Author Topic: unable to get rid of adware and spyware (Read 21376 times)

Dr Jay · « **Reply #15 on:** July 11, 2010, 11:10:47 PM »

Try to double click on it. See what happens.

underscore04 · « **Reply #16 on:** July 12, 2010, 01:39:10 PM »

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtClose, Type: Address change 0x8056EA8D-->F6444618 [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80577A7A-->F64444D4 [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80596A23-->F64449B2 [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057E299-->F64440AC [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x80578BF6-->F776DDA4 [spwp.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x8058F4B7-->F776E132 [spwp.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80571B19-->F64445AE [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057964C-->F6443FEC [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x805B13C6-->F6444050 [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x805787F6-->F776E20A [spwp.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80571E8B-->F64446CE [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8065349E-->F644468E [E:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x805792AB-->F644480E [E:\WINDOWS\System32\Drivers\aswSP.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x847C4660 [4] System
0x8422BB08 [292] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software, avast! service GUI component)
0x8427F728 [304] E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc., Java(TM) Platform SE binary)
0x841EB4E0 [320] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd, CTSysVol.exe)
0x8422BDA0 [324] E:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x842ECB08 [368] E:\Program Files\DivX\DivX Update\DivXUpdate.exe (-, DivX Update)
0x84203218 [376] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis, Acronis True Image Monitor)
0x837E0DA0 [388] E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis, Acronis Scheduler Helper)
0x837FC1A0 [460] E:\WINDOWS\soundman.exe (Realtek Semiconductor Corp., Realtek Sound Manager)
0x8456C1C8 [468] E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation, Windows Messenger)
0x83595610 [732] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd, CTSysVol.exe)
0x8384D020 [804] E:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x83855020 [864] E:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8381C020 [888] E:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x842721A8 [932] E:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x842524D8 [948] E:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8456B390 [980] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x833DCA30 [1068] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd, DAEMON Tools Lite)
0x8456A5D0 [1108] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x841EF350 [1160] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8387C020 [1212] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83403020 [1328] E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x83811630 [1356] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8443B390 [1388] E:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x84282020 [1464] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84503588 [1572] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x844DE020 [1644] E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software, avast! Antivirus updating service)
0x84581560 [1696] E:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software, avast! antivirus service)
0x8351ADA0 [1872] E:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc., Java(TM) Update Checker)
0x8329F020 [1932] E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc., Java(TM) Platform SE binary)
0x836B7628 [1936] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis, Acronis True Image Monitor)
0x8426B828 [1972] E:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x835C5D48 [1984] E:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x842798C8 [2096] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83821258 [2128] E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis, Acronis Scheduler 2)
0x8421A680 [2164] E:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis, File Level CDP Manager Service)
0x8382E538 [2220] E:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x84247870 [2292] E:\WINDOWS\system32\lxducoms.exe ( , Printer Communication System)
0x834EE258 [2428] E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis, Acronis Scheduler Helper)
0x842CDAD8 [2464] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x833C2020 [2724] E:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x834035C8 [2824] E:\Program Files\DivX\DivX Update\DivXUpdate.exe (-, DivX Update)
0x838B6DA0 [3028] E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software, avast! e-Mail Scanner Service)
0x83780538 [3180] E:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software, avast! Web Scanner)
0x831D03D8 [3284] E:\Documents and Settings\admin\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\HoTJUF07cudA.exe (UG North, RKULE, SR2 Normandy)
0x835AC5C8 [3444] E:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x834715C8 [3560] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software, avast! service GUI component)
0x835B1020 [3604] E:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation, Internet Explorer)
0x838F5BE8 [3684] E:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x832D8020 [3692] E:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x832E6020 [3772] E:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x831D95B0 [4028] E:\WINDOWS\soundman.exe (Realtek Semiconductor Corp., Realtek Sound Manager)
==============================================
>Drivers
==============================================
0xF69F1000 E:\WINDOWS\system32\drivers\ALCXWDM.SYS 3731456 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 E:\WINDOWS\system32\ntoskrnl.exe 2252800 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2252800 bytes
0x804D7000 RAW 2252800 bytes
0x804D7000 WMIxWDM 2252800 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 E:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6879000 E:\WINDOWS\system32\drivers\P17.sys 1392640 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF7754000 PCI_PNP9490 995328 bytes
0xF7754000 sptd 995328 bytes
0xF7754000 spwp.sys 995328 bytes
0xF7434000 tdrpm258.sys 905216 bytes (Acronis, Acronis Try&Decide Volume Filter Driver)
0xF75CB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7511000 timntr.sys 577536 bytes (Acronis, Acronis Backup Archive Explorer)
0xF647B000 E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6643000 E:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF557F000 E:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 E:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF51CE000 E:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF67EA000 E:\WINDOWS\System32\Drivers\aokckd4f.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF675D000 E:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF6791000 E:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6849000 E:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF770E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF572D000 E:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF759E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF64EA000 E:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF503C000 E:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF655A000 E:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF740D000 snapman.sys 159744 bytes (Acronis, Acronis Snapshot API)
0xF56B7000 E:\WINDOWS\system32\DRIVERS\afcdp.sys 155648 bytes (Acronis, File Level CDP Kernel Helper)
0xF6823000 E:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF76B8000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF69CD000 E:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6DB7000 E:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6D94000 E:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6538000 E:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6516000 E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF6582000 E:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FD000 ACPI_HAL 134400 bytes
0x806FD000 E:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7681000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF76DE000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF73F2000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF55D6000 E:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys 102400 bytes
0xF76A0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6424000 E:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF773C000 E:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF643C000 E:\WINDOWS\System32\Drivers\aswSP.SYS 94208 bytes (ALWIL Software, avast! self protection module)
0xF7658000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF67D3000 E:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF6DDA000 E:\WINDOWS\System32\Drivers\AnyDVD.sys 90112 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xF5F66000 E:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF5989000 E:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6D80000 E:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF66CE000 E:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF669B000 E:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 E:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF766F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF76FD000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF67C2000 E:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF79B8000 E:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7A98000 E:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7A68000 E:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6E00000 E:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A88000 E:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7868000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7A58000 E:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF5B16000 E:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6E40000 E:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7878000 E:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7A48000 E:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF78C8000 E:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7A78000 E:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7AC8000 E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF78A8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7AB8000 E:\WINDOWS\system32\DRIVERS\vrtaucbl.sys 53248 bytes (Eugene V. Muzychenko, Kernel-mode WDM driver)
0xF6E70000 E:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7928000 E:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A38000 E:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7898000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7AD8000 E:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF78E8000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF6E50000 E:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6E60000 E:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF6E20000 E:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF78B8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7938000 E:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A28000 E:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7888000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6E80000 E:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6DF0000 E:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF532F000 E:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF78D8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6E10000 E:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C38000 E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7BC8000 E:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7C50000 E:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7C68000 E:\WINDOWS\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF7AE8000 E:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7C48000 E:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7C58000 E:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C60000 E:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7BD0000 E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7BB8000 E:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BE8000 E:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7BE0000 E:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF7BA8000 E:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7BC0000 E:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AF0000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B90000 E:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B98000 E:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B88000 E:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7C40000 E:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7C18000 E:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF53A7000 E:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF737A000 E:\WINDOWS\System32\drivers\mapledxp.SYS 16384 bytes (Jeff Hurchalla and Marble Sound, Marble Sound Maple XP midi driver)
0xF73B2000 E:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF6150000 E:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF735E000 E:\WINDOWS\system32\DRIVERS\NetMotCM.sys 16384 bytes (Motorola Inc., Motorola USB Cable Modem NDIS 5.0 Driver)
0xF725D000 E:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C78000 E:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF6702000 E:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF50000 E:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF7D60000 E:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7376000 E:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBF012000 E:\WINDOWS\System32\TSDDD.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF7DBA000 E:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7DDA000 E:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D6E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7E00000 E:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7DB8000 E:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xF7DD8000 E:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D68000 E:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DDC000 E:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D80000 E:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DDE000 E:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DD2000 E:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DD4000 E:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D6C000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D6A000 E:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7EC0000 E:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7F9B000 E:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F32000 E:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E30000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8458B1F8 unknown_irp_handler 3592 bytes
0x847671F8 unknown_irp_handler 3592 bytes
0x847D71F8 unknown_irp_handler 3592 bytes
0x844781F8 unknown_irp_handler 3592 bytes
0x847681F8 unknown_irp_handler 3592 bytes
0x844371F8 unknown_irp_handler 3592 bytes
0x838B71F8 unknown_irp_handler 3592 bytes
0x844611F8 unknown_irp_handler 3592 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [E:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9F4, Type: Inline - RelativeJump 0x804E49F4-->804E49F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB50, Type: Inline - RelativeJump 0x804E4B50-->804E4B4F [ntoskrnl.exe]
[1620]IEXPLORE.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00401030-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401034-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A8-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13EC-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A4-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D4128C-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D41248-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D41158-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D41290-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x771B124C-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->wininet.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x771B1214-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x771B122C-->00000000 [aclayers.dll]
[1620]IEXPLORE.EXE-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB115C-->00000000 [shimeng.dll]
[1620]IEXPLORE.EXE-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB1168-->00000000 [aclayers.dll]
[932]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[932]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Dr Jay · « **Reply #17 on:** July 13, 2010, 10:35:51 PM »

