
Here we go again!

ComboFix 11-09-19.01 - ME 09/19/2011 22:34:55.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.108 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.
FILE ::
"c:\windows\aduzacufotizi.dll"
"c:\windows\aludipok.dll"
"c:\windows\azocubuwo.dll"
"c:\windows\edokoziyequ.dll"
"c:\windows\ejusomizihawag.dll"
"c:\windows\erevawubixaxayug.dll"
"c:\windows\icamabimonusijeg.dll"
"c:\windows\icohigus.dll"
"c:\windows\ilusubacaxo.dll"
"c:\windows\iwewiwif.dll"
"c:\windows\osisiyovupomub.dll"
"c:\windows\otuxekuv.dll"
"c:\windows\system32\c_26305.nl_"
"c:\windows\Twojucenafidac.bin"
"c:\windows\usevofamana.dll"
"c:\windows\utitijih.dll"
"c:\windows\uzijidifemeyuda.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\aduzacufotizi.dll
c:\windows\aludipok.dll
c:\windows\azocubuwo.dll
c:\windows\edokoziyequ.dll
c:\windows\ejusomizihawag.dll
c:\windows\erevawubixaxayug.dll
c:\windows\icamabimonusijeg.dll
c:\windows\icohigus.dll
c:\windows\ilusubacaxo.dll
c:\windows\iwewiwif.dll
c:\windows\osisiyovupomub.dll
c:\windows\otuxekuv.dll
c:\windows\system32\c_26305.nl_
c:\windows\Twojucenafidac.bin
c:\windows\usevofamana.dll
c:\windows\utitijih.dll
c:\windows\uzijidifemeyuda.dll
Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\windows\
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))
.
.
2011-09-20 00:42 . 2011-09-20 00:42 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory
2011-09-19 02:34 . 2011-09-19 02:35 -------- d-----w- C:\f1a57df13e9e481fe205
2011-09-14 01:30 . 2011-09-14 01:31 -------- d-----w- c:\program files\ERUNT
2011-09-13 23:42 . 2011-09-13 23:42 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{15BBA956-ED8B-4953-9620-753A36A1B56F}
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 02:35 . 2002-08-29 07:27 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-14 00:06 . 2011-09-14 00:06 219136 ----a-w- c:\windows\system32\ineltw32.dll
2011-09-14 00:06 . 2011-09-14 00:06 35840 ----a-w- c:\windows\system32\ilnetw32.dll
2011-09-09 09:12 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-04-12 03:41 . 2004-04-12 03:41 1268639 ----a-w- c:\program files\TaxCut_2003_Illinois_InstallerB.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-25 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-27 995328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ilnetw32]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetworks]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\tdsskiller\\TDSSKiller.exe"=
.
R2 itlperf;Network Location Awarenes;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2005-05-10 61643]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2001-03-27 35600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ITLPERF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 23:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\2014770103:1208805767.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\ilnetw32.dll
.
- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\WININET.dll
c:\docume~1\ME\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-19 23:28:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-20 04:28
ComboFix2.txt 2011-09-20 01:14
ComboFix3.txt 2011-09-19 18:42
ComboFix4.txt 2008-05-13 05:45
ComboFix5.txt 2011-09-20 03:28
.
Pre-Run: 49,222,410,240 bytes free
Post-Run: 49,335,914,496 bytes free
.
- - End Of File - - 6586755C6B13E9486B4BA81B6183ADF3
 
Hi kar1897,

Please stick with me. I know it seems like a lot of work, but this is a nasty infection that we are working on. :bigthumb:
-----------

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
c:\windows\2014770103:1208805767.exe

Driver::
itlperf

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
I am totally sticking with you. Can't do this next step until later tonights, but I'll post the log when I do. :thanks:
 
Voila...we have combofix log...

