Author Topic: Malware TR/spy.keylogger.qme Help! (Read 34847 times)

stonemanjr · « **on:** September 23, 2011, 03:50:54 PM »

Have a Windows XP Home machine that is showing this malware alert (TR/spy.keylogger.qme) with Avira AntiVir running. Tried Malwarebytes Anti-malware without success. Need assistance- thank you

SuperDave · « **Reply #1 on:** September 23, 2011, 07:15:42 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Quote

Tried Malwarebytes Anti-malware without success

Does this mean you couldn't run it?

*****************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

stonemanjr · « **Reply #2 on:** September 25, 2011, 09:07:27 PM »

thanks Dave. I will have these posted tonite or tmrw. How things in Canada? I have family from SASK, Prince ALbert

stonemanjr · « **Reply #3 on:** September 26, 2011, 10:32:10 AM »

On the Malwarebytes.....its didnt pick anything up but it did run. See requested logs below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by TERESA at 12:21:55 on 2011-09-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.264 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [enots] c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe qx
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [enots] c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe qx
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUA
VwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADk ANwA"&"inst=NwA3AC0ANQ
AzADgAMwA3ADUAMAA5ADkALQBUADUALQBLAFYAM wArADcALQBCAEEAKwAxA
C0AWABMACsAMQAtAFMAVAAxACsAMgAtAEYAUAA5 ACsANgAtAEIAQQBSADkAT
wArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0A WABPADMANgArADEALQBGA
DkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAy AC0AWABPADkAKwAxAC0AR
gA5AE0AMgArADEALQBEAEQAVAArADUAOQA3ADAA NwAtAEQARAA5ADAARgArADE
ALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.901
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: vtfonouchgduhrdehfhkTaskMgr = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231383096984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{37C129CA-8F97-45C5-AC5F-0A866BE26C63} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\teresa\application data\mozilla\firefox\profiles\o8k8dx0i.default\extensions\[email protected]\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-4 11608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl7d5ea182;MpKsl7d5ea182;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\MpKsl7d5ea182.sys [2011-9-25 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-4 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-4 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-4 66616]
S1 aitvlgmq;aitvlgmq;\??\c:\windows\system32\drivers\aitvlgmq.sys --> c:\windows\system32\drivers\aitvlgmq.sys [?]
S1 csgcdngj;csgcdngj;\??\c:\windows\system32\drivers\csgcdngj.sys --> c:\windows\system32\drivers\csgcdngj.sys [?]
S1 fzbjjxqk;fzbjjxqk;\??\c:\windows\system32\drivers\fzbjjxqk.sys --> c:\windows\system32\drivers\fzbjjxqk.sys [?]
S1 jicuygtu;jicuygtu;\??\c:\windows\system32\drivers\jicuygtu.sys --> c:\windows\system32\drivers\jicuygtu.sys [?]
S1 MpKsl0821a7de;MpKsl0821a7de;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\mpksl0821a7de.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\MpKsl0821a7de.sys [?]
S1 MpKsl0e44e987;MpKsl0e44e987;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09c1f489-dbef-4352-a225-327c77f845e2}\mpksl0e44e987.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09c1f489-dbef-4352-a225-327c77f845e2}\MpKsl0e44e987.sys [?]
S1 MpKsl0e57dffb;MpKsl0e57dffb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7faa1a41-0c55-446d-8853-5c8722eda63b}\mpksl0e57dffb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7faa1a41-0c55-446d-8853-5c8722eda63b}\MpKsl0e57dffb.sys [?]
S1 MpKsl3be578e8;MpKsl3be578e8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{463c4246-a0af-43b8-a4e5-c4cd9cd8e8ed}\mpksl3be578e8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{463c4246-a0af-43b8-a4e5-c4cd9cd8e8ed}\MpKsl3be578e8.sys [?]
S1 MpKsl6df5701a;MpKsl6df5701a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{435a1f7b-fe54-4baa-9d61-863f37589058}\mpksl6df5701a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{435a1f7b-fe54-4baa-9d61-863f37589058}\MpKsl6df5701a.sys [?]
S1 MpKsl730d167e;MpKsl730d167e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\mpksl730d167e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8045cf92-c260-4235-89fb-f68f10038bf1}\MpKsl730d167e.sys [?]
S1 MpKsl96e84b25;MpKsl96e84b25;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67affd6f-4cf9-4d19-9a09-c2e89137eab5}\mpksl96e84b25.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67affd6f-4cf9-4d19-9a09-c2e89137eab5}\MpKsl96e84b25.sys [?]
S1 MpKsla4feba4a;MpKsla4feba4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc131dce-7df4-4215-af45-845205895ecc}\mpksla4feba4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc131dce-7df4-4215-af45-845205895ecc}\MpKsla4feba4a.sys [?]
S1 MpKsla63cd1ca;MpKsla63cd1ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b70390b-feb2-4387-888d-f71aee6fb829}\mpksla63cd1ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b70390b-feb2-4387-888d-f71aee6fb829}\MpKsla63cd1ca.sys [?]
S1 MpKslbd20a6ce;MpKslbd20a6ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f179367e-c9bb-4931-9c2f-37e8d4508fc3}\mpkslbd20a6ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f179367e-c9bb-4931-9c2f-37e8d4508fc3}\MpKslbd20a6ce.sys [?]
S1 MpKslcb1ffcb3;MpKslcb1ffcb3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e268f040-c521-4f01-8deb-689c60cce460}\mpkslcb1ffcb3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e268f040-c521-4f01-8deb-689c60cce460}\MpKslcb1ffcb3.sys [?]
S1 MpKslf03d2df7;MpKslf03d2df7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{77b75f8b-7061-4b4d-9df9-102d8bdce7ba}\mpkslf03d2df7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{77b75f8b-7061-4b4d-9df9-102d8bdce7ba}\MpKslf03d2df7.sys [?]
S1 MpKslfc685657;MpKslfc685657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64ad3157-275d-4585-a345-0213513504b1}\mpkslfc685657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64ad3157-275d-4585-a345-0213513504b1}\MpKslfc685657.sys [?]
S1 pmirdaoq;pmirdaoq;\??\c:\windows\system32\drivers\pmirdaoq.sys --> c:\windows\system32\drivers\pmirdaoq.sys [?]
S1 qlupagro;qlupagro;\??\c:\windows\system32\drivers\qlupagro.sys --> c:\windows\system32\drivers\qlupagro.sys [?]
S1 rdjnrndg;rdjnrndg;\??\c:\windows\system32\drivers\rdjnrndg.sys --> c:\windows\system32\drivers\rdjnrndg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-20 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;

