Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: stonemanjr on September 23, 2011, 03:50:54 PM
-
Have a Windows XP Home machine that is showing this malware alert (TR/spy.keylogger.qme) with Avira AntiVir running. Tried Malwarebytes Anti-malware without success. Need assistance- thank you
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Tried Malwarebytes Anti-malware without success
Does this mean you couldn't run it?
*****************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
thanks Dave. I will have these posted tonite or tmrw. How things in Canada? I have family from SASK, Prince ALbert
-
On the Malwarebytes.....its didnt pick anything up but it did run. See requested logs below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by TERESA at 12:21:55 on 2011-09-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.264 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [enots] c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe qx
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [enots] c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe qx
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUA
VwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADk ANwA"&"inst=NwA3AC0ANQ
AzADgAMwA3ADUAMAA5ADkALQBUADUALQBLAFYAM wArADcALQBCAEEAKwAxA
C0AWABMACsAMQAtAFMAVAAxACsAMgAtAEYAUAA5 ACsANgAtAEIAQQBSADkAT
wArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0A WABPADMANgArADEALQBGA
DkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAy AC0AWABPADkAKwAxAC0AR
gA5AE0AMgArADEALQBEAEQAVAArADUAOQA3ADAA NwAtAEQARAA5ADAARgArADE
ALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.901
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: vtfonouchgduhrdehfhkTaskMgr = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231383096984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{37C129CA-8F97-45C5-AC5F-0A866BE26C63} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\[email protected]\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-4 11608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl7d5ea182;MpKsl7d5ea182;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\MpKsl7d5ea182.sys [2011-9-25 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-4 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-4 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-4 66616]
S1 aitvlgmq;aitvlgmq;\??\c:\windows\system32\drivers\aitvlgmq.sys --> c:\windows\system32\drivers\aitvlgmq.sys [?]
S1 csgcdngj;csgcdngj;\??\c:\windows\system32\drivers\csgcdngj.sys --> c:\windows\system32\drivers\csgcdngj.sys [?]
S1 fzbjjxqk;fzbjjxqk;\??\c:\windows\system32\drivers\fzbjjxqk.sys --> c:\windows\system32\drivers\fzbjjxqk.sys [?]
S1 jicuygtu;jicuygtu;\??\c:\windows\system32\drivers\jicuygtu.sys --> c:\windows\system32\drivers\jicuygtu.sys [?]
S1 MpKsl0821a7de;MpKsl0821a7de;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\mpksl0821a7de.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\MpKsl0821a7de.sys [?]
S1 MpKsl0e44e987;MpKsl0e44e987;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09c1f489-dbef-4352-a225-327c77f845e2}\mpksl0e44e987.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09c1f489-dbef-4352-a225-327c77f845e2}\MpKsl0e44e987.sys [?]
S1 MpKsl0e57dffb;MpKsl0e57dffb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7faa1a41-0c55-446d-8853-5c8722eda63b}\mpksl0e57dffb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7faa1a41-0c55-446d-8853-5c8722eda63b}\MpKsl0e57dffb.sys [?]
S1 MpKsl3be578e8;MpKsl3be578e8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{463c4246-a0af-43b8-a4e5-c4cd9cd8e8ed}\mpksl3be578e8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{463c4246-a0af-43b8-a4e5-c4cd9cd8e8ed}\MpKsl3be578e8.sys [?]
S1 MpKsl6df5701a;MpKsl6df5701a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{435a1f7b-fe54-4baa-9d61-863f37589058}\mpksl6df5701a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{435a1f7b-fe54-4baa-9d61-863f37589058}\MpKsl6df5701a.sys [?]
S1 MpKsl730d167e;MpKsl730d167e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\mpksl730d167e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\MpKsl730d167e.sys [?]
S1 MpKsl96e84b25;MpKsl96e84b25;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67affd6f-4cf9-4d19-9a09-c2e89137eab5}\mpksl96e84b25.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67affd6f-4cf9-4d19-9a09-c2e89137eab5}\MpKsl96e84b25.sys [?]
S1 MpKsla4feba4a;MpKsla4feba4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc131dce-7df4-4215-af45-845205895ecc}\mpksla4feba4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc131dce-7df4-4215-af45-845205895ecc}\MpKsla4feba4a.sys [?]
S1 MpKsla63cd1ca;MpKsla63cd1ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b70390b-feb2-4387-888d-f71aee6fb829}\mpksla63cd1ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b70390b-feb2-4387-888d-f71aee6fb829}\MpKsla63cd1ca.sys [?]
S1 MpKslbd20a6ce;MpKslbd20a6ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f179367e-c9bb-4931-9c2f-37e8d4508fc3}\mpkslbd20a6ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f179367e-c9bb-4931-9c2f-37e8d4508fc3}\MpKslbd20a6ce.sys [?]
S1 MpKslcb1ffcb3;MpKslcb1ffcb3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e268f040-c521-4f01-8deb-689c60cce460}\mpkslcb1ffcb3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e268f040-c521-4f01-8deb-689c60cce460}\MpKslcb1ffcb3.sys [?]
S1 MpKslf03d2df7;MpKslf03d2df7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{77b75f8b-7061-4b4d-9df9-102d8bdce7ba}\mpkslf03d2df7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{77b75f8b-7061-4b4d-9df9-102d8bdce7ba}\MpKslf03d2df7.sys [?]
S1 MpKslfc685657;MpKslfc685657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64ad3157-275d-4585-a345-0213513504b1}\mpkslfc685657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64ad3157-275d-4585-a345-0213513504b1}\MpKslfc685657.sys [?]
S1 pmirdaoq;pmirdaoq;\??\c:\windows\system32\drivers\pmirdaoq.sys --> c:\windows\system32\drivers\pmirdaoq.sys [?]
S1 qlupagro;qlupagro;\??\c:\windows\system32\drivers\qlupagro.sys --> c:\windows\system32\drivers\qlupagro.sys [?]
S1 rdjnrndg;rdjnrndg;\??\c:\windows\system32\drivers\rdjnrndg.sys --> c:\windows\system32\drivers\rdjnrndg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-20 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;
.
=============== Created Last 30 ================
.
2011-09-25 16:33:44 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\MpKsl7d5ea182.sys
2011-09-25 16:33:23 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\offreg.dll
2011-09-25 16:33:19 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\mpengine.dll
2011-09-06 22:02:22 -------- d-----w- c:\documents and settings\teresa\local settings\application data\ApplicationHistory
2011-09-06 21:49:06 -------- d-----w- C:\ComboFix
2011-09-06 21:39:15 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-12 15:52:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:12:47 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:23:27.17 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/16/2008 3:27:52 PM
System Uptime: 9/22/2011 10:40:15 PM (86 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel Pentium II processor | Socket 775 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 54.087 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP691: 6/29/2011 11:02:47 AM - Software Distribution Service 3.0
RP692: 6/29/2011 4:44:06 PM - Software Distribution Service 3.0
RP693: 6/30/2011 6:33:00 PM - System Checkpoint
RP694: 7/1/2011 8:35:18 AM - Software Distribution Service 3.0
RP695: 7/2/2011 8:35:35 AM - Software Distribution Service 3.0
RP696: 7/3/2011 1:43:07 AM - Software Distribution Service 3.0
RP697: 7/3/2011 8:35:15 AM - Software Distribution Service 3.0
RP698: 7/4/2011 8:35:17 AM - Software Distribution Service 3.0
RP699: 7/5/2011 12:57:39 PM - Software Distribution Service 3.0
RP700: 7/5/2011 1:46:47 PM - Software Distribution Service 3.0
RP701: 7/7/2011 9:25:44 AM - Software Distribution Service 3.0
RP702: 7/7/2011 11:11:48 AM - Unsigned printer driver HP LaserJet 6P installed.
RP703: 7/7/2011 3:09:54 PM - Unsigned printer driver HP LaserJet 6P installed.
RP704: 7/7/2011 3:23:50 PM - Installed Java(TM) 6 Update 26
RP705: 7/8/2011 10:19:10 AM - Software Distribution Service 3.0
RP706: 7/9/2011 11:09:44 AM - System Checkpoint
RP707: 7/11/2011 10:47:29 AM - Software Distribution Service 3.0
RP708: 7/11/2011 10:59:47 AM - Removed AVG Free 9.0
RP709: 7/11/2011 11:01:00 AM - Revo Uninstaller's restore point - AVG Free 9.0
RP710: 7/11/2011 11:02:11 AM - Removed AVG Free 9.0
RP711: 7/12/2011 11:37:33 AM - Installed AVG Free 9.0
RP712: 7/12/2011 11:46:14 AM - Software Distribution Service 3.0
RP713: 7/12/2011 11:59:59 AM - Avg8 Update
RP714: 7/12/2011 12:03:13 PM - Avg Update
RP715: 7/13/2011 1:36:39 PM - Avg Update
RP716: 7/13/2011 1:39:16 PM - Avg Update
RP717: 7/13/2011 1:43:42 PM - Software Distribution Service 3.0
RP718: 7/15/2011 9:07:50 AM - Software Distribution Service 3.0
RP719: 7/16/2011 9:56:32 AM - System Checkpoint
RP720: 7/16/2011 10:01:28 AM - Software Distribution Service 3.0
RP721: 7/17/2011 1:31:07 AM - Software Distribution Service 3.0
RP722: 7/17/2011 10:00:52 AM - Software Distribution Service 3.0
RP723: 7/18/2011 10:02:06 AM - Software Distribution Service 3.0
RP724: 7/19/2011 10:02:16 AM - Software Distribution Service 3.0
RP725: 7/19/2011 8:21:59 PM - Unsigned printer driver HP LaserJet 6MP installed.
