Author Topic: Malware TR/spy.keylogger.qme Help! (Read 34839 times)

stonemanjr · « **on:** September 23, 2011, 03:50:54 PM »

Have a Windows XP Home machine that is showing this malware alert (TR/spy.keylogger.qme) with Avira AntiVir running. Tried Malwarebytes Anti-malware without success. Need assistance- thank you

SuperDave · « **Reply #1 on:** September 23, 2011, 07:15:42 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Quote

Tried Malwarebytes Anti-malware without success

Does this mean you couldn't run it?

*****************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

stonemanjr · « **Reply #2 on:** September 25, 2011, 09:07:27 PM »

thanks Dave. I will have these posted tonite or tmrw. How things in Canada? I have family from SASK, Prince ALbert

stonemanjr · « **Reply #3 on:** September 26, 2011, 10:32:10 AM »

On the Malwarebytes.....its didnt pick anything up but it did run. See requested logs below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by TERESA at 12:21:55 on 2011-09-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.264 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [enots] c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe qx
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [enots] c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe qx
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUA
VwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADk ANwA"&"inst=NwA3AC0ANQ
AzADgAMwA3ADUAMAA5ADkALQBUADUALQBLAFYAM wArADcALQBCAEEAKwAxA
C0AWABMACsAMQAtAFMAVAAxACsAMgAtAEYAUAA5 ACsANgAtAEIAQQBSADkAT
wArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0A WABPADMANgArADEALQBGA
DkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAy AC0AWABPADkAKwAxAC0AR
gA5AE0AMgArADEALQBEAEQAVAArADUAOQA3ADAA NwAtAEQARAA5ADAARgArADE
ALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.901
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: vtfonouchgduhrdehfhkTaskMgr = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231383096984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{37C129CA-8F97-45C5-AC5F-0A866BE26C63} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\[email protected]\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-4 11608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl7d5ea182;MpKsl7d5ea182;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\MpKsl7d5ea182.sys [2011-9-25 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-4 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-4 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-4 66616]
S1 aitvlgmq;aitvlgmq;\??\c:\windows\system32\drivers\aitvlgmq.sys --> c:\windows\system32\drivers\aitvlgmq.sys [?]
S1 csgcdngj;csgcdngj;\??\c:\windows\system32\drivers\csgcdngj.sys --> c:\windows\system32\drivers\csgcdngj.sys [?]
S1 fzbjjxqk;fzbjjxqk;\??\c:\windows\system32\drivers\fzbjjxqk.sys --> c:\windows\system32\drivers\fzbjjxqk.sys [?]
S1 jicuygtu;jicuygtu;\??\c:\windows\system32\drivers\jicuygtu.sys --> c:\windows\system32\drivers\jicuygtu.sys [?]
S1 MpKsl0821a7de;MpKsl0821a7de;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\mpksl0821a7de.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\MpKsl0821a7de.sys [?]
S1 MpKsl0e44e987;MpKsl0e44e987;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09c1f489-dbef-4352-a225-327c77f845e2}\mpksl0e44e987.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09c1f489-dbef-4352-a225-327c77f845e2}\MpKsl0e44e987.sys [?]
S1 MpKsl0e57dffb;MpKsl0e57dffb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7faa1a41-0c55-446d-8853-5c8722eda63b}\mpksl0e57dffb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7faa1a41-0c55-446d-8853-5c8722eda63b}\MpKsl0e57dffb.sys [?]
S1 MpKsl3be578e8;MpKsl3be578e8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{463c4246-a0af-43b8-a4e5-c4cd9cd8e8ed}\mpksl3be578e8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{463c4246-a0af-43b8-a4e5-c4cd9cd8e8ed}\MpKsl3be578e8.sys [?]
S1 MpKsl6df5701a;MpKsl6df5701a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{435a1f7b-fe54-4baa-9d61-863f37589058}\mpksl6df5701a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{435a1f7b-fe54-4baa-9d61-863f37589058}\MpKsl6df5701a.sys [?]
S1 MpKsl730d167e;MpKsl730d167e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\mpksl730d167e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\MpKsl730d167e.sys [?]
S1 MpKsl96e84b25;MpKsl96e84b25;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67affd6f-4cf9-4d19-9a09-c2e89137eab5}\mpksl96e84b25.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67affd6f-4cf9-4d19-9a09-c2e89137eab5}\MpKsl96e84b25.sys [?]
S1 MpKsla4feba4a;MpKsla4feba4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc131dce-7df4-4215-af45-845205895ecc}\mpksla4feba4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc131dce-7df4-4215-af45-845205895ecc}\MpKsla4feba4a.sys [?]
S1 MpKsla63cd1ca;MpKsla63cd1ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b70390b-feb2-4387-888d-f71aee6fb829}\mpksla63cd1ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b70390b-feb2-4387-888d-f71aee6fb829}\MpKsla63cd1ca.sys [?]
S1 MpKslbd20a6ce;MpKslbd20a6ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f179367e-c9bb-4931-9c2f-37e8d4508fc3}\mpkslbd20a6ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f179367e-c9bb-4931-9c2f-37e8d4508fc3}\MpKslbd20a6ce.sys [?]
S1 MpKslcb1ffcb3;MpKslcb1ffcb3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e268f040-c521-4f01-8deb-689c60cce460}\mpkslcb1ffcb3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e268f040-c521-4f01-8deb-689c60cce460}\MpKslcb1ffcb3.sys [?]
S1 MpKslf03d2df7;MpKslf03d2df7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{77b75f8b-7061-4b4d-9df9-102d8bdce7ba}\mpkslf03d2df7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{77b75f8b-7061-4b4d-9df9-102d8bdce7ba}\MpKslf03d2df7.sys [?]
S1 MpKslfc685657;MpKslfc685657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64ad3157-275d-4585-a345-0213513504b1}\mpkslfc685657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64ad3157-275d-4585-a345-0213513504b1}\MpKslfc685657.sys [?]
S1 pmirdaoq;pmirdaoq;\??\c:\windows\system32\drivers\pmirdaoq.sys --> c:\windows\system32\drivers\pmirdaoq.sys [?]
S1 qlupagro;qlupagro;\??\c:\windows\system32\drivers\qlupagro.sys --> c:\windows\system32\drivers\qlupagro.sys [?]
S1 rdjnrndg;rdjnrndg;\??\c:\windows\system32\drivers\rdjnrndg.sys --> c:\windows\system32\drivers\rdjnrndg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-20 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;

.
=============== Created Last 30 ================
.
2011-09-25 16:33:44   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\MpKsl7d5ea182.sys
2011-09-25 16:33:23   56200   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\offreg.dll
2011-09-25 16:33:19   7269712   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\mpengine.dll
2011-09-06 22:02:22   --------   d-----w-   c:\documents and settings\teresa\local settings\application data\ApplicationHistory
2011-09-06 21:49:06   --------   d-----w-   C:\ComboFix
2011-09-06 21:39:15   --------   d-----w-   c:\windows\system32\CatRoot2
2011-09-03 10:17:37   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-08-12 15:52:45   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:12:47   66616   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-07-08 14:02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:23:27.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/16/2008 3:27:52 PM
System Uptime: 9/22/2011 10:40:15 PM (86 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel Pentium II processor | Socket 775 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 54.087 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP691: 6/29/2011 11:02:47 AM - Software Distribution Service 3.0
RP692: 6/29/2011 4:44:06 PM - Software Distribution Service 3.0
RP693: 6/30/2011 6:33:00 PM - System Checkpoint
RP694: 7/1/2011 8:35:18 AM - Software Distribution Service 3.0
RP695: 7/2/2011 8:35:35 AM - Software Distribution Service 3.0
RP696: 7/3/2011 1:43:07 AM - Software Distribution Service 3.0
RP697: 7/3/2011 8:35:15 AM - Software Distribution Service 3.0
RP698: 7/4/2011 8:35:17 AM - Software Distribution Service 3.0
RP699: 7/5/2011 12:57:39 PM - Software Distribution Service 3.0
RP700: 7/5/2011 1:46:47 PM - Software Distribution Service 3.0
RP701: 7/7/2011 9:25:44 AM - Software Distribution Service 3.0
RP702: 7/7/2011 11:11:48 AM - Unsigned printer driver HP LaserJet 6P installed.
RP703: 7/7/2011 3:09:54 PM - Unsigned printer driver HP LaserJet 6P installed.
RP704: 7/7/2011 3:23:50 PM - Installed Java(TM) 6 Update 26
RP705: 7/8/2011 10:19:10 AM - Software Distribution Service 3.0
RP706: 7/9/2011 11:09:44 AM - System Checkpoint
RP707: 7/11/2011 10:47:29 AM - Software Distribution Service 3.0
RP708: 7/11/2011 10:59:47 AM - Removed AVG Free 9.0
RP709: 7/11/2011 11:01:00 AM - Revo Uninstaller's restore point - AVG Free 9.0
RP710: 7/11/2011 11:02:11 AM - Removed AVG Free 9.0
RP711: 7/12/2011 11:37:33 AM - Installed AVG Free 9.0
RP712: 7/12/2011 11:46:14 AM - Software Distribution Service 3.0
RP713: 7/12/2011 11:59:59 AM - Avg8 Update
RP714: 7/12/2011 12:03:13 PM - Avg Update
RP715: 7/13/2011 1:36:39 PM - Avg Update
RP716: 7/13/2011 1:39:16 PM - Avg Update
RP717: 7/13/2011 1:43:42 PM - Software Distribution Service 3.0
RP718: 7/15/2011 9:07:50 AM - Software Distribution Service 3.0
RP719: 7/16/2011 9:56:32 AM - System Checkpoint
RP720: 7/16/2011 10:01:28 AM - Software Distribution Service 3.0
RP721: 7/17/2011 1:31:07 AM - Software Distribution Service 3.0
RP722: 7/17/2011 10:00:52 AM - Software Distribution Service 3.0
RP723: 7/18/2011 10:02:06 AM - Software Distribution Service 3.0
RP724: 7/19/2011 10:02:16 AM - Software Distribution Service 3.0
RP725: 7/19/2011 8:21:59 PM - Unsigned printer driver HP LaserJet 6MP installed.
RP726: 7/19/2011 8:25:41 PM - Unsigned printer driver HP LaserJet 6P installed.
RP727: 7/19/2011 8:26:09 PM - Unsigned printer driver HP LaserJet 6P installed.
RP728: 7/20/2011 1:31:42 PM - Software Distribution Service 3.0
RP729: 7/20/2011 1:49:15 PM - Software Distribution Service 3.0
RP730: 7/21/2011 2:56:16 PM - Software Distribution Service 3.0
RP731: 7/25/2011 9:21:58 AM - Software Distribution Service 3.0
RP732: 7/26/2011 12:05:47 PM - System Checkpoint
RP733: 7/26/2011 3:48:56 PM - Software Distribution Service 3.0
RP734: 7/27/2011 4:40:38 PM - System Checkpoint
RP735: 7/27/2011 5:18:25 PM - Software Distribution Service 3.0
RP736: 7/28/2011 11:41:02 AM - Software Distribution Service 3.0
RP737: 7/29/2011 11:41:06 AM - Software Distribution Service 3.0
RP738: 7/30/2011 12:57:19 PM - System Checkpoint
RP739: 7/30/2011 12:58:54 PM - Software Distribution Service 3.0
RP740: 7/31/2011 1:50:37 AM - Software Distribution Service 3.0
RP741: 7/31/2011 12:59:15 PM - Software Distribution Service 3.0
RP742: 8/1/2011 1:57:46 PM - Software Distribution Service 3.0
RP743: 8/2/2011 11:56:04 PM - Software Distribution Service 3.0
RP744: 8/4/2011 10:29:15 AM - Software Distribution Service 3.0
RP745: 8/5/2011 1:51:43 PM - Software Distribution Service 3.0
RP746: 8/7/2011 11:31:07 PM - Software Distribution Service 3.0
RP747: 8/9/2011 2:57:59 PM - Software Distribution Service 3.0
RP748: 8/11/2011 2:17:56 PM - Software Distribution Service 3.0
RP749: 8/12/2011 8:52:47 AM - Software Distribution Service 3.0
RP750: 8/13/2011 9:36:32 AM - System Checkpoint
RP751: 8/13/2011 9:38:33 AM - Software Distribution Service 3.0
RP752: 8/18/2011 9:45:21 PM - Software Distribution Service 3.0
RP753: 8/22/2011 9:48:37 AM - Software Distribution Service 3.0
RP754: 8/22/2011 10:43:17 AM - Installed Windows Media Player 11
RP755: 8/23/2011 11:02:37 AM - System Checkpoint
RP756: 8/23/2011 4:08:34 PM - Software Distribution Service 3.0
RP757: 8/24/2011 8:30:16 AM - Software Distribution Service 3.0
RP758: 8/24/2011 9:25:03 AM - Software Distribution Service 3.0
RP759: 8/25/2011 7:23:05 AM - Software Distribution Service 3.0
RP760: 8/26/2011 9:24:56 AM - System Checkpoint
RP761: 8/29/2011 9:23:39 AM - Software Distribution Service 3.0
RP762: 8/30/2011 11:07:51 AM - System Checkpoint
RP763: 8/31/2011 10:07:33 AM - Software Distribution Service 3.0
RP764: 9/1/2011 11:21:50 AM - System Checkpoint
RP765: 9/2/2011 11:57:33 AM - Software Distribution Service 3.0
RP766: 9/3/2011 3:05:38 PM - Software Distribution Service 3.0
RP767: 9/3/2011 3:38:04 PM - GOOD Restore SEPT 2011
RP768: 9/4/2011 3:40:43 PM - Software Distribution Service 3.0
RP769: 9/5/2011 4:03:43 PM - System Checkpoint
RP770: 9/6/2011 6:28:58 AM - Software Distribution Service 3.0
RP771: 9/6/2011 4:51:45 PM - Revo Uninstaller's restore point - AVG Free 9.0
RP772: 9/6/2011 4:54:22 PM - Removed AVG Free 9.0
RP773: 9/6/2011 4:58:13 PM - Installed AVG Free 9.0
RP774: 9/6/2011 6:13:44 PM - Installed AVG Free 9.0
RP775: 9/7/2011 12:47:11 PM - Software Distribution Service 3.0
RP776: 9/8/2011 5:00:17 AM - Software Distribution Service 3.0
RP777: 9/9/2011 6:21:44 AM - Software Distribution Service 3.0
RP778: 9/10/2011 10:28:01 AM - Software Distribution Service 3.0
RP779: 9/12/2011 6:21:32 AM - Software Distribution Service 3.0
RP780: 9/13/2011 6:34:10 AM - Software Distribution Service 3.0
RP781: 9/14/2011 7:38:27 AM - System Checkpoint
RP782: 9/14/2011 8:07:50 AM - Software Distribution Service 3.0
RP783: 9/14/2011 11:33:27 AM - Software Distribution Service 3.0
RP784: 9/15/2011 5:00:23 AM - Software Distribution Service 3.0
RP785: 9/16/2011 8:53:19 AM - Software Distribution Service 3.0
RP786: 9/19/2011 12:38:29 PM - Software Distribution Service 3.0
RP787: 9/20/2011 2:11:43 PM - System Checkpoint
RP788: 9/20/2011 4:59:39 PM - Software Distribution Service 3.0
RP789: 9/22/2011 5:58:11 PM - Software Distribution Service 3.0
RP790: 9/24/2011 9:02:01 AM - Software Distribution Service 3.0
RP791: 9/25/2011 2:28:24 AM - Software Distribution Service 3.0
RP792: 9/25/2011 12:33:18 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DellSupport
Download Updater (AOL LLC)
ERUNT 1.1j
ESET Online Scanner v3
Eusing Free Registry Cleaner
Free Internet Window Washer
Free Window Registry Repair
Garmin USB Drivers
Garmin WebUpdater
Glary Registry Repair 3.3.0.852
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GTOneCare
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.22)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MWSnap 3
Octoshape add-in for Adobe Flash Player
PowerDVD
Privacy and Registry Cleaner
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.92
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
SUPERAntiSpyware
Undelete Plus 2.98
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online DSL
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
WinUndelete
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
.
==== Event Viewer Messages From Past Week ========
.
9/24/2011 8:52:26 AM, error: NetBT [4321] - The name "STONE :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.45 did not allow the name to be claimed by this machine.
9/23/2011 10:37:16 AM, error: NetBT [4321] - The name "DRFANNING :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.46 did not allow the name to be claimed by this machine.
9/21/2011 10:02:34 AM, error: NetBT [4321] - The name "ANONYMOUS :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.47 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================

stonemanjr · « **Reply #4 on:** September 26, 2011, 12:02:17 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/26/2011 at 01:51 PM

Application Version : 4.48.1000

Core Rules Database Version : 7726
Trace Rules Database Version: 5538

Scan type : Complete Scan
Total Scan Time : 01:26:25

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 7561
Registry threats detected : 1
File items scanned : 23344
File threats detected : 70

Adware.Tracking Cookie
   C:\Documents and Settings\TERESA\Cookies\DQ2HDGTM.txt
   C:\Documents and Settings\TERESA\Cookies\0VPYC8NV.txt
   C:\Documents and Settings\TERESA\Cookies\9UK0NFUR.txt
   C:\Documents and Settings\TERESA\Cookies\WAO42BM0.txt
   C:\Documents and Settings\TERESA\Cookies\759RG44L.txt
   C:\Documents and Settings\TERESA\Cookies\PPIAKAQJ.txt
   C:\Documents and Settings\TERESA\Cookies\7NBJBCES.txt
   C:\Documents and Settings\TERESA\Cookies\B9Q2LXU0.txt
   C:\Documents and Settings\TERESA\Cookies\LG6BAI97.txt
   C:\Documents and Settings\TERESA\Cookies\YKIEIMTU.txt
   C:\Documents and Settings\TERESA\Cookies\6GLIM98G.txt
   C:\Documents and Settings\TERESA\Cookies\HE56IIRA.txt
   C:\Documents and Settings\TERESA\Cookies\TSYUNS5E.txt
   C:\Documents and Settings\TERESA\Cookies\3R1E5K08.txt
   C:\Documents and Settings\TERESA\Cookies\TQ3FHELU.txt
   C:\Documents and Settings\TERESA\Cookies\GPD9VIVV.txt
   C:\Documents and Settings\TERESA\Cookies\2YRB44AG.txt
   C:\Documents and Settings\TERESA\Cookies\UVJ67UVH.txt
   C:\Documents and Settings\TERESA\Cookies\RMHO96Q6.txt
   C:\Documents and Settings\TERESA\Cookies\1UMR1ICZ.txt
   C:\Documents and Settings\TERESA\Cookies\9U3WH04M.txt
   C:\Documents and Settings\TERESA\Cookies\NMSKPO1S.txt
   C:\Documents and Settings\TERESA\Cookies\SFPNCDX7.txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@pointroll[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@invitemedia[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@trafficmp[2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][3].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@tribalfusion[2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@realmedia[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@media6degrees[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@mediabrandsww[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@pointroll[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@legolas-media[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@invitemedia[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@mediapromoter[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@partypoker[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][3].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@ru4[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   ia.media-imdb.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   media.mtvnservices.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   msnbcmedia.msn.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   s0.2mdn.net [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   sftrack.searchforce.net [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]

Adware.Gamevance
   HKU\S-1-5-21-3164414362-3184867574-2224378191-501\Software\gvtl

SuperDave · « **Reply #5 on:** September 26, 2011, 05:18:21 PM »

Quote

How things in Canada? I have family from SASK, Prince ALbert

Good. We're finally getting some good weather after a very wet summer. SASK is a long way from where I live in the Maritimes.

You have two AV programs running on your computer which is a no-no. Either AntiVir Desktop or Microsoft Security Essentials will have to be disabled/uninstalled. I would recommend you keep MSE.

You have remnants of AVG on your computer. Please run this Removal Tool to remove all traces.
AVG Antivirus - AVG Antivirus Remover utility
**************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner, Glary Registry Repair 3.3.0.852, Wise Registry Cleaner 5.9.4 and Free Window Registry Repair
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
****************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\drivers\fzbjjxqk.sys 
c:\windows\system32\drivers\jicuygtu.sys 
c:\windows\system32\drivers\pmirdaoq.sys 
c:\windows\system32\drivers\qlupagro.sys 
c:\windows\system32\drivers\rdjnrndg.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**************************************************
This program files\npnzlrbdmjxegeqc looks very suspicious. I would recommend that you uninstall this program.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

stonemanjr · « **Reply #6 on:** September 27, 2011, 06:28:44 PM »

Ok, got it. Not sure how to access AVG removal tool, but I can do a sweeper thru REVO and get most of it.

Will remove Viewpoint

That funny file with the random letters and then the others in the system/win32 areas are related to All in ONe Keylogger which hides itself. SO they are ok!

SuperDave · « **Reply #7 on:** September 28, 2011, 04:44:54 PM »

Quote

Not sure how to access AVG removal tool, but I can do a sweeper thru REVO and get most of it.

There are detailed instructions for each type of AV in the link I've provided. If you still can't do it, please run ComboFix anyway.

stonemanjr · « **Reply #8 on:** September 29, 2011, 02:46:26 PM »

ok. here is a prior one from earlier. I can run again also.

ComboFix 11-01-31.02 - TERESA 02/04/2011 2:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.370 [GMT -5:00]
Running from: c:\documents and settings\TERESA\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TERESA\Application Data\MSA
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 07:36 . 2011-02-04 07:36   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsld94db114.sys
2011-02-04 00:14 . 2011-02-04 00:14   --------   d-----w-   c:\documents and settings\TERESA\Application Data\SUPERAntiSpyware.com
2011-02-04 00:14 . 2011-02-04 00:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-04 00:11 . 2011-02-04 00:14   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-03 23:44 . 2011-02-03 23:44   --------   d-----w-   c:\documents and settings\TERESA\Application Data\Malwarebytes
2011-02-03 23:44 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 23:44 . 2011-02-03 23:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-03 23:44 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-03 23:44 . 2011-02-03 23:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-21 21:54 . 2011-01-21 21:54   --------   d-----w-   C:\PAYROLL
2011-01-21 19:17 . 2011-01-21 19:17   --------   d-----w-   c:\program files\ACW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 14:56 . 2009-09-04 06:33   135096   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-11-22 13:16 . 2009-09-04 06:33   61960   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 18:02   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 17:51   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-07-19 14:13 . 2009-11-23 22:15   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

SYSPROT LOG

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 680
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1160
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgchsvx.exe
PID: 1356
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgrsx.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 1528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 484
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgwdsvc.exe
PID: 1088
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Network Assistant\hnm_svc.exe
PID: 152
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 108
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PID: 2032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxtray.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 1216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1560
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgnsx.exe
PID: 1980
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 2204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 2284
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PID: 2316
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 2380
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2480
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG9\avgtray.exe
PID: 2520
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2552
Hidden: No
Window Visible: No

Name: C:\Program Files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe
PID: 2576
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Client\msseces.exe
PID: 2592
Hidden: No
Window Visible: No

Name: C:\Program Files\DellSupport\DSAgnt.exe
PID: 2668
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2916
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PID: 3220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3448
Hidden: No
Window Visible: No

Name: C:\Program Files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe
PID: 3716
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1864
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\vssvc.exe
PID: 3768
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\msdtc.exe
PID: 3204
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3468
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office\WINWORD.EXE
PID: 2996
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\TERESA\Desktop\SysProt.exe
PID: 3012
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\TERESA\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A8BB7000
Module End: A8BC2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A7D1B000
Module End: A7D3F000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806D0380
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D1000
Module End: 806F1300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7AF3000
Module End: F7AF5000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7A03000
Module End: F7A06000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F74C4000
Module End: F74F2000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7AF5000
Module End: F7AF7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F74B3000
Module End: F74C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F75F3000
Module End: F75FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7BBB000
Module End: F7BBC000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7873000
Module End: F787A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7603000
Module End: F760E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7494000
Module End: F74B3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F787B000
Module End: F7880000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7613000
Module End: F7620000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F747C000
Module End: F7494000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F73B5000
Module End: F747C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7623000
Module End: F762C000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7633000
Module End: F7640000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7395000
Module End: F73B5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7383000
Module End: F7395000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: F736D000
Module End: F7383000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7643000
Module End: F764C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7356000
Module End: F736D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72C9000
Module End: F7356000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F729C000
Module End: F72C9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7282000
Module End: F729C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7833000
Module End: F783C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: F64B0000
Module End: F6A2F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F649C000
Module End: F64B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: F645B000
Module End: F649C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7903000
Module End: F7909000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6437000
Module End: F645B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F790B000
Module End: F7913000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F640F000
Module End: F6437000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7913000
Module End: F791A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7843000
Module End: F784E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: F7B05000
Module End: F7B07000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7853000
Module End: F7863000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7863000
Module End: F7872000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F63EC000
Module End: F640F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7D41000
Module End: F7D42000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6ABF000
Module End: F6ACC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A9F000
Module End: F7AA2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F63D5000
Module End: F63EC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F6AAF000
Module End: F6ABA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F6A9F000
Module End: F6AAB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F791B000
Module End: F7920000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F63C4000
Module End: F63D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F6A8F000
Module End: F6A98000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7923000
Module End: F7928000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F792B000
Module End: F7930000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F6A7F000
Module End: F6A89000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7933000
Module End: F7939000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F793B000
Module End: F7941000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7B07000
Module End: F7B09000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6366000
Module End: F63C4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7AAF000
Module End: F7AB3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F6A5F000
Module End: F6A69000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F6A3F000
Module End: F6A4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7B0B000
Module End: F7B0D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: A9ACE000
Module End: A9F25000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: A9AAA000
Module End: A9ACE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F6A2F000
Module End: F6A3E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F723A000
Module End: F723D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: A9A33000
Module End: A9A5A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F6356000
Module End: F6359000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7673000
Module End: F767C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7953000
Module End: F795A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7B27000
Module End: F7B29000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7CFC000
Module End: F7CFD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7B29000
Module End: F7B2B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Service Name: DLARTL_M
Module Base: F7963000
Module End: F7969000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F796B000
Module End: F7971000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7B2B000
Module End: F7B2D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7B2D000
Module End: F7B2F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7973000
Module End: F7978000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F797B000
Module End: F7983000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F634E000
Module End: F6351000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A9A00000
Module End: A9A13000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A99A7000
Module End: A9A00000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: A996D000
Module End: A99A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A9947000
Module End: A996D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7693000
Module End: F769C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A991F000
Module End: A9947000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A98FD000
Module End: A991F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F76A3000
Module End: F76AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F7983000
Module End: F7989000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: A98DB000
Module End: A98FD000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F798B000
Module End: F7991000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A98B0000
Module End: A98DB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A9818000
Module End: A9888000
Hidden: No

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0AC0C6D-D1AE-40E4-AF9E-178CDF3758E7}\MpKslea9f7dca.sys
Service Name: MpKslea9f7dca
Module Base: F799B000
Module End: F79A1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A9AA6000
Module End: A9AA9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F76C3000
Module End: F76CE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: A97F1000
Module End: A9818000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: A9A9A000
Module End: A9A9E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F79A3000
Module End: F79A9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: A97BD000
Module End: A97F1000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F7B35000
Module End: F7B37000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76F3000
Module End: F7703000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A97A5000
Module End: A97BD000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B37000
Module End: F7B39000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F723E000
Module End: F7241000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F79BB000
Module End: F79C0000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7BDC000
Module End: F7BDD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: A964E000
Module End: A9665000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: F77F3000
Module End: F77FE000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResM.SYS
Service Name: DLADResM
Module Base: F7C4A000
Module End: F7C4B000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: A960E000
Module End: A9626000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: F79D3000
Module End: F79D8000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: F7B3F000
Module End: F7B41000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABMFSM.SYS
Service Name: DLABMFSM
Module Base: F79DB000
Module End: F79E2000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: F79E3000
Module End: F79EA000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: A95F8000
Module End: A960E000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: A95E1000
Module End: A95F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\packet.sys
Service Name: Packet
Module Base: A9642000
Module End: A9646000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A963E000
Module End: A9642000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A91CC000
Module End: A91F9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A90C7000
Module End: A90DC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7BAB000
Module End: F7BAD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A9249000
Module End: A9258000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A8D5F000
Module End: A8DB7000
Hidden: No

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0AC0C6D-D1AE-40E4-AF9E-178CDF3758E7}\MpKsl87262213.sys
Service Name: MpKsl87262213
Module Base: F78CB000
Module End: F78D1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A82CB000
Module End: A830C000
Hidden: No

Module Name: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Service Name: DSproct
Module Base: F7B4B000
Module End: F7B4D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A7E7F000
Module End: A7EAA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F79EB000
Module End: F79F2000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F7D1290C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F7D128C6
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSection
Address: F7D12916
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7D128BC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7D128CB
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7D128D5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: F7D12907
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7D128DA
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7D128A8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7D128AD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7D128E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7D128DF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: F7D1291B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7D128D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F7D128B7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1106
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1105
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1104
Remote Address: IAD04S01-IN-F120.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1094
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1090
Remote Address: QY-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1079
Remote Address: SINGLECLICK.DMARC.NJ3.ATLANTICMETRO.NET:HTTP
Type: TCP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CORNERSTONE:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: CORNERSTONE:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: CORNERSTONE:5152
Remote Address: LOCALHOST:1088
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: CORNERSTONE:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: CORNERSTONE:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: LISTENING

Local Address: CORNERSTONE:1092
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1091
Remote Address: LOCALHOST:1092
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1088
Remote Address: LOCALHOST:5152
Type: TCP
Process: 2340 (PID)
State: FIN_WAIT2

Local Address: CORNERSTONE:1085
Remote Address: LOCALHOST:1084
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1084
Remote Address: LOCALHOST:1085
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: CORNERSTONE:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CORNERSTONE:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CORNERSTONE:10316
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\hnm_svc.exe
State: NA

Local Address: CORNERSTONE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CORNERSTONE:1078
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:1026
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: CORNERSTONE:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: CORNERSTONE:10426
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:10421
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CORNERSTONE:1039
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:1027
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CORNERSTONE:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CORNERSTONE:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #9 on:** September 29, 2011, 04:25:19 PM »

ComboFix is running from the wrong location. Please uninstall/delete it, download a new one and install it on your desktop and run a new scan.
I don't recall asking you to run SysProt AntiRootkit. Please do not run any new programs unless requested to do so.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

stonemanjr · « **Reply #10 on:** September 29, 2011, 04:25:30 PM »

ComboFix 11-09-29.06 - TERESA 09/29/2011 17:53:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.430 [GMT -4:00]
Running from: c:\documents and settings\TERESA\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
---- Previous Run -------
.
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\TERESA.CORNERSTONE\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\EULA.exe.e24c9112.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\SL11A.tmp.31bba02f.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 15:10 . 2011-09-29 15:10   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\MpKsld66538a4.sys
2011-09-29 15:09 . 2011-09-29 15:09   56200   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\offreg.dll
2011-09-29 15:09 . 2011-09-12 23:14   7269712   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\mpengine.dll
2011-09-06 21:39 . 2011-09-29 14:58   --------   d-----w-   c:\windows\system32\CatRoot2
2011-09-03 10:17 . 2011-09-09 09:12   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-07-20 17:52   7269712   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 17:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-08-12 15:52 . 2011-08-12 15:52   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-08-25 11:25   7152464   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 09:05 . 2010-05-07 17:41   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2009-04-01 17:08   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-10 17:51   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:12 . 2009-09-04 06:33   66616   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-07-12 16:12 . 2009-09-04 06:33   138192   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-07-08 14:02 . 2004-08-10 17:51   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-02-03 23:44   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-03 23:44   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-19 14:13 . 2009-11-23 22:15   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-06_22.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-29 16:35 . 2011-09-29 16:35   16384 c:\windows\Temp\Perflib_Perfdata_abc.dat
+ 2011-09-08 17:54 . 2011-09-08 17:54   22016 c:\windows\Installer\1d9c144.msi
- 2011-06-15 20:08 . 2011-06-15 20:08   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-09-15 09:05 . 2011-09-15 09:05   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-01-02 23:54 . 2009-01-02 23:54   9851 c:\windows\system32\mswnnrote.dll
- 2010-07-25 21:59 . 2010-07-25 21:59   9851 c:\windows\system32\mswnnrote.dll
- 2011-07-07 19:24 . 2011-05-04 08:52   157472 c:\windows\system32\javaws.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05   157472 c:\windows\system32\javaws.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05   145184 c:\windows\system32\javaw.exe
- 2011-07-07 19:24 . 2011-05-04 08:52   145184 c:\windows\system32\javaw.exe
- 2011-07-07 19:24 . 2011-05-04 08:52   145184 c:\windows\system32\java.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05   145184 c:\windows\system32\java.exe
+ 2011-09-29 16:58 . 2011-09-29 16:58   203776 c:\windows\Installer\6eb24e.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43   3795968 c:\windows\Installer\185edbca.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48   8181248 c:\windows\Installer\185edbc2.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39   9892352 c:\windows\Installer\185edbba.msp
+ 2009-04-03 23:21 . 2009-04-03 23:21   8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-01-08 05:56 . 2011-09-29 15:01   47369160 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 68856]
"enots"="c:\program files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe" [2006-11-05 2289919]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-19 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"enots"="c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe" [2006-11-05 2289919]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQ
wAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUA VQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANQA
zADgAMwA3ADUAMAA5ADkALQBUADUALQBLAFYAMw ArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFMAV AAxAC
sAMgAtAEYAUAA5ACsANgAtAEIAQQBSADkATwArA DEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABP ADMANg
ArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AM QAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0A MgArA
DEALQBEAEQAVAArADUAOQA3ADAANwAtAEQARAA5 ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwA xAA&prod=90&ver=9.0.901" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-20 7168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"vtfonouchgduhrdehfhkTaskMgr"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 MpKsl835fca01;MpKsl835fca01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys [?]
R1 MpKsld66538a4;MpKsld66538a4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\MpKsld66538a4.sys [9/29/2011 11:10 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/4/2009 2:33 AM 136360]
S1 aitvlgmq;aitvlgmq;\??\c:\windows\system32\drivers\aitvlgmq.sys --> c:\windows\system32\drivers\aitvlgmq.sys [?]
S1 csgcdngj;csgcdngj;\??\c:\windows\system32\drivers\csgcdngj.sys --> c:\windows\system32\drivers\csgcdngj.sys [?]
S1 fzbjjxqk;fzbjjxqk;\??\c:\windows\system32\drivers\fzbjjxqk.sys --> c:\windows\system32\drivers\fzbjjxqk.sys [?]
S1 jicuygtu;jicuygtu;\??\c:\windows\system32\drivers\jicuygtu.sys --> c:\windows\system32\drivers\jicuygtu.sys [?]
S1 MpKsl0821a7de;MpKsl0821a7de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl0821a7de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl0821a7de.sys [?]
S1 MpKsl0e44e987;MpKsl0e44e987;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09C1F489-DBEF-4352-A225-327C77F845E2}\MpKsl0e44e987.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09C1F489-DBEF-4352-A225-327C77F845E2}\MpKsl0e44e987.sys [?]
S1 MpKsl0e57dffb;MpKsl0e57dffb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAA1A41-0C55-446D-8853-5C8722EDA63B}\MpKsl0e57dffb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAA1A41-0C55-446D-8853-5C8722EDA63B}\MpKsl0e57dffb.sys [?]
S1 MpKsl3be578e8;MpKsl3be578e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{463C4246-A0AF-43B8-A4E5-C4CD9CD8E8ED}\MpKsl3be578e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{463C4246-A0AF-43B8-A4E5-C4CD9CD8E8ED}\MpKsl3be578e8.sys [?]
S1 MpKsl6df5701a;MpKsl6df5701a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{435A1F7B-FE54-4BAA-9D61-863F37589058}\MpKsl6df5701a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{435A1F7B-FE54-4BAA-9D61-863F37589058}\MpKsl6df5701a.sys [?]
S1 MpKsl730d167e;MpKsl730d167e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl730d167e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl730d167e.sys [?]
S1 MpKsl96e84b25;MpKsl96e84b25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67AFFD6F-4CF9-4D19-9A09-C2E89137EAB5}\MpKsl96e84b25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67AFFD6F-4CF9-4D19-9A09-C2E89137EAB5}\MpKsl96e84b25.sys [?]
S1 MpKsla4feba4a;MpKsla4feba4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsla4feba4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsla4feba4a.sys [?]
S1 MpKsla63cd1ca;MpKsla63cd1ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B70390B-FEB2-4387-888D-F71AEE6FB829}\MpKsla63cd1ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B70390B-FEB2-4387-888D-F71AEE6FB829}\MpKsla63cd1ca.sys [?]
S1 MpKslb471e789;MpKslb471e789;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{088CDD4C-6C34-4750-A77E-CACB5704BF78}\MpKslb471e789.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{088CDD4C-6C34-4750-A77E-CACB5704BF78}\MpKslb471e789.sys [?]
S1 MpKslbd20a6ce;MpKslbd20a6ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F179367E-C9BB-4931-9C2F-37E8D4508FC3}\MpKslbd20a6ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F179367E-C9BB-4931-9C2F-37E8D4508FC3}\MpKslbd20a6ce.sys [?]
S1 MpKslcb1ffcb3;MpKslcb1ffcb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E268F040-C521-4F01-8DEB-689C60CCE460}\MpKslcb1ffcb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E268F040-C521-4F01-8DEB-689C60CCE460}\MpKslcb1ffcb3.sys [?]
S1 MpKslf03d2df7;MpKslf03d2df7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77B75F8B-7061-4B4D-9DF9-102D8BDCE7BA}\MpKslf03d2df7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77B75F8B-7061-4B4D-9DF9-102D8BDCE7BA}\MpKslf03d2df7.sys [?]
S1 MpKslfc685657;MpKslfc685657;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64AD3157-275D-4585-A345-0213513504B1}\MpKslfc685657.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64AD3157-275D-4585-A345-0213513504B1}\MpKslfc685657.sys [?]
S1 pmirdaoq;pmirdaoq;\??\c:\windows\system32\drivers\pmirdaoq.sys --> c:\windows\system32\drivers\pmirdaoq.sys [?]
S1 qlupagro;qlupagro;\??\c:\windows\system32\drivers\qlupagro.sys --> c:\windows\system32\drivers\qlupagro.sys [?]
S1 rdjnrndg;rdjnrndg;\??\c:\windows\system32\drivers\rdjnrndg.sys --> c:\windows\system32\drivers\rdjnrndg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:11 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/20/2007 5:01 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:11 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;

.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MPKSLD66538A4
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\TERESA\Application Data\Mozilla\Firefox\Profiles\o8k8dx0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'winlogon.exe'(160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-09-29 18:05:10
ComboFix-quarantined-files.txt 2011-09-29 22:05
ComboFix2.txt 2011-07-11 15:37
ComboFix3.txt 2011-02-04 07:42
.
Pre-Run: 58,928,177,152 bytes free
Post-Run: 59,266,224,128 bytes free
.
- - End Of File - - B4FDBD52425DC4FDBB12AF4D69F6CB00

stonemanjr · « **Reply #11 on:** September 29, 2011, 04:27:15 PM »

sorry Dave. I didnt run SysProt. That was an old file-log from a previous run. I just had saved in same folder and posted for you to see. I am following only your directs

stonemanjr · « **Reply #12 on:** September 29, 2011, 04:29:47 PM »

Results of screen317's Security Check version 0.99.19
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
GTOneCare
Microsoft Security Essentials
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Privacy and Registry Cleaner
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
Java(TM) 6 Update 27
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox ((3.6.23)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

SuperDave · « **Reply #13 on:** September 29, 2011, 04:55:57 PM »

Wow! That was fast. How's your computer running now?

I still see two AV's running on your computer; Avira AntiVir Personal and Microsoft Security Essentials. One will have to be disabled.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner, Privacy and Registry Cleaner and Wise Registry Cleaner 5.9.4
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
***************************************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

stonemanjr · « **Reply #14 on:** September 29, 2011, 05:27:14 PM »

ok. will do tonite. yeah, I had already run the new COmboFix figuring that you'd want to see it.

Computer Hope Forum

News:

Author Topic: Malware TR/spy.keylogger.qme Help! (Read 34839 times)

stonemanjr

Malware TR/spy.keylogger.qme Help!

SuperDave

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

SuperDave

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

SuperDave

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

SuperDave

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!

SuperDave

Re: Malware TR/spy.keylogger.qme Help!

stonemanjr

Re: Malware TR/spy.keylogger.qme Help!