.
=============== Created Last 30 ================
.
2011-09-25 16:33:44   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\MpKsl7d5ea182.sys
2011-09-25 16:33:23   56200   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\offreg.dll
2011-09-25 16:33:19   7269712   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49603fca-8e12-45f9-9617-9008a714924c}\mpengine.dll
2011-09-06 22:02:22   --------   d-----w-   c:\documents and settings\teresa\local settings\application data\ApplicationHistory
2011-09-06 21:49:06   --------   d-----w-   C:\ComboFix
2011-09-06 21:39:15   --------   d-----w-   c:\windows\system32\CatRoot2
2011-09-03 10:17:37   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-08-12 15:52:45   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:12:47   66616   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-07-08 14:02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:23:27.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/16/2008 3:27:52 PM
System Uptime: 9/22/2011 10:40:15 PM (86 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel Pentium II processor | Socket 775 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 54.087 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP691: 6/29/2011 11:02:47 AM - Software Distribution Service 3.0
RP692: 6/29/2011 4:44:06 PM - Software Distribution Service 3.0
RP693: 6/30/2011 6:33:00 PM - System Checkpoint
RP694: 7/1/2011 8:35:18 AM - Software Distribution Service 3.0
RP695: 7/2/2011 8:35:35 AM - Software Distribution Service 3.0
RP696: 7/3/2011 1:43:07 AM - Software Distribution Service 3.0
RP697: 7/3/2011 8:35:15 AM - Software Distribution Service 3.0
RP698: 7/4/2011 8:35:17 AM - Software Distribution Service 3.0
RP699: 7/5/2011 12:57:39 PM - Software Distribution Service 3.0
RP700: 7/5/2011 1:46:47 PM - Software Distribution Service 3.0
RP701: 7/7/2011 9:25:44 AM - Software Distribution Service 3.0
RP702: 7/7/2011 11:11:48 AM - Unsigned printer driver HP LaserJet 6P installed.
RP703: 7/7/2011 3:09:54 PM - Unsigned printer driver HP LaserJet 6P installed.
RP704: 7/7/2011 3:23:50 PM - Installed Java(TM) 6 Update 26
RP705: 7/8/2011 10:19:10 AM - Software Distribution Service 3.0
RP706: 7/9/2011 11:09:44 AM - System Checkpoint
RP707: 7/11/2011 10:47:29 AM - Software Distribution Service 3.0
RP708: 7/11/2011 10:59:47 AM - Removed AVG Free 9.0
RP709: 7/11/2011 11:01:00 AM - Revo Uninstaller's restore point - AVG Free 9.0
RP710: 7/11/2011 11:02:11 AM - Removed AVG Free 9.0
RP711: 7/12/2011 11:37:33 AM - Installed AVG Free 9.0
RP712: 7/12/2011 11:46:14 AM - Software Distribution Service 3.0
RP713: 7/12/2011 11:59:59 AM - Avg8 Update
RP714: 7/12/2011 12:03:13 PM - Avg Update
RP715: 7/13/2011 1:36:39 PM - Avg Update
RP716: 7/13/2011 1:39:16 PM - Avg Update
RP717: 7/13/2011 1:43:42 PM - Software Distribution Service 3.0
RP718: 7/15/2011 9:07:50 AM - Software Distribution Service 3.0
RP719: 7/16/2011 9:56:32 AM - System Checkpoint
RP720: 7/16/2011 10:01:28 AM - Software Distribution Service 3.0
RP721: 7/17/2011 1:31:07 AM - Software Distribution Service 3.0
RP722: 7/17/2011 10:00:52 AM - Software Distribution Service 3.0