RP726: 7/19/2011 8:25:41 PM - Unsigned printer driver HP LaserJet 6P installed.
RP727: 7/19/2011 8:26:09 PM - Unsigned printer driver HP LaserJet 6P installed.
RP728: 7/20/2011 1:31:42 PM - Software Distribution Service 3.0
RP729: 7/20/2011 1:49:15 PM - Software Distribution Service 3.0
RP730: 7/21/2011 2:56:16 PM - Software Distribution Service 3.0
RP731: 7/25/2011 9:21:58 AM - Software Distribution Service 3.0
RP732: 7/26/2011 12:05:47 PM - System Checkpoint
RP733: 7/26/2011 3:48:56 PM - Software Distribution Service 3.0
RP734: 7/27/2011 4:40:38 PM - System Checkpoint
RP735: 7/27/2011 5:18:25 PM - Software Distribution Service 3.0
RP736: 7/28/2011 11:41:02 AM - Software Distribution Service 3.0
RP737: 7/29/2011 11:41:06 AM - Software Distribution Service 3.0
RP738: 7/30/2011 12:57:19 PM - System Checkpoint
RP739: 7/30/2011 12:58:54 PM - Software Distribution Service 3.0
RP740: 7/31/2011 1:50:37 AM - Software Distribution Service 3.0
RP741: 7/31/2011 12:59:15 PM - Software Distribution Service 3.0
RP742: 8/1/2011 1:57:46 PM - Software Distribution Service 3.0
RP743: 8/2/2011 11:56:04 PM - Software Distribution Service 3.0
RP744: 8/4/2011 10:29:15 AM - Software Distribution Service 3.0
RP745: 8/5/2011 1:51:43 PM - Software Distribution Service 3.0
RP746: 8/7/2011 11:31:07 PM - Software Distribution Service 3.0
RP747: 8/9/2011 2:57:59 PM - Software Distribution Service 3.0
RP748: 8/11/2011 2:17:56 PM - Software Distribution Service 3.0
RP749: 8/12/2011 8:52:47 AM - Software Distribution Service 3.0
RP750: 8/13/2011 9:36:32 AM - System Checkpoint
RP751: 8/13/2011 9:38:33 AM - Software Distribution Service 3.0
RP752: 8/18/2011 9:45:21 PM - Software Distribution Service 3.0
RP753: 8/22/2011 9:48:37 AM - Software Distribution Service 3.0
RP754: 8/22/2011 10:43:17 AM - Installed Windows Media Player 11
RP755: 8/23/2011 11:02:37 AM - System Checkpoint
RP756: 8/23/2011 4:08:34 PM - Software Distribution Service 3.0
RP757: 8/24/2011 8:30:16 AM - Software Distribution Service 3.0
RP758: 8/24/2011 9:25:03 AM - Software Distribution Service 3.0
RP759: 8/25/2011 7:23:05 AM - Software Distribution Service 3.0
RP760: 8/26/2011 9:24:56 AM - System Checkpoint
RP761: 8/29/2011 9:23:39 AM - Software Distribution Service 3.0
RP762: 8/30/2011 11:07:51 AM - System Checkpoint
RP763: 8/31/2011 10:07:33 AM - Software Distribution Service 3.0
RP764: 9/1/2011 11:21:50 AM - System Checkpoint
RP765: 9/2/2011 11:57:33 AM - Software Distribution Service 3.0
RP766: 9/3/2011 3:05:38 PM - Software Distribution Service 3.0
RP767: 9/3/2011 3:38:04 PM - GOOD Restore SEPT 2011
RP768: 9/4/2011 3:40:43 PM - Software Distribution Service 3.0
RP769: 9/5/2011 4:03:43 PM - System Checkpoint
RP770: 9/6/2011 6:28:58 AM - Software Distribution Service 3.0
RP771: 9/6/2011 4:51:45 PM - Revo Uninstaller's restore point - AVG Free 9.0
RP772: 9/6/2011 4:54:22 PM - Removed AVG Free 9.0
RP773: 9/6/2011 4:58:13 PM - Installed AVG Free 9.0
RP774: 9/6/2011 6:13:44 PM - Installed AVG Free 9.0
RP775: 9/7/2011 12:47:11 PM - Software Distribution Service 3.0
RP776: 9/8/2011 5:00:17 AM - Software Distribution Service 3.0
RP777: 9/9/2011 6:21:44 AM - Software Distribution Service 3.0
RP778: 9/10/2011 10:28:01 AM - Software Distribution Service 3.0
RP779: 9/12/2011 6:21:32 AM - Software Distribution Service 3.0
RP780: 9/13/2011 6:34:10 AM - Software Distribution Service 3.0
RP781: 9/14/2011 7:38:27 AM - System Checkpoint
RP782: 9/14/2011 8:07:50 AM - Software Distribution Service 3.0
RP783: 9/14/2011 11:33:27 AM - Software Distribution Service 3.0
RP784: 9/15/2011 5:00:23 AM - Software Distribution Service 3.0
RP785: 9/16/2011 8:53:19 AM - Software Distribution Service 3.0
RP786: 9/19/2011 12:38:29 PM - Software Distribution Service 3.0
RP787: 9/20/2011 2:11:43 PM - System Checkpoint
RP788: 9/20/2011 4:59:39 PM - Software Distribution Service 3.0
RP789: 9/22/2011 5:58:11 PM - Software Distribution Service 3.0
RP790: 9/24/2011 9:02:01 AM - Software Distribution Service 3.0
RP791: 9/25/2011 2:28:24 AM - Software Distribution Service 3.0
RP792: 9/25/2011 12:33:18 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DellSupport
Download Updater (AOL LLC)
ERUNT 1.1j
ESET Online Scanner v3
Eusing Free Registry Cleaner
Free Internet Window Washer
Free Window Registry Repair
Garmin USB Drivers
Garmin WebUpdater
Glary Registry Repair 3.3.0.852
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GTOneCare
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.22)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MWSnap 3
Octoshape add-in for Adobe Flash Player
PowerDVD
Privacy and Registry Cleaner
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.92
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
SUPERAntiSpyware
Undelete Plus 2.98
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online DSL
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
WinUndelete
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
.
==== Event Viewer Messages From Past Week ========
.
9/24/2011 8:52:26 AM, error: NetBT [4321] - The name "STONE :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.45 did not allow the name to be claimed by this machine.
9/23/2011 10:37:16 AM, error: NetBT [4321] - The name "DRFANNING :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.46 did not allow the name to be claimed by this machine.
9/21/2011 10:02:34 AM, error: NetBT [4321] - The name "ANONYMOUS :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.47 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/26/2011 at 01:51 PM
Application Version : 4.48.1000
Core Rules Database Version : 7726
Trace Rules Database Version: 5538
Scan type : Complete Scan
Total Scan Time : 01:26:25
Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 7561
Registry threats detected : 1
File items scanned : 23344
File threats detected : 70
Adware.Tracking Cookie
C:\Documents and Settings\TERESA\Cookies\DQ2HDGTM.txt
C:\Documents and Settings\TERESA\Cookies\0VPYC8NV.txt
C:\Documents and Settings\TERESA\Cookies\9UK0NFUR.txt
C:\Documents and Settings\TERESA\Cookies\WAO42BM0.txt
C:\Documents and Settings\TERESA\Cookies\759RG44L.txt
C:\Documents and Settings\TERESA\Cookies\PPIAKAQJ.txt
C:\Documents and Settings\TERESA\Cookies\7NBJBCES.txt
C:\Documents and Settings\TERESA\Cookies\B9Q2LXU0.txt
C:\Documents and Settings\TERESA\Cookies\LG6BAI97.txt
C:\Documents and Settings\TERESA\Cookies\YKIEIMTU.txt
C:\Documents and Settings\TERESA\Cookies\6GLIM98G.txt
C:\Documents and Settings\TERESA\Cookies\HE56IIRA.txt
C:\Documents and Settings\TERESA\Cookies\TSYUNS5E.txt
C:\Documents and Settings\TERESA\Cookies\3R1E5K08.txt
C:\Documents and Settings\TERESA\Cookies\TQ3FHELU.txt
C:\Documents and Settings\TERESA\Cookies\GPD9VIVV.txt
C:\Documents and Settings\TERESA\Cookies\2YRB44AG.txt
C:\Documents and Settings\TERESA\Cookies\UVJ67UVH.txt
C:\Documents and Settings\TERESA\Cookies\RMHO96Q6.txt
C:\Documents and Settings\TERESA\Cookies\1UMR1ICZ.txt
C:\Documents and Settings\TERESA\Cookies\9U3WH04M.txt
C:\Documents and Settings\TERESA\Cookies\NMSKPO1S.txt
C:\Documents and Settings\TERESA\Cookies\SFPNCDX7.txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@pointroll[1].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@invitemedia[1].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@trafficmp[2].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][3].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][1].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][1].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@tribalfusion[2].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@realmedia[1].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@media6degrees[1].txt
C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediabrandsww[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@pointroll[1].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@legolas-media[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
C:\Documents and Settings\Guest\Cookies\guest@invitemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@mediapromoter[1].txt
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
C:\Documents and Settings\Guest\Cookies\guest@partypoker[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][3].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ru4[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
ia.media-imdb.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
media.mtvnservices.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
msnbcmedia.msn.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
s0.2mdn.net [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
secure-us.imrworldwide.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
sftrack.searchforce.net [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
Adware.Gamevance
HKU\S-1-5-21-3164414362-3184867574-2224378191-501\Software\gvtl
-
How things in Canada? I have family from SASK, Prince ALbert
Good. We're finally getting some good weather after a very wet summer. SASK is a long way from where I live in the Maritimes.