Please download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in your C:\ drive.
Please post the contents of that log.

underscore04 · « **Reply #18 on:** July 13, 2010, 11:52:46 PM »

it created a log in my e drive and i dont think scanned c anyway here's the log:

01:50:47:140 4980   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
01:50:47:140 4980   ================================================================================
01:50:47:140 4980   SystemInfo:

01:50:47:140 4980   OS Version: 5.1.2600 ServicePack: 2.0
01:50:47:140 4980   Product type: Workstation
01:50:47:140 4980   ComputerName: D-8F697A69D6C14
01:50:47:140 4980   UserName: admin
01:50:47:140 4980   Windows directory: E:\WINDOWS
01:50:47:140 4980   System windows directory: E:\WINDOWS
01:50:47:140 4980   Processor architecture: Intel x86
01:50:47:140 4980   Number of processors: 2
01:50:47:140 4980   Page size: 0x1000
01:50:47:156 4980   Boot type: Normal boot
01:50:47:156 4980   ================================================================================
01:50:48:031 4980   Initialize success
01:50:48:031 4980
01:50:48:031 4980   Scanning   Services ...
01:50:48:375 4980   Raw services enum returned 354 services
01:50:48:375 4980
01:50:48:375 4980   Scanning   Drivers ...
01:50:49:093 4980   61883 (86d7b1e70661d754685b9ac6d749aae5) E:\WINDOWS\system32\DRIVERS\61883.sys
01:50:49:140 4980   Aavmker4 (b36c2d3a46078f4a278386f5c974564d) E:\WINDOWS\system32\drivers\Aavmker4.sys
01:50:49:187 4980   ACPI (a10c7534f7223f4a73a948967d00e69b) E:\WINDOWS\system32\DRIVERS\ACPI.sys
01:50:49:218 4980   ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
01:50:49:265 4980   aec (841f385c6cfaf66b58fbd898722bb4f0) E:\WINDOWS\system32\drivers\aec.sys
01:50:49:296 4980   afcdp (4fa0ca536dab995baf48bd41b4e2ed00) E:\WINDOWS\system32\DRIVERS\afcdp.sys
01:50:49:343 4980   AFD (55e6e1c51b6d30e54335750955453702) E:\WINDOWS\System32\drivers\afd.sys
01:50:49:515 4980   ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) E:\WINDOWS\system32\drivers\ALCXWDM.SYS
01:50:49:640 4980   AnyDVD (ad2c7fe8b68e4d5be17f20ea5f395623) E:\WINDOWS\system32\Drivers\AnyDVD.sys
01:50:49:718 4980   Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
01:50:49:812 4980   aswFsBlk (976e2ad5a62044629c2de2ca8563722a) E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
01:50:49:859 4980   aswMon2 (c298f660fd9a91b0fb24c0aa26ae09ac) E:\WINDOWS\system32\drivers\aswMon2.sys
01:50:49:875 4980   aswRdr (d78653e357bfadb9a432aa1f66d50269) E:\WINDOWS\system32\drivers\aswRdr.sys
01:50:49:906 4980   aswSP (17c4f06944b90944291cf7fb18d630c2) E:\WINDOWS\system32\drivers\aswSP.sys
01:50:49:921 4980   aswTdi (c33510a1866806fd9c17f5d36b4db6a6) E:\WINDOWS\system32\drivers\aswTdi.sys
01:50:49:968 4980   AsyncMac (02000abf34af4c218c35d257024807d6) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:50:49:984 4980   atapi (cdfe4411a69c224bd1d11b2da92dac51) E:\WINDOWS\system32\DRIVERS\atapi.sys
01:50:50:031 4980   Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:50:50:062 4980   audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
01:50:50:093 4980   Avc (87c223adb8f7596b31caae3c67b16ddd) E:\WINDOWS\system32\DRIVERS\avc.sys
01:50:50:125 4980   Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
01:50:50:156 4980   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
01:50:50:187 4980   CCDECODE (6163ed60b684bab19d3352ab22fc48b2) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:50:50:218 4980   Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
01:50:50:250 4980   Cdfs (cd7d5152df32b47f4e36f710b35aae02) E:\WINDOWS\system32\drivers\Cdfs.sys
01:50:50:296 4980   Cdrom (af9c19b3100fe010496b1a27181fbf72) E:\WINDOWS\system32\DRIVERS\cdrom.sys
01:50:50:375 4980   ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) E:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
01:50:50:421 4980   Disk (00ca44e4534865f8a3b64f7c0984bff0) E:\WINDOWS\system32\DRIVERS\disk.sys
01:50:50:515 4980   dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) E:\WINDOWS\system32\drivers\dmboot.sys
01:50:50:578 4980   dmio (f5e7b358a732d09f4bcf2824b88b9e28) E:\WINDOWS\system32\DRIVERS\dmio.sys
01:50:50:593 4980   dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
01:50:50:625 4980   DMusic (a6f881284ac1150e37d9ae47ff601267) E:\WINDOWS\system32\drivers\DMusic.sys
01:50:50:687 4980   drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) E:\WINDOWS\system32\drivers\drmkaud.sys
01:50:50:718 4980   ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) E:\WINDOWS\system32\Drivers\ElbyCDIO.sys
01:50:50:734 4980   ElbyDelay (e205c313417da6fa7afe85912a310a65) E:\WINDOWS\system32\Drivers\ElbyDelay.sys
01:50:50:781 4980   EuMusDesignVirtualAudioCableWdm (b27707bce98cb02eac9be5967096e75a) E:\WINDOWS\system32\DRIVERS\vrtaucbl.sys
01:50:50:828 4980   ezplay (73e701e0fa4d2fc7d22efceff276c50a) E:\WINDOWS\system32\Drivers\ezplay.sys
01:50:50:890 4980   Fastfat (3117f595e9615e04f05a54fc15a03b20) E:\WINDOWS\system32\drivers\Fastfat.sys
01:50:50:921 4980   Fdc (ced2e8396a8838e59d8fd529c680e02c) E:\WINDOWS\system32\DRIVERS\fdc.sys
01:50:50:953 4980   FETNDIS (e9648254056bce81a85380c0c3647dc4) E:\WINDOWS\system32\DRIVERS\fetnd5.sys
01:50:50:984 4980   Fips (e153ab8a11de5452bcf5ac7652dbf3ed) E:\WINDOWS\system32\drivers\Fips.sys
01:50:51:000 4980   Flpydisk (0dd1de43115b93f4d85e889d7a86f548) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:50:51:046 4980   FltMgr (157754f0df355a9e0a6f54721914f9c6) E:\WINDOWS\system32\drivers\fltmgr.sys
01:50:51:078 4980   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
01:50:51:093 4980   Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:50:51:109 4980   Gpc (c0f1d4a21de5a415df8170616703debf) E:\WINDOWS\system32\DRIVERS\msgpc.sys
01:50:51:171 4980   HidUsb (1de6783b918f540149aa69943bdfeba8) E:\WINDOWS\system32\DRIVERS\hidusb.sys
01:50:51:218 4980   HTTP (9f8b0f4276f618964fd118be4289b7cd) E:\WINDOWS\system32\Drivers\HTTP.sys
01:50:51:312 4980   i8042prt (5502b58eef7486ee6f93f3f164dcb808) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:50:51:343 4980   Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) E:\WINDOWS\system32\DRIVERS\imapi.sys
01:50:51:437 4980   intelppm (279fb78702454dff2bb445f238c048d2) E:\WINDOWS\system32\DRIVERS\intelppm.sys
01:50:51:484 4980   Ip6Fw (4448006b6bc60e6c027932cfc38d6855) E:\WINDOWS\system32\drivers\ip6fw.sys
01:50:51:515 4980   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:50:51:562 4980   IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) E:\WINDOWS\system32\DRIVERS\ipinip.sys
01:50:51:593 4980   ipMIDI (670edc19d5963a77cb37cf5ad0ab5a5b) E:\WINDOWS\system32\drivers\ipmidi.sys
01:50:51:609 4980   IpNat (b5a8e215ac29d24d60b4d1250ef05ace) E:\WINDOWS\system32\DRIVERS\ipnat.sys
01:50:51:671 4980   IPSec (64537aa5c003a6afeee1df819062d0d1) E:\WINDOWS\system32\DRIVERS\ipsec.sys
01:50:51:703 4980   IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) E:\WINDOWS\system32\DRIVERS\irenum.sys
01:50:51:750 4980   isapnp (e504f706ccb699c2596e9a3da1596e87) E:\WINDOWS\system32\DRIVERS\isapnp.sys
01:50:51:781 4980   Kbdclass (ebdee8a2ee5393890a1acee971c4c246) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:50:51:812 4980   klmd23 (316353165feba3d0538eaa9c2f60c5b7) E:\WINDOWS\system32\drivers\klmd.sys
01:50:51:859 4980   kmixer (d93cad07c5683db066b0b2d2d3790ead) E:\WINDOWS\system32\drivers\kmixer.sys
01:50:51:890 4980   KSecDD (674d3e5a593475915dc6643317192403) E:\WINDOWS\system32\drivers\KSecDD.sys
01:50:51:968 4980   LF30FS (10e0d92e5b21c045e0a53befb71dc09d) E:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys
01:50:52:000 4980   mapledxp (71fb2c9d23e62d42f7a8af56e5dd8414) E:\WINDOWS\System32\drivers\mapledxp.SYS
01:50:52:031 4980   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
01:50:52:078 4980   Modem (6fc6f9d7acc36dca9b914565a3aeda05) E:\WINDOWS\system32\drivers\Modem.sys
01:50:52:109 4980   Mouclass (34e1f0031153e491910e12551400192c) E:\WINDOWS\system32\DRIVERS\mouclass.sys
01:50:52:140 4980   MountMgr (65653f3b4477f3c63e68a9659f85ee2e) E:\WINDOWS\system32\drivers\MountMgr.sys
01:50:52:187 4980   MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) E:\WINDOWS\system32\DRIVERS\mr97310c.sys
01:50:52:234 4980   MRxDAV (46edcc8f2db2f322c24f48785cb46366) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:50:52:296 4980   MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:50:52:453 4980   MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) E:\WINDOWS\system32\DRIVERS\msdv.sys
01:50:52:578 4980   Msfs (561b3a4333ca2dbdba28b5b956822519) E:\WINDOWS\system32\drivers\Msfs.sys
01:50:52:625 4980   MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) E:\WINDOWS\system32\drivers\MSKSSRV.sys