RP723: 7/18/2011 10:02:06 AM - Software Distribution Service 3.0
RP724: 7/19/2011 10:02:16 AM - Software Distribution Service 3.0
RP725: 7/19/2011 8:21:59 PM - Unsigned printer driver HP LaserJet 6MP installed.
RP726: 7/19/2011 8:25:41 PM - Unsigned printer driver HP LaserJet 6P installed.
RP727: 7/19/2011 8:26:09 PM - Unsigned printer driver HP LaserJet 6P installed.
RP728: 7/20/2011 1:31:42 PM - Software Distribution Service 3.0
RP729: 7/20/2011 1:49:15 PM - Software Distribution Service 3.0
RP730: 7/21/2011 2:56:16 PM - Software Distribution Service 3.0
RP731: 7/25/2011 9:21:58 AM - Software Distribution Service 3.0
RP732: 7/26/2011 12:05:47 PM - System Checkpoint
RP733: 7/26/2011 3:48:56 PM - Software Distribution Service 3.0
RP734: 7/27/2011 4:40:38 PM - System Checkpoint
RP735: 7/27/2011 5:18:25 PM - Software Distribution Service 3.0
RP736: 7/28/2011 11:41:02 AM - Software Distribution Service 3.0
RP737: 7/29/2011 11:41:06 AM - Software Distribution Service 3.0
RP738: 7/30/2011 12:57:19 PM - System Checkpoint
RP739: 7/30/2011 12:58:54 PM - Software Distribution Service 3.0
RP740: 7/31/2011 1:50:37 AM - Software Distribution Service 3.0
RP741: 7/31/2011 12:59:15 PM - Software Distribution Service 3.0
RP742: 8/1/2011 1:57:46 PM - Software Distribution Service 3.0
RP743: 8/2/2011 11:56:04 PM - Software Distribution Service 3.0
RP744: 8/4/2011 10:29:15 AM - Software Distribution Service 3.0
RP745: 8/5/2011 1:51:43 PM - Software Distribution Service 3.0
RP746: 8/7/2011 11:31:07 PM - Software Distribution Service 3.0
RP747: 8/9/2011 2:57:59 PM - Software Distribution Service 3.0
RP748: 8/11/2011 2:17:56 PM - Software Distribution Service 3.0
RP749: 8/12/2011 8:52:47 AM - Software Distribution Service 3.0
RP750: 8/13/2011 9:36:32 AM - System Checkpoint
RP751: 8/13/2011 9:38:33 AM - Software Distribution Service 3.0
RP752: 8/18/2011 9:45:21 PM - Software Distribution Service 3.0
RP753: 8/22/2011 9:48:37 AM - Software Distribution Service 3.0
RP754: 8/22/2011 10:43:17 AM - Installed Windows Media Player 11
RP755: 8/23/2011 11:02:37 AM - System Checkpoint
RP756: 8/23/2011 4:08:34 PM - Software Distribution Service 3.0
RP757: 8/24/2011 8:30:16 AM - Software Distribution Service 3.0
RP758: 8/24/2011 9:25:03 AM - Software Distribution Service 3.0
RP759: 8/25/2011 7:23:05 AM - Software Distribution Service 3.0
RP760: 8/26/2011 9:24:56 AM - System Checkpoint
RP761: 8/29/2011 9:23:39 AM - Software Distribution Service 3.0
RP762: 8/30/2011 11:07:51 AM - System Checkpoint
RP763: 8/31/2011 10:07:33 AM - Software Distribution Service 3.0
RP764: 9/1/2011 11:21:50 AM - System Checkpoint
RP765: 9/2/2011 11:57:33 AM - Software Distribution Service 3.0
RP766: 9/3/2011 3:05:38 PM - Software Distribution Service 3.0
RP767: 9/3/2011 3:38:04 PM - GOOD Restore SEPT 2011
RP768: 9/4/2011 3:40:43 PM - Software Distribution Service 3.0
RP769: 9/5/2011 4:03:43 PM - System Checkpoint
RP770: 9/6/2011 6:28:58 AM - Software Distribution Service 3.0
RP771: 9/6/2011 4:51:45 PM - Revo Uninstaller's restore point - AVG Free 9.0
RP772: 9/6/2011 4:54:22 PM - Removed AVG Free 9.0
RP773: 9/6/2011 4:58:13 PM - Installed AVG Free 9.0
RP774: 9/6/2011 6:13:44 PM - