Author Topic: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!! (Read 30471 times)

Dr Jay · « **Reply #15 on:** July 13, 2010, 10:38:43 PM »

@Mr. Hopeless

Please download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in your C:\ drive.
Please post the contents of that log.

Mr.Hopeless · « **Reply #16 on:** July 15, 2010, 05:46:36 PM »

19:46:40:278 2988   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:46:40:278 2988   ================================================================================
19:46:40:278 2988   SystemInfo:

19:46:40:278 2988   OS Version: 5.1.2600 ServicePack: 3.0
19:46:40:278 2988   Product type: Workstation
19:46:40:278 2988   ComputerName: D2PGV571
19:46:40:278 2988   UserName: Brett
19:46:40:278 2988   Windows directory: C:\WINDOWS
19:46:40:278 2988   System windows directory: C:\WINDOWS
19:46:40:278 2988   Processor architecture: Intel x86
19:46:40:278 2988   Number of processors: 1
19:46:40:278 2988   Page size: 0x1000
19:46:40:278 2988   Boot type: Normal boot
19:46:40:278 2988   ================================================================================
19:46:40:700 2988   Initialize success
19:46:40:700 2988
19:46:40:700 2988   Scanning   Services ...
19:46:41:372 2988   Raw services enum returned 360 services
19:46:41:387 2988
19:46:41:387 2988   Scanning   Drivers ...
19:46:42:372 2988   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:46:42:450 2988   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:42:591 2988   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:42:653 2988   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:46:42:731 2988   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:42:825 2988   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:46:42:856 2988   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:46:42:934 2988   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:46:43:028 2988   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:46:43:044 2988   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:46:43:059 2988   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:46:43:091 2988   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:46:43:122 2988   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:46:43:153 2988   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:46:43:184 2988   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:46:43:247 2988   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:46:43:294 2988   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:46:43:341 2988   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:46:43:419 2988   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:43:481 2988   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:43:591 2988   ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:46:43:700 2988   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:43:809 2988   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:43:966 2988   AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
19:46:44:044 2988   AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
19:46:44:122 2988   AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
19:46:44:153 2988   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:44:200 2988   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:46:44:216 2988   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:44:231 2988   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:46:44:262 2988   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:44:294 2988   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:44:356 2988   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:44:403 2988   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:46:44:497 2988   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:46:44:637 2988   ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:46:44:700 2988   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:46:44:762 2988   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:46:44:825 2988   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:44:903 2988   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:44:981 2988   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:45:028 2988   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:45:075 2988   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:45:106 2988   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:46:45:153 2988   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:45:169 2988   drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:46:45:200 2988   drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
19:46:45:294 2988   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:46:45:356 2988   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:46:45:481 2988   E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:46:45:856 2988   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:45:903 2988   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:46:044 2988   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:46:075 2988   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:46:137 2988   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:46:153 2988   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:46:184 2988   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:46:231 2988   GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:46:46:294 2988   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:46:356 2988   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:46:403 2988   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:46:46:466 2988   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:46:512 2988   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:46:46:544 2988   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:46:46:544 2988   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:46:46:591 2988   ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:46:46:778 2988   IcRecUsb (16e441dc4daf703fb0b0fe474830ff53) C:\WINDOWS\system32\Drivers\IcRecUsb.sys
19:46:47:028 2988   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:47:075 2988   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:46:47:137 2988   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:46:47:216 2988   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:47:278 2988   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:47:294 2988   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:47:356 2988   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:47:434 2988   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:47:528 2988   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:47:622 2988   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:47:653 2988   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:47:716 2988   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:47:762 2988   klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:46:47:856 2988   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:47:966 2988   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:47:997 2988   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:48:059 2988   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:48:091 2988   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:48:169 2988   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:48:216 2988   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:48:262 2988   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:46:48:309 2988   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:48:372 2988   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:48:419 2988   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:48:481 2988   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:48:512 2988   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:48:544 2988   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:48:591 2988   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:48:637 2988   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:46:48:731 2988   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:48:762 2988   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:48:809 2988   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:48:872 2988   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:48:950 2988   NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:49:075 2988   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:49:216 2988   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:49:325 2988   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:49:512 2988   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:49:637 2988   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:49:887 2988   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:46:50:262 2988   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:50:341 2988   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:50:434 2988   omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
19:46:50:528 2988   ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:46:50:684 2988   P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
19:46:50:778 2988   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:50:825 2988   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:50:872 2988   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:50:934 2988   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:51:028 2988   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:51:091 2988   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:51:153 2988   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:46:51:184 2988   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:46:51:262 2988   PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
19:46:51:325 2988   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:51:356 2988   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:51:403 2988   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:51:497 2988   PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:46:51:544 2988   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:46:51:637 2988   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:46:51:762 2988   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:46:51:841 2988   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:46:51:872 2988   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:46:51:919 2988   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:51:981 2988   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:52:028 2988   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:52:091 2988   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:52:122 2988   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:52:153 2988   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:52:356 2988   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:52:575 2988   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:52:637 2988   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:52:716 2988   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:52:872 2988   senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
19:46:53:091 2988   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:46:53:137 2988   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:46:53:184 2988   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:53:278 2988   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:46:53:387 2988   smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
19:46:53:497 2988   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:46:53:575 2988   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:53:622 2988   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:53:716 2988   Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:53:794 2988   sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:46:53:903 2988   ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
19:46:54:012 2988   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:54:122 2988   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:54:169 2988   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:46:54:262 2988   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:46:54:309 2988   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:46:54:356 2988   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:46:54:450 2988   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:54:544 2988   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:54:669 2988   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:54:716 2988   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:54:778 2988   Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
19:46:54:825 2988   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:54:919 2988   tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
19:46:54:981 2988   tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
19:46:55:028 2988   tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
19:46:55:091 2988   tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
19:46:55:153 2988   tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
19:46:55:200 2988   tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
19:46:55:262 2988   tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
19:46:55:294 2988   tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
19:46:55:309 2988   tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:46:55:434 2988   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:46:55:544 2988   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:55:622 2988   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:46:55:762 2988   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:55:856 2988   usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:46:55:919 2988   UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
19:46:55:934 2988   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:55:997 2988   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:56:028 2988   USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:46:56:044 2988   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:56:075 2988   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:56:106 2988   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:56:153 2988   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:56:262 2988   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:46:56:325 2988   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:46:56:372 2988   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:56:419 2988   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:56:481 2988   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:56:606 2988   wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
19:46:56:637 2988   wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
19:46:56:684 2988   wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
19:46:56:731 2988   wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
19:46:56:841 2988   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:46:56:856 2988   wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
19:46:57:044 2988   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:57:122 2988   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:57:137 2988
19:46:57:137 2988   Completed
19:46:57:137 2988
19:46:57:137 2988   Results:
19:46:57:137 2988   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
19:46:57:137 2988   File objects infected / cured / cured on reboot:   0 / 0 / 0
19:46:57:137 2988
19:46:57:137 2988   KLMD(ARK) unloaded successfully

homeflash · « **Reply #17 on:** July 15, 2010, 07:13:34 PM »

I have exactly same problem, too bad, I tried Microsoft Security Essential, spybot s&d, malwarebytes, Hijackthis, superantispyware, combofix, all can't find the source of the spyware.

I also looked at start up on registry and services. Everything seems normal. I wonder where that comes from. Is it brand new spyware and why all those known antispyware can't delete, clean and kill it?!

homeflash · « **Reply #18 on:** July 15, 2010, 08:23:14 PM »

not working... still popping up.

Dr Jay · « **Reply #19 on:** July 15, 2010, 10:12:06 PM »

@Mr. Hopeless

Please run the F-Secure Online Scanner

Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

homeflash · « **Reply #20 on:** July 16, 2010, 06:59:34 PM »

@dragonmaster Jay

Hey, not sure if your link works or combo fix worked. Yesterday, after I ran combofix, it worked about 20 so mins, and the popups came back up again. Then this morning, it didn't come up. Anyway, saw your post, and tried your link and found 1 malware and 2 spyware and cleaned it.

After that, I also ran full scan for malware and microsoft security essential (nothing found)
then reboot it and run combofix again, and my norton antivirus found quite a few hacking spyware/virus

Now it seems like everything works okay, sound is back to normal. No popups. Thanks!

@Mr. Hopeless.

Try what I did, it may work for you. If it doesn't, download a software called popup killer, and it close all the popups you specify, but that is surface or temporary fix. Either continue trying or reformat the whole C drive (last resource which I don't recommend because sooner or later this kind of spyware/malware will come back, we need to know how to fix it)

My advise is once everything is fine and okay, backup your whole C drive as image or copy c:\windows\*.* , if there is problem, you can ren your old c:\windows to something and restore the good c:\windows\*.* back, then it should be okay (that is my last resource.. instead of formatting whole drive) by the way, I use apricon to backup.

Dr Jay · « **Reply #21 on:** July 16, 2010, 11:28:52 PM »

Cancel that. According to a nice colleague, you seem to have what is called a Black Internet Bootkit, which is a fairly newer bootkit.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL C
Open a Notepad and press CTRL V
Post the output back here.

freeforall · « **Reply #22 on:** July 18, 2010, 09:19:40 AM »

Quote from: Mr.Hopeless on July 06, 2010, 06:38:29 PM

While I was on a business trip, somebody got my computer infected it seems. I first knew something was wrong when the the sound kept going out and I had to reset the sound settings to get the sound back on on. Since, other things were happening, including a pop-up, messages about wanting to make IE my default browser, etc. My computer has AVG Anti-Virus (Free Version 8, I'll be upgrading ASAP), and on three separate scans it found infections, including Trojan house Clicker.AJUP, Tracking cooking.Trafficmp, Tracking cooking.Overture, Virus FakeAlert, and the latest on separate scans Trojan horse Downloader.Tiny.BB.

Whatever is going on, iexplore.exe keeps opening up, even after I End Process from the Windows Task Manager. It's rather disturbing. (Firefox is my default browser.)

And one more thing I've found. hxxp://www.yadaying.com/index.php?aff_id=979 (on Windows Internet Explorer) is running in the background, and I don't know how to stop it from running.

It seems there must be something lodged in the computer that's bringing about these infections, but I don't know where to start looking for it. At this point, I'm a bit afraid to turn that computer on (I'm using a different laptop). If anyone can get me started on this, I'd really appreciate it.

For the record, that computer is running Windows XP.

Quote from: DragonMaster Jay on July 16, 2010, 11:28:52 PM

Cancel that. According to a nice colleague, you seem to have what is called a Black Internet Bootkit, which is a fairly newer bootkit.

Download Bootkit Remover to your Desktop.
You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL C
Open a Notepad and press CTRL V
Post the output back here.

Hola, solucioné este mismo problema (no sound on wave and pop-up´s in iexplore, i´m use firefox) el 11/07/10 con BootKit (Bootkit Remover)
Sigue las instrucciones de DragonMaster Jay, al final serán más o menos éstas:

Generar un archivo por lotes (batch file) con el siguiente texto:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
SHUTDOWN -r
EXIT

ejecutar el archivo por lotes y ya está...
A fecha de hoy (18/07/10) AVG ha encontrado un virus "Troyano Downloader.Tiny.BB" pero no sé si tendrán relacción.
AVG lo ha eliminado sin ningún problema.

No contestes al correo, estoy usando una cuenta de BugMeNot.

Mr.Hopeless · « **Reply #23 on:** July 23, 2010, 03:32:07 PM »

Sorry it's taking me long between posts. The dread on turning this computer on is really getting to me. Anyway... when I run remover.exe and I get the black screen window, the window closes when I try to copy the information. Here's what the screen says before it closes:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
------------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Press any key to quit...

Dr Jay · « **Reply #24 on:** July 23, 2010, 09:01:17 PM »

Please open Notepad and enter in the following:

Quote

@echo off
start remover.exe fix \.\PhysicalDrive0
exit

Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.

Mr.Hopeless · « **Reply #25 on:** July 26, 2010, 10:50:47 AM »

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Press any key to quit...

Dr Jay · « **Reply #26 on:** July 26, 2010, 09:55:54 PM »

How is the computer running?