01:50:52:671 4980   MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:50:52:703 4980   MSPQM (1988a33ff19242576c3d0ef9ce785da7) E:\WINDOWS\system32\drivers\MSPQM.sys
01:50:52:734 4980   mssmbios (469541f8bfd2b32659d5d463a6714bce) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:50:52:750 4980   MSTEE (bf13612142995096ab084f2db7f40f77) E:\WINDOWS\system32\drivers\MSTEE.sys
01:50:52:796 4980   MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys
01:50:52:828 4980   Mup (82035e0f41c2dd05ae41d27fe6cf7de1) E:\WINDOWS\system32\drivers\Mup.sys
01:50:52:859 4980   NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:50:52:890 4980   NDIS (558635d3af1c7546d26067d5d9b6959e) E:\WINDOWS\system32\drivers\NDIS.sys
01:50:52:921 4980   ndiscm (b797ee2ef919c95561dee78b72b33e5b) E:\WINDOWS\system32\DRIVERS\NetMotCM.sys
01:50:52:953 4980   NdisIP (520ce427a8b298f54112857bcf6bde15) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:50:53:000 4980   NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:50:53:031 4980   Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:50:53:062 4980   NdisWan (0b90e255a9490166ab368cd55a529893) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:50:53:093 4980   NDProxy (59fc3fb44d2669bc144fd87826bb571f) E:\WINDOWS\system32\drivers\NDProxy.sys
01:50:53:109 4980   NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) E:\WINDOWS\system32\DRIVERS\netbios.sys
01:50:53:156 4980   NetBT (0c80e410cd2f47134407ee7dd19cc86b) E:\WINDOWS\system32\DRIVERS\netbt.sys
01:50:53:203 4980   NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) E:\WINDOWS\system32\DRIVERS\nic1394.sys
01:50:53:218 4980   Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) E:\WINDOWS\system32\drivers\Npfs.sys
01:50:53:265 4980   Ntfs (b78be402c3f63dd55521f73876951cdd) E:\WINDOWS\system32\drivers\Ntfs.sys
01:50:53:312 4980   Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
01:50:53:343 4980   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:50:53:359 4980   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:50:53:406 4980   ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:50:53:453 4980   ossrv (103a9b117a7d9903111955cdafe65ac6) E:\WINDOWS\system32\DRIVERS\ctoss2k.sys
01:50:53:500 4980   P17 (1db419cb76493f6292ccfbdc3466f5ff) E:\WINDOWS\system32\drivers\P17.sys
01:50:53:593 4980   Parport (29744eb4ce659dfe3b4122deb45bc478) E:\WINDOWS\system32\DRIVERS\parport.sys
01:50:53:625 4980   PartMgr (3334430c29dc338092f79c38ef7b4cd0) E:\WINDOWS\system32\drivers\PartMgr.sys
01:50:53:656 4980   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
01:50:53:687 4980   pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
01:50:53:734 4980   PCI (8086d9979234b603ad5bc2f5d890b234) E:\WINDOWS\system32\DRIVERS\pci.sys
01:50:53:765 4980   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
01:50:53:828 4980   Pcmcia (82a087207decec8456fbe8537947d579) E:\WINDOWS\system32\drivers\Pcmcia.sys
01:50:53:875 4980   pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys
01:50:54:000 4980   PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) E:\WINDOWS\system32\DRIVERS\raspptp.sys
01:50:54:031 4980   PSched (48671f327553dcf1d27f6197f622a668) E:\WINDOWS\system32\DRIVERS\psched.sys
01:50:54:062 4980   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
01:50:54:093 4980   PxHelp20 (d86b4a68565e444d76457f14172c875a) E:\WINDOWS\system32\Drivers\PxHelp20.sys
01:50:54:187 4980   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
01:50:54:218 4980   Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:50:54:265 4980   RasPppoe (7306eeed8895454cbed4669be9f79faa) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:50:54:281 4980   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
01:50:54:328 4980   Rdbss (29d66245adba878fff574cd66abd2884) E:\WINDOWS\system32\DRIVERS\rdbss.sys
01:50:54:343 4980   RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:50:54:406 4980   rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:50:54:468 4980   RDPWD (d4f5643d7714ef499ae9527fdcd50894) E:\WINDOWS\system32\drivers\RDPWD.sys
01:50:54:500 4980   redbook (b31b4588e4086d8d84adbf9845c2402b) E:\WINDOWS\system32\DRIVERS\redbook.sys
01:50:54:578 4980   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:50:54:609 4980   SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:50:54:640 4980   Secdrv (d26e26ea516450af9d072635c60387f4) E:\WINDOWS\system32\DRIVERS\secdrv.sys
01:50:54:703 4980   serenum (a2d868aeeff612e70e213c451a70cafb) E:\WINDOWS\system32\DRIVERS\serenum.sys
01:50:54:718 4980   Serial (cd9404d115a00d249f70a371b46d5a26) E:\WINDOWS\system32\DRIVERS\serial.sys
01:50:54:750 4980   Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) E:\WINDOWS\system32\drivers\Sfloppy.sys
01:50:54:796 4980   SLIP (5caeed86821fa2c6139e32e9e05ccdc9) E:\WINDOWS\system32\DRIVERS\SLIP.sys
01:50:54:843 4980   snapman (4f7ed0c2f594f1b8e9cafab21eb86126) E:\WINDOWS\system32\DRIVERS\snapman.sys
01:50:54:890 4980   SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
01:50:54:937 4980   splitter (8e186b8f23295d1e42c573b82b80d548) E:\WINDOWS\system32\drivers\splitter.sys
01:50:54:984 4980   sptd (cdddec541bc3c96f91ecb48759673505) E:\WINDOWS\system32\Drivers\sptd.sys
01:50:55:000 4980   Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
01:50:55:062 4980   sr (e41b6d037d6cd08461470af04500dc24) E:\WINDOWS\system32\DRIVERS\sr.sys
01:50:55:109 4980   Srv (7a4f147cc6b133f905f6e65e2f8669fb) E:\WINDOWS\system32\DRIVERS\srv.sys
01:50:55:156 4980   streamip (284c57df5dc7abca656bc2b96a667afb) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:50:55:187 4980   swenum (03c1bae4766e2450219d20b993d6e046) E:\WINDOWS\system32\DRIVERS\swenum.sys
01:50:55:234 4980   swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) E:\WINDOWS\system32\drivers\swmidi.sys
01:50:55:296 4980   sysaudio (650ad082d46bac0e64c9c0e0928492fd) E:\WINDOWS\system32\drivers\sysaudio.sys
01:50:55:328 4980   tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) E:\WINDOWS\system32\DRIVERS\tapvpn.sys
01:50:55:390 4980   Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) E:\WINDOWS\system32\DRIVERS\tcpip.sys
01:50:55:421 4980   TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) E:\WINDOWS\system32\drivers\TDPIPE.sys
01:50:55:500 4980   tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) E:\WINDOWS\system32\DRIVERS\tdrpm258.sys
01:50:55:578 4980   TDTCP (ed0580af02502d00ad8c4c066b156be9) E:\WINDOWS\system32\drivers\TDTCP.sys
01:50:55:609 4980   TermDD (a540a99c281d933f3d69d55e48727f47) E:\WINDOWS\system32\DRIVERS\termdd.sys
01:50:55:671 4980   timounter (3e06987fedbcdfbff8e85ef8108565f9) E:\WINDOWS\system32\DRIVERS\timntr.sys
01:50:55:734 4980   uagp35 (49c805d42d75eddc9b6a7130999c9054) E:\WINDOWS\system32\DRIVERS\uagp35.sys
01:50:55:781 4980   Udfs (12f70256f140cd7d52c58c7048fde657) E:\WINDOWS\system32\drivers\Udfs.sys
01:50:55:843 4980   Update (aff2e5045961bbc0a602bb6f95eb1345) E:\WINDOWS\system32\DRIVERS\update.sys
01:50:55:859 4980   usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:50:55:921 4980   usbehci (15e993ba2f6946b2bfbbfcd30398621e) E:\WINDOWS\system32\DRIVERS\usbehci.sys
01:50:55:968 4980   usbhub (c72f40947f92cea56a8fb532edf025f1) E:\WINDOWS\system32\DRIVERS\usbhub.sys
01:50:56:015 4980   usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) E:\WINDOWS\system32\DRIVERS\usbprint.sys
01:50:56:031 4980   usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) E:\WINDOWS\system32\DRIVERS\usbscan.sys
01:50:56:078 4980   USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:50:56:109 4980   usbuhci (f8fd1400092e23c8f2f31406ef06167b) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:50:56:156 4980   VgaSave (8a60edd72b4ea5aea8202daf0e427925) E:\WINDOWS\System32\drivers\vga.sys
01:50:56:218 4980   ViaIde (59cb1338ad3654417bea49636457f65d) E:\WINDOWS\system32\DRIVERS\viaide.sys
01:50:56:250 4980   VolSnap (ee4660083deba849ff6c485d944b379b) E:\WINDOWS\system32\drivers\VolSnap.sys
01:50:56:281 4980   Wanarp (984ef0b9788abf89974cfed4bfbaacbc) E:\WINDOWS\system32\DRIVERS\wanarp.sys
01:50:56:359 4980   wdmaud (2797f33ebf50466020c430ee4f037933) E:\WINDOWS\system32\drivers\wdmaud.sys
01:50:56:390 4980   WSTCODEC (d5842484f05e12121c511aa93f6439ec) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:50:56:421 4980   WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:50:56:437 4980   WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:50:56:437 4980
01:50:56:437 4980   Completed
01:50:56:453 4980
01:50:56:453 4980   Results:
01:50:56:453 4980   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
01:50:56:453 4980   File objects infected / cured / cured on reboot:   0 / 0 / 0
01:50:56:453 4980
01:50:56:453 4980   KLMD(ARK) unloaded successfully

Dr Jay · « **Reply #19 on:** July 14, 2010, 01:26:02 PM »

Try to re-run ComboFix and post a log, please.

underscore04 · « **Reply #20 on:** July 14, 2010, 08:44:29 PM »

ComboFix 10-07-14.01 - admin 07/14/2010 22:36:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.624 [GMT -4:00]
Running from: e:\documents and settings\admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100714-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-12 00:14 . 2010-07-12 00:14   --------   d-----w-   e:\documents and settings\All Users\Application Data\IK Multimedia
2010-07-11 18:52 . 2010-07-11 18:57   --------   d-----w-   e:\program files\7-Zip
2010-07-11 01:33 . 2010-07-11 01:33   --------   d-----w-   e:\documents and settings\admin\Application Data\TH1
2010-07-10 15:42 . 2010-07-10 15:42   --------   d-----w-   e:\program files\MSXML 6.0
2010-07-09 04:44 . 2010-07-09 04:44   --------   d-----w-   e:\documents and settings\admin\TruePianos Settings
2010-07-09 04:43 . 2010-07-09 04:43   --------   d-----w-   e:\documents and settings\admin\Application Data\Cakewalk
2010-07-08 00:19 . 2010-07-08 00:19   --------   d-----w-   e:\program files\ESET
2010-07-07 20:44 . 2010-07-07 20:44   --------   d-----w-   e:\documents and settings\Shelley\Application Data\Malwarebytes
2010-07-07 19:20 . 2010-07-07 19:20   --------   d-----w-   e:\documents and settings\admin\Application Data\Malwarebytes
2010-07-07 19:19 . 2010-04-29 19:39   38224   ----a-w-   e:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 19:19 . 2010-07-07 19:20   --------   d-----w-   e:\program files\Malwarebytes' Anti-Malware
2010-07-07 19:19 . 2010-07-07 19:19   --------   d-----w-   e:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-07 19:19 . 2010-04-29 19:39   20952   ----a-w-   e:\windows\system32\drivers\mbam.sys
2010-07-07 17:25 . 2010-07-07 17:25   --------   d-----w-   e:\windows\system32\CatRoot_bak
2010-07-07 17:23 . 2008-06-13 13:10   272128   -c----w-   e:\windows\system32\dllcache\bthport.sys
2010-07-07 17:22 . 2010-02-24 12:31   454016   -c----w-   e:\windows\system32\dllcache\mrxsmb.sys
2010-07-07 17:20 . 2010-02-16 13:17   2137088   -c----w-   e:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-07 17:20 . 2010-02-16 13:19   2181376   -c----w-   e:\windows\system32\dllcache\ntoskrnl.exe
2010-07-07 17:20 . 2010-02-16 12:39   2016768   -c----w-   e:\windows\system32\dllcache\ntkrpamp.exe
2010-07-07 17:20 . 2010-02-16 12:39   2058368   -c----w-   e:\windows\system32\dllcache\ntkrnlpa.exe
2010-07-06 21:25 . 2010-07-06 21:25   --------   d-----w-   e:\program files\Common Files\DigiDesign
2010-07-06 21:25 . 2010-07-06 21:25   --------   d-----w-   e:\documents and settings\admin\Application Data\InstallShield
2010-07-06 20:49 . 2010-07-06 20:50   --------   d-----w-   e:\documents and settings\admin\Application Data\Propellerhead Software
2010-07-06 18:38 . 2010-07-06 18:38   --------   d-----w-   e:\program files\MusicLab
2010-07-06 18:33 . 2010-07-06 18:33   --------   d-----w-   e:\program files\DAEMON Tools Toolbar
2010-07-06 18:32 . 2010-07-06 18:38   --------   d-----w-   e:\documents and settings\admin\Application Data\DAEMON Tools Lite
2010-07-06 18:32 . 2010-07-06 18:32   --------   d-----w-   e:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-06 05:29 . 2004-08-04 12:00   14848   -c--a-w-   e:\windows\system32\dllcache\register.exe
2010-07-06 05:28 . 2004-08-04 12:00   10129408   -c--a-w-   e:\windows\system32\dllcache\hwxkor.dll
2010-07-06 05:27 . 2004-08-04 12:00   29184   -c--a-w-   e:\windows\system32\dllcache\asptxn.dll
2010-07-06 05:25 . 2004-08-04 12:00   16384   -c--a-w-   e:\windows\system32\dllcache\isignup.exe
2010-07-06 05:18 . 2001-08-17 16:13   27165   ----a-w-   e:\windows\system32\drivers\fetnd5.sys
2010-07-06 05:10 . 2004-08-04 12:00   24661   -c--a-w-   e:\windows\system32\dllcache\spxcoins.dll
2010-07-06 05:10 . 2004-08-04 12:00   24661   ----a-w-   e:\windows\system32\spxcoins.dll
2010-07-06 05:10 . 2004-08-04 12:00   13312   -c--a-w-   e:\windows\system32\dllcache\irclass.dll
2010-07-06 05:10 . 2004-08-04 12:00   13312   ----a-w-   e:\windows\system32\irclass.dll
2010-07-06 05:09 . 2010-07-06 05:09   --------   d-s---w-   e:\windows\system32\config\systemprofile\History
2010-07-04 04:18 . 2010-07-06 18:30   --------   d-----w-   e:\documents and settings\admin\Application Data\DAEMON Tools
2010-07-04 00:19 . 2010-07-04 00:19   160704   ----a-w-   e:\windows\system32\drivers\afcdp.sys
2010-07-04 00:19 . 2010-07-04 00:19   911680   ----a-w-   e:\windows\system32\drivers\tdrpm258.sys
2010-07-04 00:18 . 2010-07-04 00:19   581984   ----a-w-   e:\windows\system32\drivers\timntr.sys
2010-07-04 00:18 . 2010-07-04 00:18   166272   ----a-w-   e:\windows\system32\drivers\snapman.sys
2010-07-04 00:18 . 2010-07-04 00:19   --------   d-----w-   e:\program files\Common Files\Acronis
2010-07-04 00:18 . 2010-07-04 00:18   --------   d-----w-   e:\program files\Acronis
2010-07-03 00:22 . 2010-07-03 00:22   --------   d--h--w-   e:\windows\PIF
2010-07-01 22:21 . 2010-07-01 22:21   63488   ----a-w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-01 22:21 . 2010-07-01 22:21   52224   ----a-w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-01 22:21 . 2010-07-01 22:21   117760   ----a-w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 22:20 . 2010-07-01 22:20   --------   d-----w-   e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-01 22:20 . 2010-07-01 22:20   --------   d-----w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
2010-07-01 22:20 . 2010-07-01 22:20   --------   d-----w-   e:\program files\SUPERAntiSpyware
2010-06-30 06:26 . 2010-06-30 06:26   --------   d-----w-   e:\documents and settings\David\TruePianos Settings
2010-06-30 06:25 . 2010-06-30 06:26   --------   d-----w-   E:\Cakewalk Projects
2010-06-30 06:25 . 2010-06-30 06:25   --------   d-----w-   e:\documents and settings\David\Application Data\Cakewalk
2010-06-30 00:25 . 2010-07-09 04:16   36624   ----a-w-   e:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 00:18 . 2010-06-30 00:27   --------   d-----w-   e:\program files\Antares
2010-06-28 18:15 . 2010-06-28 18:15   --------   d-----w-   e:\program files\Xvid
2010-06-28 18:15 . 2009-06-07 20:24   180224   ----a-w-   e:\windows\system32\xvidvfw.dll
2010-06-28 18:15 . 2009-06-07 20:16   819200   ----a-w-   e:\windows\system32\xvidcore.dll
2010-06-27 19:18 . 2010-06-27 19:38   --------   d-----w-   e:\documents and settings\admin\Application Data\vlc
2010-06-27 18:08 . 2010-06-27 18:08   --------   d-----w-   e:\documents and settings\admin\Local Settings\Application Data\Ahead
2010-06-25 21:05 . 2010-06-25 21:06   --------   d-----w-   e:\documents and settings\admin\Application Data\Vso
2010-06-25 21:05 . 2010-06-25 21:05   47360   ----a-w-   e:\documents and settings\admin\Application Data\pcouffin.sys
2010-06-25 21:05 . 2010-02-09 19:37   65602   ----a-w-   e:\windows\system32\cook3260.dll
2010-06-25 21:05 . 2010-02-09 19:37   626688   ----a-w-   e:\windows\system32\vp7vfw.dll
2010-06-25 21:05 . 2010-02-09 19:37   217127   ----a-w-   e:\windows\system32\drv43260.dll
2010-06-25 21:05 . 2010-02-09 19:37   208935   ----a-w-   e:\windows\system32\drv33260.dll
2010-06-25 21:05 . 2010-02-09 19:37   176165   ----a-w-   e:\windows\system32\drv23260.dll
2010-06-25 21:05 . 2010-02-09 19:37   1184984   ----a-w-   e:\windows\system32\wvc1dmod.dll
2010-06-25 21:05 . 2010-02-09 19:37   102439   ----a-w-   e:\windows\system32\sipr3260.dll
2010-06-23 17:19 . 2010-06-23 17:19   --------   d-----w-   e:\documents and settings\admin\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 23:03 . 2007-04-01 15:15   664   ----a-w-   e:\windows\system32\d3d9caps.dat
2010-07-12 01:25 . 2009-05-07 03:09   48   ----a-w-   e:\windows\msocreg32.dat
2010-07-12 00:15 . 2007-03-02 20:27   --------   d--h--w-   e:\program files\InstallShield Installation Information
2010-07-11 01:31 . 2008-09-11 17:47   --------   d-----w-   e:\documents and settings\admin\Application Data\uTorrent
2010-07-10 00:01 . 2007-03-02 17:20   36624   ----a-w-   e:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 21:27 . 2009-05-07 03:05   --------   d-----w-   e:\program files\IK Multimedia
2010-07-06 18:33 . 2007-12-31 03:40   --------   d-----w-   e:\program files\DAEMON Tools Lite
2010-07-06 18:33 . 2007-12-31 03:37   691696   ----a-w-   e:\windows\system32\drivers\sptd.sys
2010-07-06 05:41 . 2007-12-31 03:40   --------   d-----w-   e:\documents and settings\David\Application Data\DAEMON Tools
2010-07-06 05:24 . 2007-03-02 18:20   22720   ----a-w-   e:\windows\system32\emptyregdb.dat
2010-06-30 00:18 . 2007-11-07 04:31   --------   d-----w-   e:\program files\Digidesign
2010-06-29 23:18 . 2008-11-20 01:43   --------   d-----w-   e:\program files\WIDI
2010-06-25 21:05 . 2007-10-12 17:50   47360   ----a-w-   e:\windows\system32\drivers\pcouffin.sys
2010-06-25 21:05 . 2007-10-12 17:50   --------   d-----w-   e:\program files\VSO
2010-06-20 17:22 . 2007-06-16 02:57   --------   d-----w-   e:\documents and settings\Shelley\Application Data\uTorrent
2010-06-17 01:30 . 2008-01-17 23:09   --------   d-----w-   e:\program files\uTorrent
2010-06-14 14:30 . 2007-03-02 18:20   743936   ----a-w-   e:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:48 . 2010-06-14 03:46   536   ---ha-w-   E:\os252866.bin
2010-06-06 05:59 . 2008-08-23 01:10   --------   d-----w-   e:\program files\Microsoft Silverlight
2010-06-06 03:45 . 2007-05-13 17:02   36176   ----a-w-   e:\documents and settings\Shelley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-01 22:46 . 2010-06-01 22:46   --------   d-----w-   e:\documents and settings\David\Application Data\Mozilla-Cache
2010-05-27 22:40 . 2009-04-16 00:07   --------   d-----w-   e:\program files\PokerStars
2010-05-27 20:11 . 2010-03-29 02:53   --------   d-----w-   e:\documents and settings\David\Application Data\OpenOffice.org2
2010-05-02 05:56 . 2004-08-04 12:00   1850880   ----a-w-   e:\windows\system32\win32k.sys
2010-04-20 05:51 . 2004-08-04 12:00   285696   ----a-w-   e:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2004-08-04 12:00   662016   ----a-w-   e:\windows\system32\wininet.dll
2010-04-16 15:36 . 2004-08-04 12:00   81920   ----a-w-   e:\windows\system32\ieencode.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   e:\program files\mozilla firefox\plugins\ssldivx.dll
2007-09-16 01:22 . 2007-09-16 01:20   24   --sh--w-   e:\windows\S8A42E3D0.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"CTSysVol"="e:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="e:\program files\QT Lite\QTTask.exe" [2009-09-05 417792]
"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]

e:\documents and settings\David\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   e:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=mapledxp.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Documents and Settings\\David\\Desktop\\utorrent150.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"e:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\WINDOWS\\system32\\lxducoms.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);e:\windows\system32\drivers\tdrpm258.sys [7/3/2010 8:19 PM 911680]
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [9/14/2008 6:41 PM 78416]
R1 mapledxp;mapledxp;e:\windows\system32\drivers\mapledxp.sys [10/10/2007 1:12 PM 24720]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;e:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [7/3/2010 8:19 PM 2480048]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [9/14/2008 6:41 PM 20560]
R2 LF30FS;LF30FS;e:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [11/19/2004 7:07 PM 101488]
R2 lxdu_device;lxdu_device;e:\windows\system32\lxducoms.exe -service --> e:\windows\system32\lxducoms.exe -service [?]
R3 afcdp;afcdp;e:\windows\system32\drivers\afcdp.sys [7/3/2010 8:19 PM 160704]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\drivers\vrtaucbl.sys [5/8/2009 2:53 PM 50944]
S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);e:\windows\system32\drivers\ipmidi.sys [4/5/2010 12:14 PM 18688]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [12/30/2007 11:37 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - e:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - e:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\o7ubg68l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: e:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: e:\program files\Java\jre6\bin\npjpi160_11.dll
FF - plugin: e:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 22:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset]
@DACL=(02 0000)
@="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_0_0_0.html"
"Contents"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_0_0_0.html"
"ExportToDVD"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_19_2_0.html"
"HowToUse"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\0_0_0_0.html"
"Keyboard"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_21_0_0.html"
"Search"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com/support/products/premiere.html"
"Search"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
e:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-07-14 22:44:40
ComboFix-quarantined-files.txt 2010-07-15 02:44

Pre-Run: 10,307,870,720 bytes free
Post-Run: 10,348,974,080 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - B34734EDE0279286724B620D0B8C9246

Dr Jay · « **Reply #21 on:** July 15, 2010, 01:58:13 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

Code: [Select]

File::
e:\windows\S8A42E3D0.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

underscore04 · « **Reply #22 on:** July 15, 2010, 05:24:35 PM »

ComboFix 10-07-14.01 - admin 07/15/2010 18:59:26.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.632 [GMT -4:00]
Running from: e:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\admin\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 100715-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"e:\windows\S8A42E3D0.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\S8A42E3D0.tmp . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-12 00:14 . 2010-07-12 00:14   --------   d-----w-   e:\documents and settings\All Users\Application Data\IK Multimedia
2010-07-11 18:52 . 2010-07-11 18:57   --------   d-----w-   e:\program files\7-Zip
2010-07-11 01:33 . 2010-07-11 01:33   --------   d-----w-   e:\documents and settings\admin\Application Data\TH1
2010-07-10 15:42 . 2010-07-10 15:42   --------   d-----w-   e:\program files\MSXML 6.0
2010-07-09 04:44 . 2010-07-09 04:44   --------   d-----w-   e:\documents and settings\admin\TruePianos Settings
2010-07-09 04:43 . 2010-07-09 04:43   --------   d-----w-   e:\documents and settings\admin\Application Data\Cakewalk
2010-07-08 00:19 . 2010-07-08 00:19   --------   d-----w-   e:\program files\ESET
2010-07-07 20:44 . 2010-07-07 20:44   --------   d-----w-   e:\documents and settings\Shelley\Application Data\Malwarebytes
2010-07-07 19:20 . 2010-07-07 19:20   --------   d-----w-   e:\documents and settings\admin\Application Data\Malwarebytes
2010-07-07 19:19 . 2010-04-29 19:39   38224   ----a-w-   e:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 19:19 . 2010-07-07 19:20   --------   d-----w-   e:\program files\Malwarebytes' Anti-Malware
2010-07-07 19:19 . 2010-07-07 19:19   --------   d-----w-   e:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-07 19:19 . 2010-04-29 19:39   20952   ----a-w-   e:\windows\system32\drivers\mbam.sys
2010-07-07 17:25 . 2010-07-07 17:25   --------   d-----w-   e:\windows\system32\CatRoot_bak
2010-07-07 17:23 . 2008-06-13 13:10   272128   -c----w-   e:\windows\system32\dllcache\bthport.sys
2010-07-07 17:22 . 2010-02-24 12:31   454016   -c----w-   e:\windows\system32\dllcache\mrxsmb.sys
2010-07-07 17:20 . 2010-02-16 13:17   2137088   -c----w-   e:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-07 17:20 . 2010-02-16 13:19   2181376   -c----w-   e:\windows\system32\dllcache\ntoskrnl.exe
2010-07-07 17:20 . 2010-02-16 12:39   2016768   -c----w-   e:\windows\system32\dllcache\ntkrpamp.exe
2010-07-07 17:20 . 2010-02-16 12:39   2058368   -c----w-   e:\windows\system32\dllcache\ntkrnlpa.exe
2010-07-06 21:25 . 2010-07-06 21:25   --------   d-----w-   e:\program files\Common Files\DigiDesign
2010-07-06 21:25 . 2010-07-06 21:25   --------   d-----w-   e:\documents and settings\admin\Application Data\InstallShield
2010-07-06 20:49 . 2010-07-06 20:50   --------   d-----w-   e:\documents and settings\admin\Application Data\Propellerhead Software
2010-07-06 18:38 . 2010-07-06 18:38   --------   d-----w-   e:\program files\MusicLab
2010-07-06 18:33 . 2010-07-06 18:33   --------   d-----w-   e:\program files\DAEMON Tools Toolbar
2010-07-06 18:32 . 2010-07-06 18:38   --------   d-----w-   e:\documents and settings\admin\Application Data\DAEMON Tools Lite
2010-07-06 18:32 . 2010-07-06 18:32   --------   d-----w-   e:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-06 05:29 . 2004-08-04 12:00   14848   -c--a-w-   e:\windows\system32\dllcache\register.exe
2010-07-06 05:28 . 2004-08-04 12:00   10129408   -c--a-w-   e:\windows\system32\dllcache\hwxkor.dll
2010-07-06 05:27 . 2004-08-04 12:00   29184   -c--a-w-   e:\windows\system32\dllcache\asptxn.dll
2010-07-06 05:25 . 2004-08-04 12:00   16384   -c--a-w-   e:\windows\system32\dllcache\isignup.exe
2010-07-06 05:18 . 2001-08-17 16:13   27165   ----a-w-   e:\windows\system32\drivers\fetnd5.sys
2010-07-06 05:10 . 2004-08-04 12:00   24661   -c--a-w-   e:\windows\system32\dllcache\spxcoins.dll
2010-07-06 05:10 . 2004-08-04 12:00   24661   ----a-w-   e:\windows\system32\spxcoins.dll
2010-07-06 05:10 . 2004-08-04 12:00   13312   -c--a-w-   e:\windows\system32\dllcache\irclass.dll
2010-07-06 05:10 . 2004-08-04 12:00   13312   ----a-w-   e:\windows\system32\irclass.dll
2010-07-06 05:09 . 2010-07-06 05:09   --------   d-s---w-   e:\windows\system32\config\systemprofile\History
2010-07-04 04:18 . 2010-07-06 18:30   --------   d-----w-   e:\documents and settings\admin\Application Data\DAEMON Tools
2010-07-04 00:19 . 2010-07-04 00:19   160704   ----a-w-   e:\windows\system32\drivers\afcdp.sys
2010-07-04 00:19 . 2010-07-04 00:19   911680   ----a-w-   e:\windows\system32\drivers\tdrpm258.sys
2010-07-04 00:18 . 2010-07-04 00:19   581984   ----a-w-   e:\windows\system32\drivers\timntr.sys
2010-07-04 00:18 . 2010-07-04 00:18   166272   ----a-w-   e:\windows\system32\drivers\snapman.sys
2010-07-04 00:18 . 2010-07-04 00:19   --------   d-----w-   e:\program files\Common Files\Acronis
2010-07-04 00:18 . 2010-07-04 00:18   --------   d-----w-   e:\program files\Acronis
2010-07-03 00:22 . 2010-07-03 00:22   --------   d--h--w-   e:\windows\PIF
2010-07-01 22:21 . 2010-07-01 22:21   63488   ----a-w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-01 22:21 . 2010-07-01 22:21   52224   ----a-w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-01 22:21 . 2010-07-01 22:21   117760   ----a-w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 22:20 . 2010-07-01 22:20   --------   d-----w-   e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-01 22:20 . 2010-07-01 22:20   --------   d-----w-   e:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
2010-07-01 22:20 . 2010-07-01 22:20   --------   d-----w-   e:\program files\SUPERAntiSpyware
2010-06-30 06:26 . 2010-06-30 06:26   --------   d-----w-   e:\documents and settings\David\TruePianos Settings
2010-06-30 06:25 . 2010-06-30 06:26   --------   d-----w-   E:\Cakewalk Projects
2010-06-30 06:25 . 2010-06-30 06:25   --------   d-----w-   e:\documents and settings\David\Application Data\Cakewalk
2010-06-30 00:25 . 2010-07-09 04:16   36624   ----a-w-   e:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 00:18 . 2010-06-30 00:27   --------   d-----w-   e:\program files\Antares
2010-06-28 18:15 . 2010-06-28 18:15   --------   d-----w-   e:\program files\Xvid
2010-06-28 18:15 . 2009-06-07 20:24   180224   ----a-w-   e:\windows\system32\xvidvfw.dll
2010-06-28 18:15 . 2009-06-07 20:16   819200   ----a-w-   e:\windows\system32\xvidcore.dll
2010-06-27 19:18 . 2010-06-27 19:38   --------   d-----w-   e:\documents and settings\admin\Application Data\vlc
2010-06-27 18:08 . 2010-06-27 18:08   --------   d-----w-   e:\documents and settings\admin\Local Settings\Application Data\Ahead
2010-06-25 21:05 . 2010-06-25 21:06   --------   d-----w-   e:\documents and settings\admin\Application Data\Vso
2010-06-25 21:05 . 2010-06-25 21:05   47360   ----a-w-   e:\documents and settings\admin\Application Data\pcouffin.sys
2010-06-25 21:05 . 2010-02-09 19:37   65602   ----a-w-   e:\windows\system32\cook3260.dll
2010-06-25 21:05 . 2010-02-09 19:37   626688   ----a-w-   e:\windows\system32\vp7vfw.dll
2010-06-25 21:05 . 2010-02-09 19:37   217127   ----a-w-   e:\windows\system32\drv43260.dll
2010-06-25 21:05 . 2010-02-09 19:37   208935   ----a-w-   e:\windows\system32\drv33260.dll
2010-06-25 21:05 . 2010-02-09 19:37   176165   ----a-w-   e:\windows\system32\drv23260.dll
2010-06-25 21:05 . 2010-02-09 19:37   1184984   ----a-w-   e:\windows\system32\wvc1dmod.dll
2010-06-25 21:05 . 2010-02-09 19:37   102439   ----a-w-   e:\windows\system32\sipr3260.dll
2010-06-23 17:19 . 2010-06-23 17:19   --------   d-----w-   e:\documents and settings\admin\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 23:20 . 2010-07-15 23:20   0   ----a-w-   e:\windows\S8A42E3D0.tmp
2010-07-15 22:36 . 2007-04-10 16:42   552   ----a-w-   e:\windows\system32\d3d8caps.dat
2010-07-14 23:03 . 2007-04-01 15:15   664   ----a-w-   e:\windows\system32\d3d9caps.dat
2010-07-12 01:25 . 2009-05-07 03:09   48   ----a-w-   e:\windows\msocreg32.dat
2010-07-12 00:15 . 2007-03-02 20:27   --------   d--h--w-   e:\program files\InstallShield Installation Information
2010-07-11 01:31 . 2008-09-11 17:47   --------   d-----w-   e:\documents and settings\admin\Application Data\uTorrent
2010-07-10 00:01 . 2007-03-02 17:20   36624   ----a-w-   e:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 21:27 . 2009-05-07 03:05   --------   d-----w-   e:\program files\IK Multimedia
2010-07-06 18:33 . 2007-12-31 03:40   --------   d-----w-   e:\program files\DAEMON Tools Lite
2010-07-06 18:33 . 2007-12-31 03:37   691696   ----a-w-   e:\windows\system32\drivers\sptd.sys
2010-07-06 05:41 . 2007-12-31 03:40   --------   d-----w-   e:\documents and settings\David\Application Data\DAEMON Tools
2010-07-06 05:24 . 2007-03-02 18:20   22720   ----a-w-   e:\windows\system32\emptyregdb.dat
2010-06-30 00:18 . 2007-11-07 04:31   --------   d-----w-   e:\program files\Digidesign
2010-06-29 23:18 . 2008-11-20 01:43   --------   d-----w-   e:\program files\WIDI
2010-06-25 21:05 . 2007-10-12 17:50   47360   ----a-w-   e:\windows\system32\drivers\pcouffin.sys
2010-06-25 21:05 . 2007-10-12 17:50   --------   d-----w-   e:\program files\VSO
2010-06-20 17:22 . 2007-06-16 02:57   --------   d-----w-   e:\documents and settings\Shelley\Application Data\uTorrent
2010-06-17 01:30 . 2008-01-17 23:09   --------   d-----w-   e:\program files\uTorrent
2010-06-14 14:30 . 2007-03-02 18:20   743936   ----a-w-   e:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:48 . 2010-06-14 03:46   536   ---ha-w-   E:\os252866.bin
2010-06-06 05:59 . 2008-08-23 01:10   --------   d-----w-   e:\program files\Microsoft Silverlight
2010-06-06 03:45 . 2007-05-13 17:02   36176   ----a-w-   e:\documents and settings\Shelley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-01 22:46 . 2010-06-01 22:46   --------   d-----w-   e:\documents and settings\David\Application Data\Mozilla-Cache
2010-05-27 22:40 . 2009-04-16 00:07   --------   d-----w-   e:\program files\PokerStars
2010-05-27 20:11 . 2010-03-29 02:53   --------   d-----w-   e:\documents and settings\David\Application Data\OpenOffice.org2
2010-05-02 05:56 . 2004-08-04 12:00   1850880   ----a-w-   e:\windows\system32\win32k.sys
2010-04-20 05:51 . 2004-08-04 12:00   285696   ----a-w-   e:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   e:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-15_02.42.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-15 23:20 . 2010-07-15 23:20   16384 e:\windows\Temp\Perflib_Perfdata_678.dat
+ 2010-07-15 23:20 . 2010-07-15 23:20   16384 e:\windows\Temp\Perflib_Perfdata_544.dat
+ 2010-07-15 22:31 . 2010-07-15 23:20   32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-02 18:25 . 2010-07-15 23:20   32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-02 18:25 . 2010-07-15 23:20   49152 e:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-02 18:25 . 2010-07-15 02:33   49152 e:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"CTSysVol"="e:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="e:\program files\QT Lite\QTTask.exe" [2009-09-05 417792]
"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]

e:\documents and settings\David\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   e:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=mapledxp.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Documents and Settings\\David\\Desktop\\utorrent150.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"e:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\WINDOWS\\system32\\lxducoms.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);e:\windows\system32\drivers\tdrpm258.sys [7/3/2010 8:19 PM 911680]
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [9/14/2008 6:41 PM 78416]
R1 mapledxp;mapledxp;e:\windows\system32\drivers\mapledxp.sys [10/10/2007 1:12 PM 24720]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;e:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [7/3/2010 8:19 PM 2480048]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [9/14/2008 6:41 PM 20560]
R2 LF30FS;LF30FS;e:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [11/19/2004 7:07 PM 101488]
R2 lxdu_device;lxdu_device;e:\windows\system32\lxducoms.exe -service --> e:\windows\system32\lxducoms.exe -service [?]
R3 afcdp;afcdp;e:\windows\system32\drivers\afcdp.sys [7/3/2010 8:19 PM 160704]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\drivers\vrtaucbl.sys [5/8/2009 2:53 PM 50944]
S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);e:\windows\system32\drivers\ipmidi.sys [4/5/2010 12:14 PM 18688]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [12/30/2007 11:37 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - e:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - e:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\o7ubg68l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: e:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: e:\program files\Java\jre6\bin\npjpi160_11.dll
FF - plugin: e:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset]
@DACL=(02 0000)
@="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_0_0_0.html"
"Contents"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_0_0_0.html"
"ExportToDVD"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_19_2_0.html"
"HowToUse"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\0_0_0_0.html"
"Keyboard"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\1_21_0_0.html"
"Search"="e:\\Program Files\\Adobe\\Premiere Pro 1.5 Tryout\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com/support/products/premiere.html"
"Search"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="e:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
e:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3380)
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\lxducoms.exe
e:\program files\Alwil Software\Avast4\ashMaiSv.exe
e:\program files\Alwil Software\Avast4\ashWebSv.exe
e:\windows\system32\Rundll32.exe
e:\windows\SOUNDMAN.EXE
e:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-07-15 19:25:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 23:25
ComboFix2.txt 2010-07-15 02:44

Pre-Run: 10,410,110,976 bytes free
Post-Run: 10,432,290,816 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EDE0579AA90FE8B801C5FDAC80CA83C0

Dr Jay · « **Reply #23 on:** July 15, 2010, 10:00:19 PM »

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: [Select]

Files to delete:
e:\windows\S8A42E3D0.tmp

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

underscore04 · « **Reply #24 on:** July 16, 2010, 01:05:08 PM »

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "e:\windows\S8A42E3D0.tmp" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dr Jay · « **Reply #25 on:** July 16, 2010, 10:15:04 PM »

Is the adware/spyware still there?

Do you still have Paretologic products installed?

underscore04 · « **Reply #26 on:** July 17, 2010, 02:45:10 PM »

yeah the adware/spyware is still here
im thinking that i should scan my other installation of windows xp on my c drive the only problem is on that installation i cannot connect to the internet because of all the malware what do you think?

Dr Jay · « **Reply #27 on:** July 17, 2010, 09:19:32 PM »

Not sure yet.

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

underscore04 · « **Reply #28 on:** July 18, 2010, 11:40:31 AM »

MBRCheck, version 1.1.1

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done! Press ENTER to exit...

Dr Jay · « **Reply #29 on:** July 18, 2010, 01:39:57 PM »

Please re-run MBRCheck, and allow it to scan.

When it comes up with the Y or N prompt, hit Y, then hit the number 2.

Once done, re-run MBRCheck and post a log.

Computer Hope Forum

News:

Author Topic: unable to get rid of adware and spyware (Read 21376 times)

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware

underscore04

Re: unable to get rid of adware and spyware

Dr Jay

Re: unable to get rid of adware and spyware