ComboFix 11-09-20.04 - ME 09/20/2011 22:25:17.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.14 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse
c:\program files\TaxCut_2003_Illinois_InstallerB.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-19 02:34 . 2011-09-19 02:35 -------- d-----w- C:\f1a57df13e9e481fe205
2011-09-14 01:30 . 2011-09-14 01:31 -------- d-----w- c:\program files\ERUNT
2011-09-14 00:06 . 2011-09-14 00:06 219136 ----a-w- c:\windows\system32\ineltw32.dll
2011-09-14 00:06 . 2011-09-14 00:06 35840 ----a-w- c:\windows\system32\ilnetw32.dll
2011-09-13 23:42 . 2011-09-13 23:42 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{15BBA956-ED8B-4953-9620-753A36A1B56F}
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 02:35 . 2002-08-29 07:27 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-09 09:12 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-25 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-27 995328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ilnetw32]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetworks]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\tdsskiller\\TDSSKiller.exe"=
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2005-05-10 61643]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 itlperf;Network Location Awarenes;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2001-03-27 35600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ITLPERF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
itnetsvcs REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-20 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\2014770103:1208805767.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\ilnetw32.dll
.
- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\WININET.dll
c:\docume~1\ME\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-09-20 23:18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-21 04:18
ComboFix2.txt 2011-09-20 04:28
ComboFix3.txt 2011-09-20 01:14
ComboFix4.txt 2011-09-19 18:42
ComboFix5.txt 2011-09-21 03:17
.
Pre-Run: 49,295,024,128 bytes free
Post-Run: 49,429,319,680 bytes free
.
- - End Of File - - B98F1D9367CCF8962A0057B4C825B39D
 
Hi kar1897,

Thanks for the log. This is a tricky one. :laugh:
----------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
c:\windows\2014770103:1208805767.exe

ADS::
c:\windows\2014770103

Folder::
c:\windows\2014770103

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"itnetsvcs"=-

Driver::
itlperf

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
----------
 
Another day another combofix log. Seems like the process is running faster, perhaps that means we're making progress. :bigthumb:

ComboFix 11-09-21.03 - ME 09/21/2011 13:46:19.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.12 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.
ADS - 2014770103: deleted 816 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 03:58 . 2011-09-21 03:58 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory
2011-09-19 02:34 . 2011-09-19 02:35 -------- d-----w- C:\f1a57df13e9e481fe205
2011-09-14 01:30 . 2011-09-14 01:31 -------- d-----w- c:\program files\ERUNT
2011-09-14 00:06 . 2011-09-14 00:06 219136 ----a-w- c:\windows\system32\ineltw32.dll
2011-09-14 00:06 . 2011-09-14 00:06 35840 ----a-w- c:\windows\system32\ilnetw32.dll
2011-09-13 23:42 . 2011-09-13 23:42 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{15BBA956-ED8B-4953-9620-753A36A1B56F}
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 02:35 . 2002-08-29 07:27 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-09 09:12 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-25 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-27 995328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ilnetw32]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetworks]
2011-09-14 00:06 35840 ----a-w- c:\windows\SYSTEM32\ilnetw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\tdsskiller\\TDSSKiller.exe"=
.
R2 itlperf;Network Location Awarenes;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2005-05-10 61643]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2001-03-27 35600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ITLPERF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\ilnetw32.dll
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\docume~1\ME\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-09-21 14:38:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-21 19:38
ComboFix2.txt 2011-09-21 04:18
ComboFix3.txt 2011-09-20 04:28
ComboFix4.txt 2011-09-20 01:14
ComboFix5.txt 2011-09-21 18:38
.
Pre-Run: 49,074,356,224 bytes free
Post-Run: 49,383,268,352 bytes free
.
- - End Of File - - 8619F301C8854196FDCC4D9F882CFD27
 
Hi kar1897,

Yes we are definitely looking better. :)
----------

Please go ahead and run TDSSKiller once again. This time please go ahead and select "cure" if anything is found. When it has completed there will be a log produced that I will need to see in your next reply. :)
 
I'm glad you can tell it's looking better because it all looks greek to me, not that greek is a bad thing, just not a language I can read. :euro:

Here's the log, it didn't say there was anything to cure.

2011/09/21 21:19:07.0732 3020 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/21 21:19:08.0216 3020 ================================================================================
2011/09/21 21:19:08.0216 3020 SystemInfo:
2011/09/21 21:19:08.0216 3020
2011/09/21 21:19:08.0216 3020 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/21 21:19:08.0216 3020 Product type: Workstation
2011/09/21 21:19:08.0216 3020 ComputerName: RACHEL
2011/09/21 21:19:08.0216 3020 UserName: ME
2011/09/21 21:19:08.0216 3020 Windows directory: C:\WINDOWS
2011/09/21 21:19:08.0216 3020 System windows directory: C:\WINDOWS
2011/09/21 21:19:08.0216 3020 Processor architecture: Intel x86
2011/09/21 21:19:08.0216 3020 Number of processors: 1
2011/09/21 21:19:08.0216 3020 Page size: 0x1000
2011/09/21 21:19:08.0216 3020 Boot type: Normal boot
2011/09/21 21:19:08.0216 3020 ================================================================================
2011/09/21 21:19:10.0388 3020 Initialize success
2011/09/21 21:19:12.0466 3284 ================================================================================
2011/09/21 21:19:12.0466 3284 Scan started
2011/09/21 21:19:12.0466 3284 Mode: Manual;
2011/09/21 21:19:12.0466 3284 ================================================================================
2011/09/21 21:19:15.0294 3284 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/09/21 21:19:15.0575 3284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/21 21:19:15.0810 3284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/21 21:19:16.0060 3284 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/09/21 21:19:16.0200 3284 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/09/21 21:19:16.0372 3284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/21 21:19:16.0497 3284 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/21 21:19:16.0700 3284 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/09/21 21:19:16.0857 3284 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/09/21 21:19:17.0044 3284 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/09/21 21:19:17.0247 3284 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/09/21 21:19:17.0388 3284 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/09/21 21:19:17.0513 3284 alcan5ln (5b91fb863f276cbffef2e0d4210dbcba) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
2011/09/21 21:19:17.0810 3284 alcaudsl (1c0197c50e6e00e9cc89e24a3ad7a349) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/09/21 21:19:18.0060 3284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/09/21 21:19:18.0247 3284 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/09/21 21:19:18.0419 3284 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/09/21 21:19:18.0638 3284 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/09/21 21:19:18.0857 3284 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/09/21 21:19:19.0060 3284 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/09/21 21:19:19.0247 3284 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/09/21 21:19:19.0482 3284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/21 21:19:19.0669 3284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/21 21:19:19.0904 3284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/21 21:19:20.0107 3284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/21 21:19:20.0200 3284 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/21 21:19:20.0279 3284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/21 21:19:20.0450 3284 Camav (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
2011/09/21 21:19:20.0654 3284 camflt (5320b8515bff632b85a97bd12da08825) C:\WINDOWS\system32\DRIVERS\camflt.sys
2011/09/21 21:19:20.0919 3284 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/09/21 21:19:21.0060 3284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/21 21:19:21.0169 3284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/21 21:19:21.0357 3284 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/09/21 21:19:21.0513 3284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/21 21:19:21.0654 3284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/21 21:19:21.0872 3284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/21 21:19:22.0075 3284 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/09/21 21:19:22.0279 3284 CO_Mon (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2011/09/21 21:19:22.0513 3284 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/09/21 21:19:22.0763 3284 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/09/21 21:19:22.0935 3284 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/09/21 21:19:23.0200 3284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/21 21:19:23.0435 3284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/21 21:19:23.0700 3284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/21 21:19:23.0825 3284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/21 21:19:23.0966 3284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/21 21:19:24.0138 3284 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/09/21 21:19:24.0325 3284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/21 21:19:24.0544 3284 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/09/21 21:19:24.0747 3284 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/09/21 21:19:24.0982 3284 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/09/21 21:19:25.0185 3284 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/09/21 21:19:25.0544 3284 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/09/21 21:19:25.0950 3284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/21 21:19:26.0169 3284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/21 21:19:26.0341 3284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/21 21:19:26.0544 3284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/21 21:19:26.0857 3284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/21 21:19:26.0935 3284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/21 21:19:27.0060 3284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/21 21:19:27.0216 3284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/21 21:19:27.0466 3284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/21 21:19:27.0716 3284 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/09/21 21:19:27.0935 3284 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/21 21:19:28.0122 3284 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/21 21:19:28.0279 3284 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/21 21:19:28.0497 3284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/21 21:19:28.0685 3284 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/21 21:19:28.0904 3284 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/09/21 21:19:29.0044 3284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/21 21:19:29.0154 3284 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/09/21 21:19:29.0310 3284 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/09/21 21:19:29.0419 3284 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/09/21 21:19:29.0560 3284 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/09/21 21:19:29.0747 3284 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/09/21 21:19:29.0950 3284 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/09/21 21:19:30.0154 3284 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/09/21 21:19:30.0357 3284 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/09/21 21:19:30.0591 3284 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/09/21 21:19:30.0747 3284 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/09/21 21:19:30.0935 3284 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/21 21:19:31.0200 3284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/21 21:19:31.0435 3284 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/09/21 21:19:31.0685 3284 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/09/21 21:19:32.0044 3284 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/09/21 21:19:32.0357 3284 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/09/21 21:19:32.0482 3284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/09/21 21:19:32.0716 3284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/21 21:19:32.0872 3284 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/21 21:19:33.0060 3284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/21 21:19:33.0247 3284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/21 21:19:33.0450 3284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/21 21:19:33.0654 3284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/21 21:19:33.0810 3284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/21 21:19:34.0013 3284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/21 21:19:34.0185 3284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/21 21:19:34.0357 3284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/21 21:19:34.0544 3284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/21 21:19:34.0732 3284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/21 21:19:35.0013 3284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/21 21:19:35.0247 3284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/21 21:19:35.0466 3284 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/21 21:19:35.0638 3284 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/09/21 21:19:35.0810 3284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/21 21:19:36.0029 3284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/21 21:19:36.0263 3284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/21 21:19:36.0466 3284 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/09/21 21:19:36.0669 3284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/21 21:19:36.0904 3284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/21 21:19:37.0138 3284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/21 21:19:37.0325 3284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/21 21:19:37.0529 3284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/21 21:19:37.0732 3284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/21 21:19:37.0935 3284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/21 21:19:38.0138 3284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/21 21:19:38.0325 3284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/21 21:19:38.0544 3284 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/09/21 21:19:38.0732 3284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/21 21:19:38.0966 3284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/21 21:19:39.0138 3284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/21 21:19:39.0325 3284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/21 21:19:39.0529 3284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/21 21:19:39.0779 3284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/21 21:19:39.0966 3284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/21 21:19:40.0138 3284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/21 21:19:40.0357 3284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/21 21:19:40.0622 3284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/21 21:19:40.0904 3284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/21 21:19:41.0154 3284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/21 21:19:41.0466 3284 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/21 21:19:41.0685 3284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/21 21:19:41.0841 3284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/21 21:19:42.0013 3284 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/21 21:19:42.0294 3284 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/21 21:19:42.0529 3284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/21 21:19:42.0794 3284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/21 21:19:43.0013 3284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/21 21:19:43.0232 3284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/21 21:19:43.0513 3284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/21 21:19:43.0747 3284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/21 21:19:44.0232 3284 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/09/21 21:19:44.0388 3284 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/09/21 21:19:44.0669 3284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/21 21:19:44.0888 3284 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/21 21:19:45.0122 3284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/21 21:19:45.0279 3284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/21 21:19:45.0404 3284 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/09/21 21:19:45.0607 3284 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/09/21 21:19:45.0888 3284 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/09/21 21:19:46.0200 3284 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/09/21 21:19:46.0404 3284 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/09/21 21:19:46.0591 3284 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/09/21 21:19:46.0810 3284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/21 21:19:47.0029 3284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/21 21:19:47.0154 3284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/21 21:19:47.0325 3284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/21 21:19:47.0435 3284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/21 21:19:47.0591 3284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/21 21:19:47.0794 3284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/21 21:19:47.0997 3284 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/21 21:19:48.0185 3284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/21 21:19:48.0482 3284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/21 21:19:48.0732 3284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/21 21:19:48.0888 3284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/21 21:19:49.0138 3284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/21 21:19:49.0419 3284 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/09/21 21:19:49.0607 3284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/21 21:19:49.0841 3284 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/21 21:19:50.0075 3284 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/09/21 21:19:50.0279 3284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/21 21:19:50.0497 3284 SQTECH907B (e1d49cd5f905b3cd29c507550d0dfb51) C:\WINDOWS\system32\Drivers\Capt907B.sys
2011/09/21 21:19:50.0654 3284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/21 21:19:50.0888 3284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/21 21:19:51.0216 3284 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/09/21 21:19:51.0810 3284 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/09/21 21:19:52.0341 3284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/21 21:19:52.0872 3284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/21 21:19:53.0388 3284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/21 21:19:53.0904 3284 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/09/21 21:19:54.0013 3284 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/09/21 21:19:54.0341 3284 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/09/21 21:19:54.0513 3284 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/09/21 21:19:54.0747 3284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/21 21:19:54.0982 3284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/21 21:19:55.0263 3284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/21 21:19:55.0450 3284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/21 21:19:55.0654 3284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/21 21:19:55.0888 3284 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/09/21 21:19:56.0075 3284 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/09/21 21:19:56.0232 3284 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/09/21 21:19:56.0435 3284 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/09/21 21:19:56.0575 3284 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/09/21 21:19:56.0747 3284 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/09/21 21:19:56.0904 3284 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/09/21 21:19:57.0075 3284 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/09/21 21:19:57.0263 3284 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/09/21 21:19:57.0482 3284 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/09/21 21:19:57.0685 3284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/21 21:19:57.0919 3284 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/09/21 21:19:58.0154 3284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/21 21:19:58.0419 3284 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/21 21:19:58.0607 3284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/21 21:19:58.0810 3284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/21 21:19:58.0982 3284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/21 21:19:59.0185 3284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/21 21:19:59.0341 3284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/21 21:19:59.0435 3284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/21 21:19:59.0638 3284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/21 21:19:59.0825 3284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/21 21:19:59.0935 3284 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/09/21 21:20:00.0060 3284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/09/21 21:20:00.0169 3284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/21 21:20:00.0247 3284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/21 21:20:00.0372 3284 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/09/21 21:20:00.0560 3284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/21 21:20:00.0763 3284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/21 21:20:01.0075 3284 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/09/21 21:20:01.0247 3284 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/09/21 21:20:01.0294 3284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/21 21:20:01.0482 3284 Boot (0x1200) (3cf5887b669ba160ea95f622cafbc9d5) \Device\Harddisk0\DR0\Partition0
2011/09/21 21:20:01.0497 3284 ================================================================================
2011/09/21 21:20:01.0497 3284 Scan finished
2011/09/21 21:20:01.0497 3284 ================================================================================
2011/09/21 21:20:01.0529 2540 Detected object count: 0
2011/09/21 21:20:01.0529 2540 Actual detected object count: 0
 
Hi kar1897,

I'm glad you can tell it's looking better because it all looks greek to me
:laugh:
----------

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    MBAM.jpg

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the Back button.
  14. Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET Online Scanner. :)
 
Here is the Malwarebytes log, I'll do ESET next, Malwarebytes wants to me to restart my computer first.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7777

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/22/2011 9:09:32 PM
mbam-log-2011-09-22 (21-09-32).txt

Scan type: Quick scan
Objects scanned: 197463
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\start menu\Programs\Startup\ntfspropedit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Here's the ESET Scan as well sorry for the delay, fell asleep. :eek:


C:\Program Files\Build-a-lot 2 - Town of the Year\xbsltmw.exe probably a variant of Win32/Agent.JOSJEGO trojan
C:\QooBox\Quarantine\C\Documents and Settings\ME\Application Data\830FDA91710CEA5BD43EC776F5A62FB6\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\QooBox\Quarantine\C\Documents and Settings\ME\Application Data\830FDA91710CEA5BD43EC776F5A62FB6\hookdll.dll.vir Win32/Adware.AntimalwareDoctor.AH application
C:\QooBox\Quarantine\C\Documents and Settings\ME\Application Data\830FDA91710CEA5BD43EC776F5A62FB6\kocinc700kk.exe.vir Win32/Adware.AntimalwareDoctor.AH application
C:\QooBox\Quarantine\C\Documents and Settings\ME\Application Data\830FDA91710CEA5BD43EC776F5A62FB6\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\QooBox\Quarantine\C\Documents and Settings\ME\Application Data\Adobe\plugs\KB454984843.exe.vir a variant of Win32/Kryptik.SXE trojan
C:\QooBox\Quarantine\C\Program Files\Common\helper.dll.vir a variant of Win32/BHO.NMM trojan
C:\QooBox\Quarantine\C\Program Files\Common\_helper.dll.vir a variant of Win32/BHO.NMM trojan
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE.vir Win32/Patched.HN trojan
C:\QooBox\Quarantine\C\Program Files\COMMON~1\AOL\ACS\acsd.exe.vir Win32/Patched.HN trojan
C:\QooBox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan
C:\QooBox\Quarantine\C\Program Files\Lavasoft\Ad-Aware\aawservice.exe.vir Win32/Patched.HN trojan
C:\QooBox\Quarantine\C\WINDOWS\abupecejoxodo.dll.vir a variant of Win32/Kryptik.SVV trojan
C:\QooBox\Quarantine\C\WINDOWS\wanmpsvc.exe.vir Win32/Patched.HN trojan
C:\QooBox\Quarantine\C\WINDOWS\wenbntP.dll.vir a variant of Win32/Kryptik.SVS trojan
C:\QooBox\Quarantine\C\WINDOWS\ADDINS\moctnof.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\AppPatch\tenilitu.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\assembly\tencp.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\Microsoft.NET\sndvrd.bak1.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\Microsoft.NET\sndvrd.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\MSAGENT\CHARS\agvcod.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SECURITY\xafevaw.bak1.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SECURITY\xafevaw.ini.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\6to4v32.dll.vir a variant of Win32/Wimpixo.AA trojan
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cryptnet32.dll.vir Win32/Lukicsel.O trojan
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\c_26305.nl_.vir a variant of Win32/Sirefef.CR trojan
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\HPZipm12.exe.vir Win32/Patched.HN trojan
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\Iasex.dll.vir a variant of Win32/Routmo.N trojan
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jvipgjhy.ini.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mysidesearch_sidebar_uninstall.exe.vir Win32/Adware.Sidebar application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pXaKknpo.ini.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pXaKknpo.ini2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qulwsaqn.ini.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ttvwa.bak1.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ttvwa.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ttvwa.ini.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ttvwa.ini2.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ttvwa.tmp.vir Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\fips.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan
C:\QooBox\Quarantine\C\WINDOWS\Web\lmxcca.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1140\A0099357.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1140\A0100357.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1140\A0100466.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1140\A0100538.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1141\A0101535.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1141\A0101536.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1141\A0101540.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0102535.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0102536.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0102540.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0102573.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0102574.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0102578.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103573.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103574.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103583.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103584.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103596.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103625.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103626.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103633.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103634.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1142\A0103645.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1143\A0103721.dll a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1143\A0103772.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1143\A0103775.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1143\A0103776.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1147\A0104862.dll a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105071.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105072.dll Win32/Adware.AntimalwareDoctor.AH application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105073.exe Win32/Adware.AntimalwareDoctor.AH application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105074.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105076.exe a variant of Win32/Kryptik.SXE trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105122.dll a variant of Win32/BHO.NMM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105125.dll a variant of Win32/Kryptik.SVV trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105127.ini Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105128.dll a variant of Win32/Wimpixo.AA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105129.dll Win32/Lukicsel.O trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105130.dll a variant of Win32/Routmo.N trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105132.dll a variant of Win32/Kryptik.SVS trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105133.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105134.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105135.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105136.EXE Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105137.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105138.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1148\A0105351.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0106138.exe a variant of Win32/Kryptik.SXE trojan
C:\WINDOWS\Microsoft.NET\sndvrd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ilnetw32.dll a variant of Win32/Wimpixo.AL trojan
C:\WINDOWS\SYSTEM32\ineltw32.dll probably a variant of Win32/Wimpixo.AL trojan
C:\WINDOWS\SYSTEM32\wuauclt.exe.tmp Win32/Patched.HN trojan
Operating memory probably a variant of Win32/Wimpixo.AL trojan
 
Hi kar1897,

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\Microsoft.NET\sndvrd.ini
C:\WINDOWS\SYSTEM32\ilnetw32.dll
C:\WINDOWS\SYSTEM32\ineltw32.dll
C:\WINDOWS\SYSTEM32\wuauclt.exe.tmp

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
----------

In your next reply please post the logs created by CKScanner and ComboFix. :)
 
Me again! I've got the two logs for you! I can't thank you enough for helping me solve this problem, I know it's been a neverending! Just a heads up I probably won't be able to do anything else with my computer until sunday, but I'm not giving up.

CKFiles Log....

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\floating kingdoms\data\entities\buildings\13_crack.ent
c:\program files\floating kingdoms\data\models\buildings\13_crack\_glyphs.ini
c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
scanner sequence 3.BB.11.JXAPLU
----- EOF -----


Combofix Log...

ComboFix 11-09-23.03 - ME 09/23/2011 10:05:58.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.10 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.
FILE ::
"c:\windows\Microsoft.NET\sndvrd.ini"
"c:\windows\SYSTEM32\ilnetw32.dll"
"c:\windows\SYSTEM32\ineltw32.dll"
"c:\windows\SYSTEM32\wuauclt.exe.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse
c:\windows\
c:\windows\Microsoft.NET\sndvrd.ini
c:\windows\SYSTEM32\ilnetw32.dll
c:\windows\SYSTEM32\ineltw32.dll
c:\windows\SYSTEM32\wuauclt.exe.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 15:39 . 2011-09-23 15:39 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\ApplicationHistory
2011-09-23 02:35 . 2011-09-23 02:35 -------- d-----w- c:\program files\ESET
2011-09-23 01:46 . 2011-09-23 01:46 -------- d-----w- c:\documents and settings\ME\Application Data\Malwarebytes
2011-09-23 01:46 . 2011-09-23 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-23 01:45 . 2011-09-23 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:45 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-19 02:34 . 2011-09-19 02:35 -------- d-----w- C:\f1a57df13e9e481fe205
2011-09-14 01:30 . 2011-09-14 01:31 -------- d-----w- c:\program files\ERUNT
2011-09-13 23:42 . 2011-09-13 23:42 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{15BBA956-ED8B-4953-9620-753A36A1B56F}
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 02:35 . 2002-08-29 07:27 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-09 09:12 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-25 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-27 995328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\tdsskiller\\TDSSKiller.exe"=
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2005-05-10 61643]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2001-03-27 35600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
itnetsvcs REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ilnetw32 - ilnetw32.dll
Notify-inetworks - ilnetw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-23 10:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1312)
c:\windows\system32\WININET.dll
c:\docume~1\ME\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-23 11:03:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 16:03
ComboFix2.txt 2011-09-21 19:38
ComboFix3.txt 2011-09-21 04:18
ComboFix4.txt 2011-09-20 04:28
ComboFix5.txt 2011-09-23 14:57
.
Pre-Run: 48,993,701,888 bytes free
Post-Run: 48,702,185,472 bytes free
.
- - End Of File - - BCBCB763499BE4E0A15AAC0E392CCBCB
 
Hi kar1897,

We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.
The following are all illegal software that I need you to remove please.
c:\program files\floating kingdoms\data\entities\buildings\13_crack.ent
c:\program files\floating kingdoms\data\models\buildings\13_crack\_glyphs.ini
c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe

----------

Once you get those removed please run CKScanner again and post the log created into your next reply.
 
I'm happy to remove them, however floating kingdoms was a legitimate purchase through big fish games along with numerous other games and the jasc software was installed on the computer by dell when I purchased it. I may have used a trial version with both but have never obtained either through illegal means.
 
Hi kar1897,

I'm happy to remove them, however floating kingdoms was a legitimate purchase through big fish games along with numerous other games and the jasc software was installed on the computer by dell when I purchased it. I may have used a trial version with both but have never obtained either through illegal means.
Ok that is not a problem then. :)
----------

Please download JavaRa to your desktop and unzip it to its own
folder
  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
    click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
    Java Runtime Environment (JRE) version for your computer.
----------


You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.1 first. Be sure to move any PDF documents to another folder first though.
----------

Once you get that completed please run DDS once more and post both of the logs created into your next reply.

How is your system running now? :)
 
Status
Not open for further replies.
Back
Top