What signs of infection remain?

Mr.Hopeless · « **Reply #27 on:** July 29, 2010, 11:28:51 AM »

Sound is still out. The computer is making a ticking noise. Sygate gives the following message:

Quote

WMI has changed since the last time you used it. This could happen if you have updated it recently. Click Detail to see more information. Do you want to allow it to access the network?
The executable has changed since the last time you used: C:\WINDOWS\system32\wbem\wmiprvse.exe

And in another window, Sygate says:

Quote

Prevalence reporter [avgcmgr.exe] is trying to connect to mmi.explabs.net [64.88.164.170] using remote port 80 [HTTP - World Wide Web]. Do you want to allow this program to access the network?

The last time I ran an AVG full scan of the computer, the scan took less than an hour and half. Usually the scan takes more than three and half hours. (That's got me a bit nervous.)
A WinPatrol File Type Change Alert says:

Quote

Scotty the Windows Watchdog is on patrol and has detected a change to one of your file type associations

The program currently associated with this file type is:
Run a DLL as an App
Microsoft Corporation
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %|

A change was made to use the following program for this file type.
Run a DLL as an App
Microsoft Corporation
rundll32.exe iefram.dll,OpenURL %|

I'm getting pretty close to pulling files off of the hard drive and then reinstalling Windows from scratch. It's feeling like desperate times...

Dr Jay · « **Reply #28 on:** July 29, 2010, 12:36:54 PM »

Quote

Prevalence reporter [avgcmgr.exe] is trying to connect to mmi.explabs.net [64.88.164.170] using remote port 80 [HTTP - World Wide Web]. Do you want to allow this program to access the network?

This is AVG connecting to its Exploit Prevention Labs Server. It is a safe operation.

Please re-run ComboFix and post a new log.

Mr.Hopeless · « **Reply #29 on:** July 31, 2010, 08:16:18 PM »