You have two AV programs running on your computer which is a no-no. Either AntiVir Desktop or Microsoft Security Essentials will have to be disabled/uninstalled. I would recommend you keep MSE.
You have remnants of AVG on your computer. Please run this Removal Tool to remove all traces.
AVG Antivirus - AVG Antivirus Remover utility (http://www.avg.com/download-tools)
**************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner, Glary Registry Repair 3.3.0.852, Wise Registry Cleaner 5.9.4 and Free Window Registry Repair
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
*******************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
More information:
* ViewMgr.exe - Useless (http://www.greatis.com/appdata/u/v/viewmgr.exe.htm)
* Viewpoint to Plunge Into Adware (http://www.clickz.com/news/article.php/3561546/)
It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.
* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
****************************************************
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
c:\windows\system32\drivers\fzbjjxqk.sys
c:\windows\system32\drivers\jicuygtu.sys
c:\windows\system32\drivers\pmirdaoq.sys
c:\windows\system32\drivers\qlupagro.sys
c:\windows\system32\drivers\rdjnrndg.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**************************************************
This program files\npnzlrbdmjxegeqc looks very suspicious. I would recommend that you uninstall this program.
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Ok, got it. Not sure how to access AVG removal tool, but I can do a sweeper thru REVO and get most of it.
Will remove Viewpoint
That funny file with the random letters and then the others in the system/win32 areas are related to All in ONe Keylogger which hides itself. SO they are ok!
-
Not sure how to access AVG removal tool, but I can do a sweeper thru REVO and get most of it.
There are detailed instructions for each type of AV in the link I've provided. If you still can't do it, please run ComboFix anyway.
-
ok. here is a prior one from earlier. I can run again also.
ComboFix 11-01-31.02 - TERESA 02/04/2011 2:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.370 [GMT -5:00]
Running from: c:\documents and settings\TERESA\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\TERESA\Application Data\MSA
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.
2011-02-04 07:36 . 2011-02-04 07:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsld94db114.sys
2011-02-04 00:14 . 2011-02-04 00:14 -------- d-----w- c:\documents and settings\TERESA\Application Data\SUPERAntiSpyware.com
2011-02-04 00:14 . 2011-02-04 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-04 00:11 . 2011-02-04 00:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-03 23:44 . 2011-02-03 23:44 -------- d-----w- c:\documents and settings\TERESA\Application Data\Malwarebytes
2011-02-03 23:44 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 23:44 . 2011-02-03 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-03 23:44 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-03 23:44 . 2011-02-03 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 21:54 . 2011-01-21 21:54 -------- d-----w- C:\PAYROLL
2011-01-21 19:17 . 2011-01-21 19:17 -------- d-----w- c:\program files\ACW
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 14:56 . 2009-09-04 06:33 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-22 13:16 . 2009-09-04 06:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 18:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 17:51 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-07-19 14:13 . 2009-11-23 22:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SYSPROT LOG
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 616
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 680
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 704
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 748
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 760
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 952
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PID: 1120
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1160
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1236
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgchsvx.exe
PID: 1356
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgrsx.exe
PID: 1364
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1476
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 1528
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1796
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1900
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 484
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 888
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 1064
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgwdsvc.exe
PID: 1088
Hidden: No
Window Visible: No
Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1116
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell Network Assistant\hnm_svc.exe
PID: 152
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PID: 1460
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 108
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 496
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PID: 2032
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\igfxtray.exe
PID: 1204
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\hkcmd.exe
PID: 968
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\igfxpers.exe
PID: 1260
Hidden: No
Window Visible: No
Name: C:\WINDOWS\RTHDCPL.EXE
PID: 1216
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1572
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1560
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgnsx.exe
PID: 1980
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 2204
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 2284
Hidden: No
Window Visible: No
Name: C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PID: 2316
Hidden: No
Window Visible: No
Name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 2380
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2480
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\AVG\AVG9\avgtray.exe
PID: 2520
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2552
Hidden: No
Window Visible: No
Name: C:\Program Files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe
PID: 2576
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft Security Client\msseces.exe
PID: 2592
Hidden: No
Window Visible: No
Name: C:\Program Files\DellSupport\DSAgnt.exe
PID: 2668
Hidden: No
Window Visible: No
Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2744
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2916
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PID: 3220
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3448
Hidden: No
Window Visible: No
Name: C:\Program Files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe
PID: 3716
Hidden: No
Window Visible: Yes
Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1864
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 2444
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\vssvc.exe
PID: 3768
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\dllhost.exe
PID: 3860
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\dllhost.exe
PID: 3952
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\msdtc.exe
PID: 3204
Hidden: No
Window Visible: No
Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3468
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft Office\Office\WINWORD.EXE
PID: 2996
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\TERESA\Desktop\SysProt.exe
PID: 3012
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\TERESA\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A8BB7000
Module End: A8BC2000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A7D1B000
Module End: A7D3F000
Hidden: No
Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806D0380
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D1000
Module End: 806F1300
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7AF3000
Module End: F7AF5000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7A03000
Module End: F7A06000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F74C4000
Module End: F74F2000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7AF5000
Module End: F7AF7000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F74B3000
Module End: F74C4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F75F3000
Module End: F75FD000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7BBB000
Module End: F7BBC000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7873000
Module End: F787A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7603000
Module End: F760E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7494000
Module End: F74B3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F787B000
Module End: F7880000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7613000
Module End: F7620000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F747C000
Module End: F7494000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F73B5000
Module End: F747C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7623000
Module End: F762C000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7633000
Module End: F7640000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7395000
Module End: F73B5000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7383000
Module End: F7395000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: F736D000
Module End: F7383000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7643000
Module End: F764C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7356000
Module End: F736D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72C9000
Module End: F7356000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F729C000
Module End: F72C9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7282000
Module End: F729C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7833000
Module End: F783C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: F64B0000
Module End: F6A2F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F649C000
Module End: F64B0000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: F645B000
Module End: F649C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7903000
Module End: F7909000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6437000
Module End: F645B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F790B000
Module End: F7913000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F640F000
Module End: F6437000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7913000
Module End: F791A000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7843000
Module End: F784E000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: F7B05000
Module End: F7B07000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7853000
Module End: F7863000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7863000
Module End: F7872000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F63EC000
Module End: F640F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7D41000
Module End: F7D42000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6ABF000
Module End: F6ACC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A9F000
Module End: F7AA2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F63D5000
Module End: F63EC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F6AAF000
Module End: F6ABA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F6A9F000
Module End: F6AAB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F791B000
Module End: F7920000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F63C4000
Module End: F63D5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F6A8F000
Module End: F6A98000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7923000
Module End: F7928000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F792B000
Module End: F7930000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F6A7F000
Module End: F6A89000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7933000
Module End: F7939000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F793B000
Module End: F7941000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7B07000
Module End: F7B09000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6366000
Module End: F63C4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7AAF000
Module End: F7AB3000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F6A5F000
Module End: F6A69000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F6A3F000
Module End: F6A4E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7B0B000
Module End: F7B0D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: A9ACE000
Module End: A9F25000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: A9AAA000
Module End: A9ACE000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F6A2F000
Module End: F6A3E000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F723A000
Module End: F723D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: A9A33000
Module End: A9A5A000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F6356000
Module End: F6359000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7673000
Module End: F767C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7953000
Module End: F795A000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7B27000
Module End: F7B29000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7CFC000
Module End: F7CFD000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7B29000
Module End: F7B2B000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Service Name: DLARTL_M
Module Base: F7963000
Module End: F7969000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F796B000
Module End: F7971000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7B2B000
Module End: F7B2D000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7B2D000
Module End: F7B2F000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7973000
Module End: F7978000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F797B000
Module End: F7983000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F634E000
Module End: F6351000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A9A00000
Module End: A9A13000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A99A7000
Module End: A9A00000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: A996D000
Module End: A99A7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A9947000
Module End: A996D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7693000
Module End: F769C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A991F000
Module End: A9947000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A98FD000
Module End: A991F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F76A3000
Module End: F76AC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F7983000
Module End: F7989000
Hidden: No
Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: A98DB000
Module End: A98FD000
Hidden: No
Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F798B000
Module End: F7991000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A98B0000
Module End: A98DB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A9818000
Module End: A9888000
Hidden: No
Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0AC0C6D-D1AE-40E4-AF9E-178CDF3758E7}\MpKslea9f7dca.sys
Service Name: MpKslea9f7dca
Module Base: F799B000
Module End: F79A1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A9AA6000
Module End: A9AA9000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F76C3000
Module End: F76CE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: A97F1000
Module End: A9818000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: A9A9A000
Module End: A9A9E000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F79A3000
Module End: F79A9000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: A97BD000
Module End: A97F1000
Hidden: No
Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F7B35000
Module End: F7B37000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76F3000
Module End: F7703000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A97A5000
Module End: A97BD000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B37000
Module End: F7B39000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F723E000
Module End: F7241000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F79BB000
Module End: F79C0000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7BDC000
Module End: F7BDD000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: A964E000
Module End: A9665000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: F77F3000
Module End: F77FE000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLADResM.SYS
Service Name: DLADResM
Module Base: F7C4A000
Module End: F7C4B000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: A960E000
Module End: A9626000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: F79D3000
Module End: F79D8000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: F7B3F000
Module End: F7B41000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLABMFSM.SYS
Service Name: DLABMFSM
Module Base: F79DB000
Module End: F79E2000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: F79E3000
Module End: F79EA000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: A95F8000
Module End: A960E000
Hidden: No
Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: A95E1000
Module End: A95F8000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\packet.sys
Service Name: Packet
Module Base: A9642000
Module End: A9646000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A963E000
Module End: A9642000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A91CC000
Module End: A91F9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A90C7000
Module End: A90DC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7BAB000
Module End: F7BAD000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A9249000
Module End: A9258000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A8D5F000
Module End: A8DB7000
Hidden: No
Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0AC0C6D-D1AE-40E4-AF9E-178CDF3758E7}\MpKsl87262213.sys
Service Name: MpKsl87262213
Module Base: F78CB000
Module End: F78D1000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A82CB000
Module End: A830C000
Hidden: No
Module Name: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Service Name: DSproct
Module Base: F7B4B000
Module End: F7B4D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A7E7F000
Module End: A7EAA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F79EB000
Module End: F79F2000
Hidden: No
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F7D1290C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreateKey
Address: F7D128C6
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreateSection
Address: F7D12916
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreateThread
Address: F7D128BC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteKey
Address: F7D128CB
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteValueKey
Address: F7D128D5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDuplicateObject
Address: F7D12907
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwLoadKey
Address: F7D128DA
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenProcess
Address: F7D128A8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenThread
Address: F7D128AD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwReplaceKey
Address: F7D128E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRestoreKey
Address: F7D128DF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSetContextThread
Address: F7D1291B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSetValueKey
Address: F7D128D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwTerminateProcess
Address: F7D128B7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1106
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1105
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1104
Remote Address: IAD04S01-IN-F120.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1094
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1090
Remote Address: QY-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1079
Remote Address: SINGLECLICK.DMARC.NJ3.ATLANTICMETRO.NET:HTTP
Type: TCP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: ESTABLISHED
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: CORNERSTONE:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING
Local Address: CORNERSTONE:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING
Local Address: CORNERSTONE:5152
Remote Address: LOCALHOST:1088
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT
Local Address: CORNERSTONE:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: CORNERSTONE:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: LISTENING
Local Address: CORNERSTONE:1092
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE:1091
Remote Address: LOCALHOST:1092
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE:1088
Remote Address: LOCALHOST:5152
Type: TCP
Process: 2340 (PID)
State: FIN_WAIT2
Local Address: CORNERSTONE:1085
Remote Address: LOCALHOST:1084
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE:1084
Remote Address: LOCALHOST:1085
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: CORNERSTONE:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: CORNERSTONE:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: CORNERSTONE:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: CORNERSTONE:10316
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\hnm_svc.exe
State: NA
Local Address: CORNERSTONE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: CORNERSTONE:1078
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA
Local Address: CORNERSTONE:1026
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA
Local Address: CORNERSTONE:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA
Local Address: CORNERSTONE:10426
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA
Local Address: CORNERSTONE:10421
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA
Local Address: CORNERSTONE:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: CORNERSTONE:1039
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA
Local Address: CORNERSTONE:1027
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: CORNERSTONE:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: CORNERSTONE:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
No hidden files/folders found
-
ComboFix is running from the wrong location. Please uninstall/delete it, download a new one and install it on your desktop and run a new scan.
I don't recall asking you to run SysProt AntiRootkit. Please do not run any new programs unless requested to do so.
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
ComboFix 11-09-29.06 - TERESA 09/29/2011 17:53:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.430 [GMT -4:00]
Running from: c:\documents and settings\TERESA\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
---- Previous Run -------
.
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\TERESA.CORNERSTONE\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\EULA.exe.e24c9112.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\SL11A.tmp.31bba02f.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 15:10 . 2011-09-29 15:10 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\MpKsld66538a4.sys
2011-09-29 15:09 . 2011-09-29 15:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\offreg.dll
2011-09-29 15:09 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\mpengine.dll
2011-09-06 21:39 . 2011-09-29 14:58 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-07-20 17:52 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-12 15:52 . 2011-08-12 15:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-08-25 11:25 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 09:05 . 2010-05-07 17:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2009-04-01 17:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:12 . 2009-09-04 06:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-12 16:12 . 2009-09-04 06:33 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-02-03 23:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-03 23:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-19 14:13 . 2009-11-23 22:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-06_22.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-29 16:35 . 2011-09-29 16:35 16384 c:\windows\Temp\Perflib_Perfdata_abc.dat
+ 2011-09-08 17:54 . 2011-09-08 17:54 22016 c:\windows\Installer\1d9c144.msi
- 2011-06-15 20:08 . 2011-06-15 20:08 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-09-15 09:05 . 2011-09-15 09:05 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-01-02 23:54 . 2009-01-02 23:54 9851 c:\windows\system32\mswnnrote.dll
- 2010-07-25 21:59 . 2010-07-25 21:59 9851 c:\windows\system32\mswnnrote.dll
- 2011-07-07 19:24 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05 157472 c:\windows\system32\javaws.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05 145184 c:\windows\system32\javaw.exe
- 2011-07-07 19:24 . 2011-05-04 08:52 145184 c:\windows\system32\javaw.exe
- 2011-07-07 19:24 . 2011-05-04 08:52 145184 c:\windows\system32\java.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05 145184 c:\windows\system32\java.exe
+ 2011-09-29 16:58 . 2011-09-29 16:58 203776 c:\windows\Installer\6eb24e.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\185edbca.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\185edbc2.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\185edbba.msp
+ 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-01-08 05:56 . 2011-09-29 15:01 47369160 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 68856]
"enots"="c:\program files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe" [2006-11-05 2289919]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-19 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"enots"="c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe" [2006-11-05 2289919]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQ
wAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUA VQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANQA
zADgAMwA3ADUAMAA5ADkALQBUADUALQBLAFYAMw ArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFMAV AAxAC
sAMgAtAEYAUAA5ACsANgAtAEIAQQBSADkATwArA DEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABP ADMANg
ArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AM QAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0A MgArA
DEALQBEAEQAVAArADUAOQA3ADAANwAtAEQARAA5 ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwA xAA&prod=90&ver=9.0.901" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-20 7168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"vtfonouchgduhrdehfhkTaskMgr"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 MpKsl835fca01;MpKsl835fca01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys [?]
R1 MpKsld66538a4;MpKsld66538a4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\MpKsld66538a4.sys [9/29/2011 11:10 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/4/2009 2:33 AM 136360]
S1 aitvlgmq;aitvlgmq;\??\c:\windows\system32\drivers\aitvlgmq.sys --> c:\windows\system32\drivers\aitvlgmq.sys [?]
S1 csgcdngj;csgcdngj;\??\c:\windows\system32\drivers\csgcdngj.sys --> c:\windows\system32\drivers\csgcdngj.sys [?]
S1 fzbjjxqk;fzbjjxqk;\??\c:\windows\system32\drivers\fzbjjxqk.sys --> c:\windows\system32\drivers\fzbjjxqk.sys [?]
S1 jicuygtu;jicuygtu;\??\c:\windows\system32\drivers\jicuygtu.sys --> c:\windows\system32\drivers\jicuygtu.sys [?]
S1 MpKsl0821a7de;MpKsl0821a7de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl0821a7de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl0821a7de.sys [?]
S1 MpKsl0e44e987;MpKsl0e44e987;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09C1F489-DBEF-4352-A225-327C77F845E2}\MpKsl0e44e987.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09C1F489-DBEF-4352-A225-327C77F845E2}\MpKsl0e44e987.sys [?]
S1 MpKsl0e57dffb;MpKsl0e57dffb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAA1A41-0C55-446D-8853-5C8722EDA63B}\MpKsl0e57dffb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAA1A41-0C55-446D-8853-5C8722EDA63B}\MpKsl0e57dffb.sys [?]
S1 MpKsl3be578e8;MpKsl3be578e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{463C4246-A0AF-43B8-A4E5-C4CD9CD8E8ED}\MpKsl3be578e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{463C4246-A0AF-43B8-A4E5-C4CD9CD8E8ED}\MpKsl3be578e8.sys [?]
S1 MpKsl6df5701a;MpKsl6df5701a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{435A1F7B-FE54-4BAA-9D61-863F37589058}\MpKsl6df5701a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{435A1F7B-FE54-4BAA-9D61-863F37589058}\MpKsl6df5701a.sys [?]
S1 MpKsl730d167e;MpKsl730d167e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl730d167e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl730d167e.sys [?]
S1 MpKsl96e84b25;MpKsl96e84b25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67AFFD6F-4CF9-4D19-9A09-C2E89137EAB5}\MpKsl96e84b25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67AFFD6F-4CF9-4D19-9A09-C2E89137EAB5}\MpKsl96e84b25.sys [?]
S1 MpKsla4feba4a;MpKsla4feba4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsla4feba4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsla4feba4a.sys [?]
S1 MpKsla63cd1ca;MpKsla63cd1ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B70390B-FEB2-4387-888D-F71AEE6FB829}\MpKsla63cd1ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B70390B-FEB2-4387-888D-F71AEE6FB829}\MpKsla63cd1ca.sys [?]
S1 MpKslb471e789;MpKslb471e789;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{088CDD4C-6C34-4750-A77E-CACB5704BF78}\MpKslb471e789.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{088CDD4C-6C34-4750-A77E-CACB5704BF78}\MpKslb471e789.sys [?]
S1 MpKslbd20a6ce;MpKslbd20a6ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F179367E-C9BB-4931-9C2F-37E8D4508FC3}\MpKslbd20a6ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F179367E-C9BB-4931-9C2F-37E8D4508FC3}\MpKslbd20a6ce.sys [?]
S1 MpKslcb1ffcb3;MpKslcb1ffcb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E268F040-C521-4F01-8DEB-689C60CCE460}\MpKslcb1ffcb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E268F040-C521-4F01-8DEB-689C60CCE460}\MpKslcb1ffcb3.sys [?]
S1 MpKslf03d2df7;MpKslf03d2df7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77B75F8B-7061-4B4D-9DF9-102D8BDCE7BA}\MpKslf03d2df7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77B75F8B-7061-4B4D-9DF9-102D8BDCE7BA}\MpKslf03d2df7.sys [?]
S1 MpKslfc685657;MpKslfc685657;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64AD3157-275D-4585-A345-0213513504B1}\MpKslfc685657.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64AD3157-275D-4585-A345-0213513504B1}\MpKslfc685657.sys [?]
S1 pmirdaoq;pmirdaoq;\??\c:\windows\system32\drivers\pmirdaoq.sys --> c:\windows\system32\drivers\pmirdaoq.sys [?]
S1 qlupagro;qlupagro;\??\c:\windows\system32\drivers\qlupagro.sys --> c:\windows\system32\drivers\qlupagro.sys [?]
S1 rdjnrndg;rdjnrndg;\??\c:\windows\system32\drivers\rdjnrndg.sys --> c:\windows\system32\drivers\rdjnrndg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:11 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/20/2007 5:01 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:11 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MPKSLD66538A4
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\TERESA\Application Data\Mozilla\Firefox\Profiles\o8k8dx0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'winlogon.exe'(160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-09-29 18:05:10
ComboFix-quarantined-files.txt 2011-09-29 22:05
ComboFix2.txt 2011-07-11 15:37
ComboFix3.txt 2011-02-04 07:42
.
Pre-Run: 58,928,177,152 bytes free
Post-Run: 59,266,224,128 bytes free
.
- - End Of File - - B4FDBD52425DC4FDBB12AF4D69F6CB00
-
sorry Dave. I didnt run SysProt. That was an old file-log from a previous run. I just had saved in same folder and posted for you to see. I am following only your directs
-
Results of screen317's Security Check version 0.99.19
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
GTOneCare
Microsoft Security Essentials
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Privacy and Registry Cleaner
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
Java(TM) 6 Update 27
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox ((3.6.23)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
-
Wow! That was fast. How's your computer running now?
I still see two AV's running on your computer; Avira AntiVir Personal and Microsoft Security Essentials. One will have to be disabled.
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner, Privacy and Registry Cleaner and Wise Registry Cleaner 5.9.4
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
***************************************************
* Download the following tool: RootRepeal - Rootkit Detector (http://rootrepeal.googlepages.com/)
* Direct download link is here: RootRepeal.zip (http://rootrepeal.googlepages.com/RootRepeal.zip)
* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of such programs and how to disable them.
* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
-
ok. will do tonite. yeah, I had already run the new COmboFix figuring that you'd want to see it.
-
everthing is running great by the way..and printer seems to be fine now. Do you still want me to run the RootRepeal? I have not tried shutting down and rebooting and this was when that TR/Keylogger.qme would pop up.
-
Do you still want me to run the RootRepeal? I have not tried shutting down and rebooting and this was when that TR/Keylogger.qme would pop up.
Yes please. I would like to see the log.
Re-run MBAM:
Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
-
ok. copy
-
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/10/04 15:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF74C4000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2069376 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9908000 Size: 138496 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF747C000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBF48D000 Size: 290816 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C44000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7B77000 Size: 6144 File Visible: - Signed: -
Status: -
Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA9667000 Size: 94208 File Visible: - Signed: -
Status: -
Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA97D6000 Size: 159744 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B6F000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A03000 Size: 12288 File Visible: - Signed: -
Status: -
Name: catchme.sys
Image Path: C:\DOCUME~1\TERESA\LOCALS~1\Temp\catchme.sys
Address: 0xF7973000 Size: 31744 File Visible: No Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7743000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF77E3000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7633000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7623000 Size: 36352 File Visible: - Signed: -
Status: -
Name: DLABMFSM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABMFSM.SYS
Address: 0xF78E3000 Size: 28192 File Visible: - Signed: -
Status: -
Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xF78EB000 Size: 25568 File Visible: - Signed: -
Status: -
Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xF7B15000 Size: 6016 File Visible: - Signed: -
Status: -
Name: DLADResM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResM.SYS
Address: 0xF7C0C000 Size: 2496 File Visible: - Signed: -
Status: -
Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xA964F000 Size: 97568 File Visible: - Signed: -
Status: -
Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xF78DB000 Size: 19104 File Visible: - Signed: -
Status: -
Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xF7BA5000 Size: 7616 File Visible: - Signed: -
Status: -
Name: DLARTL_M.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Address: 0xF79AB000 Size: 21280 File Visible: - Signed: -
Status: -
Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xA95FA000 Size: 90944 File Visible: - Signed: -
Status: -
Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xA9611000 Size: 87744 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7693000 Size: 61440 File Visible: - Signed: -
Status: -
Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xF736D000 Size: 90080 File Visible: - Signed: -
Status: -
Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xF76B3000 Size: 42496 File Visible: - Signed: -
Status: -
Name: DSproct.sys
Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Address: 0xF7BAD000 Size: 4736 File Visible: - Signed: -
Status: -
Name: dsunidrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Address: 0xF7B8B000 Size: 5376 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA97BE000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B85000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF6B06000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D45000 Size: 4096 File Visible: - Signed: -
Status: -
Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xF6C66000 Size: 266240 File Visible: - Signed: -
Status: -
Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA790D000 Size: 143744 File Visible: - Signed: -
Status: -
Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA790D000 Size: 143744 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7933000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76F3000 Size: 44544 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7395000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B6D000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7494000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D1000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6C1A000 Size: 163840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF76A3000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF799B000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA9A45000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA80F4000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7AA7000 Size: 8576 File Visible: - Signed: -
Status: -
Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF73B5000 Size: 815104 File Visible: - Signed: -
Status: -
Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04E000 Size: 1720320 File Visible: - Signed: -
Status: -
Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1F2000 Size: 2732032 File Visible: - Signed: -
Status: -
Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 172032 File Visible: - Signed: -
Status: -
Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF6CBB000 Size: 5760096 File Visible: - Signed: -
Status: -
Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF77D3000 Size: 42112 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF77C3000 Size: 36352 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA97FD000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA99AB000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F3000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7953000 Size: 24576 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xA9A19000 Size: 14592 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7AF3000 Size: 8192 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6BF7000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7356000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B71000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF795B000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA9A21000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7603000 Size: 42368 File Visible: - Signed: -
Status: -
Name: MpFilter.sys
Image Path: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Address: 0xA99DE000 Size: 157696 File Visible: - Signed: -
Status: -
Name: MpKsl19561af1.sys
Image Path: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A879DE17-9E57-40C1-9300-FCB19C9319F5}\MpKsl19561af1.sys
Address: 0xF78D3000 Size: 22784 File Visible: - Signed: -
Status: -
Name: MpKsl835fca01.sys
Image Path: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys
Address: 0xF79EB000 Size: 22784 File Visible: No Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9068000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9823000 Size: 456320 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF79BB000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7833000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7AD7000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7282000 Size: 105472 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF729C000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7AC3000 Size: 10496 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA95F2000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6BE0000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7863000 Size: 40960 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76C3000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA992A000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF79C3000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF72C9000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2069376 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CD6000 Size: 2944 File Visible: - Signed: -
Status: -
Name: packet.sys
Image Path: C:\WINDOWS\system32\DRIVERS\packet.sys
Address: 0xA95F6000 Size: 12672 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF787B000 Size: 19712 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF74B3000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7BBB000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7873000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2069376 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA9A55000 Size: 147456 File Visible: - Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7B9D000 Size: 7872 File Visible: No Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6BCF000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7943000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7643000 Size: 35648 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA9A3D000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7803000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7813000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7823000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF794B000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2069376 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA98BB000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B73000 Size: 4224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF77F3000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA82F5000 Size: 49152 File Visible: No Signed: -
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA9A79000 Size: 4550656 File Visible: - Signed: -
Status: -
Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF79D3000 Size: 24576 File Visible: - Signed: -
Status: -
Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xA98E6000 Size: 139264 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7383000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA8EF8000 Size: 357888 File Visible: - Signed: -
Status: -
Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF79CB000 Size: 23040 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B19000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9442000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9952000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF793B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7843000 Size: 40704 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\WINDOWS\System32\TSDDD.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6B71000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B1D000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF792B000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7683000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6C42000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xA8540000 Size: 25856 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7923000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF79B3000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6CA7000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7613000 Size: 52352 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76E3000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78BB000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA92C5000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1859584 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1859584 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7AF5000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2069376 File Visible: - Signed: -
Status: -
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7869
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/4/2011 4:01:30 PM
mbam-log-2011-10-04 (16-01-30).txt
Scan type: Quick scan
Objects scanned: 209757
Time elapsed: 11 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
I will need to see the log from ESET.
-
ok
-
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-04 11:48:40
# local_time=2011-10-04 07:48:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 85459454 85459454 0 0
# compatibility_mode=1024 16777215 100 0 337369 337369 0 0
# compatibility_mode=1797 16775125 100 100 0 91712757 0 0
# compatibility_mode=5891 16776533 42 87 0 13694263 0 0
# compatibility_mode=8192 67108863 100 0 43640425 43640425 0 0
# scanned=64144
# found=0
# cleaned=0
# scan_time=9130
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d9aee047b2824e49b50e094c890765d8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-11 05:30:59
# local_time=2011-10-11 01:30:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 86041046 86041046 0 0
# compatibility_mode=1024 16777215 100 0 918961 918961 0 0
# compatibility_mode=1797 16775125 100 100 0 92294349 0 0
# compatibility_mode=5891 16776533 42 87 0 14275855 0 0
# compatibility_mode=8192 67108863 100 0 44222017 44222017 0 0
# scanned=65329
# found=0
# cleaned=0
# scan_time=9678
ESETSmartInstaller@High as downloader log:
all ok
-
thanks Dave!