ComboFix 10-07-31.02 - Brett 07/31/2010 22:15:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.451 [GMT -4:00]
Running from: c:\documents and settings\Brett\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-23 21:25 . 2010-07-23 21:25   4368224   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-23 21:25 . 2010-07-23 21:25   1615200   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-23 21:25 . 2010-07-23 21:25   1373536   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-23 21:25 . 2010-07-23 21:25   1107296   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-14 14:34 . 2010-06-14 14:31   744448   ------w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 00:16 . 2010-07-14 00:22   --------   d-----w-   c:\program files\bootkit
2010-07-11 03:46 . 2010-07-11 03:46   503808   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e417fcb-n\msvcp71.dll
2010-07-11 03:46 . 2010-07-11 03:46   499712   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e417fcb-n\jmc.dll
2010-07-11 03:46 . 2010-07-11 03:46   348160   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e417fcb-n\msvcr71.dll
2010-07-11 03:46 . 2010-07-11 03:46   61440   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1bd8a20e-n\decora-sse.dll
2010-07-11 03:46 . 2010-07-11 03:46   12800   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1bd8a20e-n\decora-d3d.dll
2010-07-11 03:45 . 2010-07-11 03:45   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-11 03:24 . 2010-07-11 03:24   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-07-11 03:22 . 2010-07-11 03:22   71680   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-11 03:21 . 2010-07-11 17:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2010-07-08 19:08 . 2010-07-08 19:08   --------   d-----w-   c:\program files\ESET
2010-07-07 01:16 . 2010-07-07 01:16   495616   ----a-w-   c:\windows\system32\igfxcfg.exe
2010-07-05 00:31 . 2010-07-05 00:31   --------   d-sh--w-   c:\documents and settings\Deborah\IECompatCache
2010-07-04 18:25 . 2010-07-04 18:25   --------   d-----w-   C:\$AVG
2010-07-04 18:21 . 2010-07-04 18:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-07-04 03:41 . 2010-07-04 03:41   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-07-04 03:13 . 2010-07-04 03:13   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2010-07-02 04:45 . 2010-07-02 04:45   388096   ----a-r-   c:\documents and settings\Brett\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-02 04:45 . 2010-07-02 04:45   --------   d-----w-   c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 03:46 . 2005-04-20 17:21   --------   d-----w-   c:\program files\Common Files\Java
2010-07-11 03:45 . 2005-04-20 17:21   --------   d-----w-   c:\program files\Java
2010-07-11 03:37 . 2005-04-20 17:22   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-11 03:28 . 2005-04-21 00:41   --------   d-----w-   c:\program files\Common Files\Adobe
2010-07-07 01:45 . 2009-02-16 01:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-04 18:25 . 2009-02-16 03:30   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-04 18:25 . 2009-02-16 03:30   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-07-04 18:25 . 2009-02-16 03:30   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-07-04 18:25 . 2009-02-16 03:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-04 18:21 . 2009-02-16 03:30   --------   d-----w-   c:\program files\AVG
2010-07-04 16:52 . 2009-02-16 03:45   --------   d-----w-   c:\program files\CCleaner
2010-07-04 16:50 . 2008-09-11 12:18   --------   d-----w-   c:\documents and settings\Brett\Application Data\Amazon
2010-07-04 16:50 . 2008-09-11 12:18   --------   d-----w-   c:\program files\Amazon
2010-07-04 16:49 . 2005-04-20 21:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-14 14:31 . 2004-08-10 18:02   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 04:47 . 2010-06-13 04:47   --------   d-----w-   c:\documents and settings\Brett\Application Data\ZipGenius
2010-06-13 04:46 . 2010-06-13 04:46   --------   d-----w-   c:\program files\ZipGenius 6
2010-06-08 00:30 . 2010-06-08 00:30   57344   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-08 00:30 . 2010-06-08 00:30   56997   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-08 00:30 . 2010-06-08 00:30   56765   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-08 00:30 . 2010-06-08 00:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
2010-06-08 00:30 . 2010-06-08 00:30   53600   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-08 00:30 . 2010-06-08 00:30   57715   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   --------   d-----w-   c:\documents and settings\Brett\Application Data\DivX
2010-06-08 00:29 . 2010-06-08 00:29   84062   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   57054   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   54166   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   57532   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   56458   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   54174   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   54153   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   54128   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   54644   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   57409   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-08 00:29 . 2010-06-08 00:29   54101   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-08 00:28 . 2010-06-08 00:28   52963   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-08 00:28 . 2010-06-08 00:28   54073   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-08 00:28 . 2010-06-08 00:28   56969   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-08 00:28 . 2009-08-19 00:57   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-06-08 00:22 . 2010-06-08 00:30   1062184   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-08 00:19 . 2010-06-08 00:30   895256   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-04 16:13 . 2008-08-12 01:07   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-05-06 10:41 . 2004-08-10 17:51   916480   ----a-w-   c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="c:\program files\mozilla.org\Mozilla\Mozilla.exe" [2005-05-11 98192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-21 118784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"SmcService"="c:\progra~1\COMPUT~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-04 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-04 18:25   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22   3739648   ----a-w-   c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 15:06   11776   ----a-w-   c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-12-08 23:54   155648   ----a-w-   c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01   110592   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/15/2009 11:30 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/15/2009 11:30 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/4/2010 2:23 PM 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2009 8:51 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [11/20/2005 11:11 PM 17432]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2/10/2006 5:27 PM 45840]
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 00:50]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 00:50]

2010-06-25 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-06-24 18:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 22:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,1a,17,b4,52,54,7c,42,b2,a6,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,1a,17,b4,52,54,7c,42,b2,a6,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\SSSensor.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-31 22:23:19
ComboFix-quarantined-files.txt 2010-08-01 02:23

Pre-Run: 19,844,481,024 bytes free
Post-Run: 19,828,944,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 1BD2103E25EA95A703A92D477D221DA2

Computer Hope Forum

News:

Author Topic: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!! (Read 30471 times)

Dr Jay

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Mr.Hopeless

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

homeflash

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

homeflash

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Dr Jay

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

homeflash

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Dr Jay

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

freeforall

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Mr.Hopeless

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Dr Jay

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Mr.Hopeless

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Dr Jay

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Mr.Hopeless

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Dr Jay

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!

Mr.Hopeless

Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!