We are still seeing this notice from avira that says "TR/Keylogger file found and then things like msmuneero.dll and other unknown .dll files popping up connected to the TR/Keyloffer announcements.
-
Please try this. Download and install MSE on your computer. Disable your Avira Anti-virus. Run a complete scan with MSE and tell if anything shows up.
Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
-
ok good deal. Will run
-
nothing found with essentials
-
Everything is running fine, no issues with internet, but when computer is shut down, and rebooted then we see the avira notice of TR/Keylogger found and this msmuneero.dll file found.
also, the printer will run sometimes and other times it will not??
-
Everything is running fine, no issues with internet, but when computer is shut down, and rebooted then we see the avira notice of TR/Keylogger found and this msmuneero.dll file found.
Disable Avira and enable MSE. Run it for a few days to see if anything shows. If nothing shows, you then have a choice of keeping Avira or MSE. Please let me know how it turns out then we can do some cleanup.
also, the printer will run sometimes and other times it will not??
You should start a new thread in the hardware forum for this problem.
-
OK. it has been running pretty much since installed. It seems that when the Combo Fix was run, that the notice at first disappeared. The other notice that appears is a file in the temp (which is not visible) is being alerted for called "ark5.dll" and is connected with the TR/Keylogger notice and the other file the "msruneero.dll" do either of these sound suspicious? esp with us not being able to find them when looking for them?
-
The other notice that appears is a file in the temp (which is not visible) is being alerted for called "ark5.dll" and is connected with the TR/Keylogger notice and the other file the "msruneero.dll" do either of these sound suspicious? esp with us not being able to find them when looking for them?
What program is giving you these warnings?
-
Avira AntiVir..shows a pop up windows that then asks if we want to remove. We select it runs thru a scan and what seems to be a removal and quarantine process. Dont see again until machine is shut down and restarted.
Cannot locate thes files in any directory that they indicate where located in that warning
-
Were you getting those warnings with MSE?
-
no nothing being picked up anywhere else or by other programs
-
It looks like a false-positive from Avira. Did you try uninstalling and re-installing Avira?
-
yes. the strange thing is that it continues to refer to a TR/Keylogger with the names of files in a source directory that we cannot find them-not visible
-
yes. the strange thing is that it continues to refer to a TR/Keylogger with the names of files in a source directory that we cannot find them-not visible
Also strange is that no other protective program is picking this up. Let's try a few rootkit scans to see if there's anything there.
Please download TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
- Note:It will also create a log in the C:\ directory.
***************************************************
Let's run a few more scans to see what turns up.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Kaspersky showed no threats but didnt create a report, when closed
-
ok, while the aswMBR scan was running, a notice popped up saying: unp259168444.tmp file found with a notification from: TR/Crypt.XPack.Gen
-
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 11:34:03
-----------------------------
11:34:03.953 OS Version: Windows 5.1.2600 Service Pack 3
11:34:03.953 Number of processors: 1 586 0x1601
11:34:03.953 ComputerName: CORNERSTONE UserName: TERESA
11:34:08.328 Initialize success
11:37:01.359 AVAST engine defs: 11110700
11:37:59.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:37:59.218 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
11:38:01.265 Disk 0 MBR read successfully
11:38:01.265 Disk 0 MBR scan
11:38:01.406 Disk 0 Windows XP default MBR code
11:38:01.421 Disk 0 scanning sectors +156232125
11:38:01.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:39:23.718 Service scanning
11:39:27.406 Service MpKsl6f2081d9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19BC5739-9468-4930-83D5-25D96BF830C7}\MpKsl6f2081d9.sys **LOCKED** 32
11:39:28.078 Modules scanning
11:39:41.812 Disk 0 trace - called modules:
11:39:41.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:39:41.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8eab8]
11:39:41.875 3 CLASSPNP.SYS[f75f3fd7] -> nt!IofCallDriver -> \Device\00000070[0x86d261c8]
11:39:41.875 5 ACPI.sys[f748a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d1f940]
11:39:43.125 AVAST engine scan C:\WINDOWS
11:40:21.906 AVAST engine scan C:\WINDOWS\system32
11:46:14.187 AVAST engine scan C:\WINDOWS\system32\drivers
11:46:42.203 AVAST engine scan C:\Documents and Settings\TERESA
11:50:07.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\MBR.dat"
11:50:08.000 The log file has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 11:34:03
-----------------------------
11:34:03.953 OS Version: Windows 5.1.2600 Service Pack 3
11:34:03.953 Number of processors: 1 586 0x1601
11:34:03.953 ComputerName: CORNERSTONE UserName: TERESA
11:34:08.328 Initialize success
11:37:01.359 AVAST engine defs: 11110700
11:37:59.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:37:59.218 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
11:38:01.265 Disk 0 MBR read successfully
11:38:01.265 Disk 0 MBR scan
11:38:01.406 Disk 0 Windows XP default MBR code
11:38:01.421 Disk 0 scanning sectors +156232125
11:38:01.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:39:23.718 Service scanning
11:39:27.406 Service MpKsl6f2081d9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19BC5739-9468-4930-83D5-25D96BF830C7}\MpKsl6f2081d9.sys **LOCKED** 32
11:39:28.078 Modules scanning
11:39:41.812 Disk 0 trace - called modules:
11:39:41.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:39:41.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8eab8]
11:39:41.875 3 CLASSPNP.SYS[f75f3fd7] -> nt!IofCallDriver -> \Device\00000070[0x86d261c8]
11:39:41.875 5 ACPI.sys[f748a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d1f940]
11:39:43.125 AVAST engine scan C:\WINDOWS
11:40:21.906 AVAST engine scan C:\WINDOWS\system32
11:46:14.187 AVAST engine scan C:\WINDOWS\system32\drivers
11:46:42.203 AVAST engine scan C:\Documents and Settings\TERESA
11:50:07.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\MBR.dat"
11:50:08.000 The log file has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\aswMBR.txt"
11:54:58.234 AVAST engine scan C:\Documents and Settings\All Users
11:56:32.625 Scan finished successfully
12:00:15.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\MBR.dat"
12:00:15.812 The log file has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\aswMBR.txt"
-
Were you able to run TDSSKiller from Reply # 37?
-
OK found the log text under C:\
see here
11:33:11.0328 2820 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
11:33:11.0640 2820 ============================================================
11:33:11.0640 2820 Current date / time: 2011/11/07 11:33:11.0640
11:33:11.0640 2820 SystemInfo:
11:33:11.0640 2820
11:33:11.0640 2820 OS Version: 5.1.2600 ServicePack: 3.0
11:33:11.0640 2820 Product type: Workstation
11:33:11.0640 2820 ComputerName: CORNERSTONE
11:33:11.0640 2820 UserName: TERESA
11:33:11.0640 2820 Windows directory: C:\WINDOWS
11:33:11.0640 2820 System windows directory: C:\WINDOWS
11:33:11.0640 2820 Processor architecture: Intel x86
11:33:11.0640 2820 Number of processors: 1
11:33:11.0640 2820 Page size: 0x1000
11:33:11.0640 2820 Boot type: Normal boot
11:33:11.0640 2820 ============================================================
11:33:14.0640 2820 Initialize success
11:33:17.0390 0624 ============================================================
11:33:17.0390 0624 Scan started
11:33:17.0390 0624 Mode: Manual;
11:33:17.0390 0624 ============================================================
11:33:18.0937 0624 Abiosdsk - ok
11:33:19.0015 0624 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:33:19.0031 0624 abp480n5 - ok
11:33:19.0109 0624 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:33:19.0109 0624 ACPI - ok
11:33:19.0187 0624 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:33:19.0187 0624 ACPIEC - ok
11:33:19.0281 0624 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:33:19.0281 0624 adpu160m - ok
11:33:19.0328 0624 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:33:19.0328 0624 aec - ok
11:33:19.0390 0624 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:33:19.0390 0624 AFD - ok
11:33:19.0453 0624 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:33:19.0453 0624 agp440 - ok
11:33:19.0484 0624 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:33:19.0484 0624 agpCPQ - ok
11:33:19.0578 0624 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:33:19.0578 0624 Aha154x - ok
11:33:19.0640 0624 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:33:19.0640 0624 aic78u2 - ok
11:33:19.0703 0624 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:33:19.0703 0624 aic78xx - ok
11:33:19.0734 0624 aitvlgmq - ok
11:33:19.0765 0624 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:33:19.0765 0624 AliIde - ok
11:33:19.0812 0624 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:33:19.0812 0624 alim1541 - ok
11:33:20.0234 0624 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:33:20.0234 0624 amdagp - ok
11:33:20.0421 0624 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:33:20.0453 0624 amsint - ok
11:33:20.0875 0624 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:33:20.0890 0624 asc - ok
11:33:21.0031 0624 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:33:21.0031 0624 asc3350p - ok
11:33:21.0093 0624 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:33:21.0093 0624 asc3550 - ok
11:33:21.0125 0624 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:33:21.0125 0624 AsyncMac - ok
11:33:21.0156 0624 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:33:21.0156 0624 atapi - ok
11:33:21.0203 0624 Atdisk - ok
11:33:21.0218 0624 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:33:21.0218 0624 Atmarpc - ok
11:33:21.0281 0624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:33:21.0281 0624 audstub - ok
11:33:21.0328 0624 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:33:21.0328 0624 avgntflt - ok
11:33:21.0375 0624 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:33:21.0375 0624 avipbb - ok
11:33:21.0421 0624 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:33:21.0453 0624 avkmgr - ok
11:33:21.0625 0624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:33:21.0640 0624 Beep - ok
11:33:21.0781 0624 catchme - ok
11:33:21.0859 0624 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:33:21.0859 0624 cbidf - ok
11:33:21.0859 0624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:33:21.0859 0624 cbidf2k - ok
11:33:21.0921 0624 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:33:21.0921 0624 cd20xrnt - ok
11:33:22.0062 0624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:33:22.0062 0624 Cdaudio - ok
11:33:22.0078 0624 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:33:22.0078 0624 Cdfs - ok
11:33:22.0093 0624 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:33:22.0093 0624 Cdrom - ok
11:33:22.0109 0624 Changer - ok
11:33:22.0171 0624 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:33:22.0171 0624 CmdIde - ok
11:33:22.0187 0624 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:33:22.0187 0624 Cpqarray - ok
11:33:22.0203 0624 csgcdngj - ok
11:33:22.0234 0624 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:33:22.0234 0624 dac2w2k - ok
11:33:22.0265 0624 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:33:22.0265 0624 dac960nt - ok
11:33:22.0359 0624 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:33:22.0359 0624 Disk - ok
11:33:22.0437 0624 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
11:33:22.0437 0624 DLABMFSM - ok
11:33:22.0453 0624 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:33:22.0453 0624 DLABOIOM - ok
11:33:22.0515 0624 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:33:22.0515 0624 DLACDBHM - ok
11:33:22.0515 0624 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
11:33:22.0531 0624 DLADResM - ok
11:33:22.0531 0624 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:33:22.0531 0624 DLAIFS_M - ok
11:33:22.0546 0624 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:33:22.0546 0624 DLAOPIOM - ok
11:33:22.0562 0624 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:33:22.0562 0624 DLAPoolM - ok
11:33:22.0562 0624 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:33:22.0562 0624 DLARTL_M - ok
11:33:22.0578 0624 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:33:22.0578 0624 DLAUDFAM - ok
11:33:22.0593 0624 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:33:22.0593 0624 DLAUDF_M - ok
11:33:22.0687 0624 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:33:22.0687 0624 dmboot - ok
11:33:22.0703 0624 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:33:22.0718 0624 dmio - ok
11:33:22.0781 0624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:33:22.0781 0624 dmload - ok
11:33:23.0078 0624 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:33:23.0078 0624 DMusic - ok
11:33:23.0109 0624 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:33:23.0109 0624 dpti2o - ok
11:33:23.0140 0624 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:33:23.0140 0624 drmkaud - ok
11:33:23.0156 0624 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:33:23.0156 0624 DRVMCDB - ok
11:33:23.0171 0624 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:33:23.0171 0624 DRVNDDM - ok
11:33:23.0296 0624 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:33:23.0296 0624 DSproct - ok
11:33:23.0343 0624 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
11:33:23.0343 0624 dsunidrv - ok
11:33:23.0390 0624 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:33:23.0390 0624 E100B - ok
11:33:23.0437 0624 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:33:23.0437 0624 e1express - ok
11:33:23.0484 0624 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:33:23.0484 0624 Fastfat - ok
11:33:23.0500 0624 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:33:23.0500 0624 Fdc - ok
11:33:23.0515 0624 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:33:23.0515 0624 Fips - ok
11:33:23.0546 0624 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:33:23.0546 0624 Flpydisk - ok
11:33:23.0578 0624 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:33:23.0593 0624 FltMgr - ok
11:33:23.0640 0624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:33:23.0640 0624 Fs_Rec - ok
11:33:23.0640 0624 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:33:23.0640 0624 Ftdisk - ok
11:33:23.0656 0624 fzbjjxqk - ok
11:33:23.0671 0624 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:33:23.0671 0624 Gpc - ok
11:33:23.0687 0624 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:33:23.0687 0624 HDAudBus - ok
11:33:23.0687 0624 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:33:23.0687 0624 HidUsb - ok
11:33:23.0718 0624 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:33:23.0718 0624 hpn - ok
11:33:23.0781 0624 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:33:23.0781 0624 HTTP - ok
11:33:23.0875 0624 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:33:23.0875 0624 i2omgmt - ok
11:33:23.0937 0624 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:33:23.0937 0624 i2omp - ok
11:33:24.0031 0624 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:33:24.0031 0624 i8042prt - ok
11:33:24.0250 0624 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:33:24.0296 0624 ialm - ok
11:33:24.0328 0624 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
11:33:24.0328 0624 iaStor - ok
11:33:24.0343 0624 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:33:24.0343 0624 Imapi - ok
11:33:24.0375 0624 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:33:24.0375 0624 ini910u - ok
11:33:24.0531 0624 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:33:24.0562 0624 IntcAzAudAddService - ok
11:33:24.0593 0624 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:33:24.0593 0624 IntelIde - ok
11:33:24.0656 0624 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:33:24.0656 0624 intelppm - ok
11:33:24.0703 0624 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:33:24.0703 0624 Ip6Fw - ok
11:33:24.0718 0624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:33:24.0718 0624 IpFilterDriver - ok
11:33:24.0734 0624 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:33:24.0734 0624 IpInIp - ok
11:33:24.0796 0624 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:33:24.0796 0624 IpNat - ok
11:33:24.0812 0624 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:33:24.0812 0624 IPSec - ok
11:33:24.0859 0624 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:33:24.0859 0624 IRENUM - ok
11:33:24.0875 0624 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:33:24.0875 0624 isapnp - ok
11:33:24.0875 0624 jicuygtu - ok
11:33:24.0953 0624 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:33:24.0953 0624 Kbdclass - ok
11:33:24.0968 0624 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:33:24.0968 0624 kbdhid - ok
11:33:25.0015 0624 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:33:25.0015 0624 kmixer - ok
11:33:25.0046 0624 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:33:25.0046 0624 KSecDD - ok
11:33:25.0046 0624 lbrtfdc - ok
11:33:25.0062 0624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:33:25.0062 0624 mnmdd - ok
11:33:25.0109 0624 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:33:25.0109 0624 Modem - ok
11:33:25.0140 0624 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:33:25.0140 0624 Mouclass - ok
11:33:25.0187 0624 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:33:25.0187 0624 mouhid - ok
11:33:25.0187 0624 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:33:25.0187 0624 MountMgr - ok
11:33:25.0265 0624 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:33:25.0265 0624 MpFilter - ok
11:33:25.0390 0624 MpKsl0821a7de - ok
11:33:25.0390 0624 MpKsl0e44e987 - ok
11:33:25.0390 0624 MpKsl0e57dffb - ok
11:33:25.0390 0624 MpKsl3be578e8 - ok
11:33:25.0390 0624 MpKsl6df5701a - ok
11:33:25.0437 0624 MpKsl6f2081d9 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19BC5739-9468-4930-83D5-25D96BF830C7}\MpKsl6f2081d9.sys
11:33:25.0437 0624 MpKsl6f2081d9 - ok
11:33:25.0437 0624 MpKsl730d167e - ok
11:33:25.0453 0624 MpKsl96e84b25 - ok
11:33:25.0453 0624 MpKsla4feba4a - ok
11:33:25.0453 0624 MpKsla63cd1ca - ok
11:33:25.0453 0624 MpKslb471e789 - ok
11:33:25.0453 0624 MpKslbd20a6ce - ok
11:33:25.0453 0624 MpKslcb1ffcb3 - ok
11:33:25.0468 0624 MpKslf03d2df7 - ok
11:33:25.0468 0624 MpKslfc685657 - ok
11:33:25.0531 0624 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:33:25.0531 0624 mraid35x - ok
11:33:25.0562 0624 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:33:25.0562 0624 MRxDAV - ok
11:33:25.0640 0624 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:33:25.0640 0624 MRxSmb - ok
11:33:25.0656 0624 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:33:25.0656 0624 Msfs - ok
11:33:25.0671 0624 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:33:25.0671 0624 MSKSSRV - ok
11:33:25.0687 0624 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:33:25.0687 0624 MSPCLOCK - ok
11:33:25.0703 0624 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:33:25.0703 0624 MSPQM - ok
11:33:25.0750 0624 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:33:25.0750 0624 mssmbios - ok
11:33:25.0765 0624 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:33:25.0781 0624 Mup - ok
11:33:25.0781 0624 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:33:25.0781 0624 NDIS - ok
11:33:25.0828 0624 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:33:25.0828 0624 NdisTapi - ok
11:33:25.0859 0624 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:33:25.0859 0624 Ndisuio - ok
11:33:25.0875 0624 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:33:25.0875 0624 NdisWan - ok
11:33:25.0968 0624 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:33:25.0968 0624 NDProxy - ok
11:33:26.0046 0624 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:33:26.0046 0624 NetBIOS - ok
11:33:26.0109 0624 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:33:26.0109 0624 NetBT - ok
11:33:26.0171 0624 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:33:26.0171 0624 Npfs - ok
11:33:26.0234 0624 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:33:26.0234 0624 Ntfs - ok
11:33:26.0265 0624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:33:26.0265 0624 Null - ok
11:33:26.0390 0624 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:33:26.0406 0624 nv - ok
11:33:26.0437 0624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:33:26.0437 0624 NwlnkFlt - ok
11:33:26.0453 0624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:33:26.0453 0624 NwlnkFwd - ok
11:33:26.0546 0624 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
11:33:26.0546 0624 Packet - ok
11:33:26.0593 0624 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:33:26.0609 0624 Parport - ok
11:33:26.0609 0624 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:33:26.0609 0624 PartMgr - ok
11:33:26.0640 0624 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:33:26.0640 0624 ParVdm - ok
11:33:26.0671 0624 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:33:26.0671 0624 PCI - ok
11:33:26.0671 0624 PCIDump - ok
11:33:26.0703 0624 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:33:26.0703 0624 PCIIde - ok
11:33:26.0734 0624 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:33:26.0734 0624 Pcmcia - ok
11:33:26.0750 0624 PDCOMP - ok
11:33:26.0750 0624 PDFRAME - ok
11:33:26.0750 0624 PDRELI - ok
11:33:26.0765 0624 PDRFRAME - ok
11:33:26.0781 0624 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:33:26.0781 0624 perc2 - ok
11:33:26.0859 0624 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:33:26.0859 0624 perc2hib - ok
11:33:26.0859 0624 pmirdaoq - ok
11:33:26.0921 0624 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:33:26.0921 0624 PptpMiniport - ok
11:33:26.0921 0624 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:33:26.0921 0624 PSched - ok
11:33:26.0937 0624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:33:26.0937 0624 Ptilink - ok
11:33:26.0984 0624 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:33:27.0000 0624 PxHelp20 - ok
11:33:27.0031 0624 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:33:27.0031 0624 ql1080 - ok
11:33:27.0046 0624 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:33:27.0046 0624 Ql10wnt - ok
11:33:27.0046 0624 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:33:27.0046 0624 ql12160 - ok
11:33:27.0062 0624 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:33:27.0062 0624 ql1240 - ok
11:33:27.0062 0624 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:33:27.0062 0624 ql1280 - ok
11:33:27.0078 0624 qlupagro - ok
11:33:27.0093 0624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:33:27.0093 0624 RasAcd - ok
11:33:27.0109 0624 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:33:27.0109 0624 Rasl2tp - ok
11:33:27.0109 0624 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:33:27.0125 0624 RasPppoe - ok
11:33:27.0140 0624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:33:27.0140 0624 Raspti - ok
11:33:27.0156 0624 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:33:27.0156 0624 Rdbss - ok
11:33:27.0156 0624 rdjnrndg - ok
11:33:27.0171 0624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:33:27.0171 0624 RDPCDD - ok
11:33:27.0203 0624 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:33:27.0203 0624 rdpdr - ok
11:33:27.0265 0624 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:33:27.0265 0624 RDPWD - ok
11:33:27.0312 0624 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:33:27.0312 0624 redbook - ok
11:33:27.0468 0624 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:33:27.0468 0624 SASDIFSV - ok
11:33:27.0484 0624 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:33:27.0484 0624 SASKUTIL - ok
11:33:27.0500 0624 SDDMI2 - ok
11:33:27.0531 0624 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:33:27.0531 0624 Secdrv - ok
11:33:27.0562 0624 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:33:27.0562 0624 serenum - ok
11:33:27.0593 0624 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:33:27.0593 0624 Serial - ok
11:33:27.0609 0624 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:33:27.0609 0624 Sfloppy - ok
11:33:27.0609 0624 Simbad - ok
11:33:27.0656 0624 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:33:27.0656 0624 sisagp - ok
11:33:27.0718 0624 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:33:27.0718 0624 Sparrow - ok
11:33:27.0750 0624 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:33:27.0750 0624 splitter - ok
11:33:27.0781 0624 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:33:27.0781 0624 sr - ok
11:33:27.0828 0624 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:33:27.0843 0624 Srv - ok
11:33:27.0875 0624 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:33:27.0875 0624 ssmdrv - ok
11:33:27.0890 0624 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:33:27.0890 0624 swenum - ok
11:33:27.0968 0624 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:33:27.0968 0624 swmidi - ok
11:33:28.0015 0624 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:33:28.0015 0624 symc810 - ok
11:33:28.0046 0624 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:33:28.0046 0624 symc8xx - ok
11:33:28.0046 0624 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:33:28.0046 0624 sym_hi - ok
11:33:28.0062 0624 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:33:28.0062 0624 sym_u3 - ok
11:33:28.0078 0624 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:33:28.0078 0624 sysaudio - ok
11:33:28.0140 0624 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:33:28.0156 0624 Tcpip - ok
11:33:28.0171 0624 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:33:28.0171 0624 TDPIPE - ok
11:33:28.0203 0624 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:33:28.0218 0624 TDTCP - ok
11:33:28.0234 0624 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:33:28.0234 0624 TermDD - ok
11:33:28.0281 0624 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:33:28.0281 0624 TosIde - ok
11:33:28.0312 0624 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:33:28.0312 0624 Udfs - ok
11:33:28.0609 0624 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:33:28.0609 0624 ultra - ok
11:33:28.0656 0624 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:33:28.0671 0624 Update - ok
11:33:28.0703 0624 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:33:28.0703 0624 usbehci - ok
11:33:28.0718 0624 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:33:28.0718 0624 usbhub - ok
11:33:28.0765 0624 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:33:28.0765 0624 usbprint - ok
11:33:28.0828 0624 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:33:28.0828 0624 usbscan - ok
11:33:29.0125 0624 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:33:29.0125 0624 USBSTOR - ok
11:33:29.0171 0624 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:33:29.0171 0624 usbuhci - ok
11:33:29.0187 0624 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:33:29.0187 0624 VgaSave - ok
11:33:29.0218 0624 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:33:29.0218 0624 viaagp - ok
11:33:29.0265 0624 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:33:29.0265 0624 ViaIde - ok
11:33:29.0328 0624 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:33:29.0328 0624 VolSnap - ok
11:33:29.0390 0624 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:33:29.0390 0624 Wanarp - ok
11:33:29.0406 0624 wanatw - ok
11:33:29.0406 0624 WDICA - ok
11:33:29.0421 0624 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:33:29.0437 0624 wdmaud - ok
11:33:29.0500 0624 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:33:29.0515 0624 WpdUsb - ok
11:33:29.0546 0624 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:33:29.0687 0624 \Device\Harddisk0\DR0 - ok
11:33:29.0687 0624 Boot (0x1200) (6e6ae64fed308109edb06ab1eeee5deb) \Device\Harddisk0\DR0\Partition0
11:33:29.0703 0624 \Device\Harddisk0\DR0\Partition0 - ok
11:33:29.0703 0624 ============================================================
11:33:29.0703 0624 Scan finished
11:33:29.0703 0624 ============================================================
11:33:29.0718 3276 Detected object count: 0
11:33:29.0718 3276 Actual detected object count: 0
11:33:33.0218 3296 Deinitialize success
-
What is this?
unp259168444.tmp file
TR/Crypt.XPack.Gen
-
Please update and run another scan with SAS and post the log.
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
-
Done. It seems to not be appearing now when computer is restarted-rebooted. Looking for log from this scan in order to post
-
I don't think there's any log from that. Please give it a few days and then come back and we'll so some cleanup.
-
ok. Heres what is popping up now EXP/Pdfka.OG with some kind of ARC5 file in the temp folder.
?????
-
ok. Heres what is popping up now EXP/Pdfka.OG with some kind of ARC5 file in the temp folder.
Did you get a warning about that or did you just find it?
-
yes....Avira is picking this thing up. any ideas?
-
Avira is picking this thing up. any ideas?
It's probably a false positive. Enable MSE and disable Avira as your AV and try that for a while.
-
ok. When I looked this up, it seemed to be common problem that some other were seeing and required a clean/scan. is there such a thing to run?
-
When I looked this up, it seemed to be common problem that some other were seeing and required a clean/scan. is there such a thing to run?
Nothing has turned up in all the scans we've run. There's one more thing we can try.
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Look through the list and let me know if anything was found infected.
-
thanks dave. Ok will do. yeah, Security Essentials keeps popping notice of infected files found and then runs a clean/scan. this is combined with the AVIRA giving notices of the EXP/Pdfka.OG virus? and then an ARC5.dll file being found. it then runs its short scan each time. We were seeing this before but with a different named virus earlier, which seemed to disappear after something we had done that you told me to run. I am going back to read those notes know
-
Security Essentials keeps popping notice of infected files found and then runs a clean/scan. this is combined with the AVIRA giving notices of the EXP/Pdfka.OG virus?
You should not have two AV programs running at any time on your computer. It can cause conflicts.
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
ok will do. Just to let you know, I ran a Microsoft security Essentials scan and then ran the TLC by Old Timer again since you had told me to do this first time around, followed by Combo Fix. Scan showed zero issues/infections, TLC cleaned out stuff and then ComboFIx deleted several files and fixed a Win32 system? file. I restarted and nothing is poping up now. miracle. what do you think?
-
That looks good. If there are no other issues, we can do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
thank you--ok. last quick question, for some reason now the printer a HP 6MP, will not print and it was doing fine before I ran combofix 2nd time. any thoughts. tried reinstalling driver,etc. but continues to give error. thanks again for all the help here.
-
Try re-installing the printer.
-
ok. did that yesterday and it seems to continue rejecting in ERROR. saw this early on when that TR/Keylogger was popping up all the time
-
Try posting a thread in the hardware forum for the printer.
-
ok thanks alot for all of your help! You have been great ---Merry Christmas
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. Happy Holidays.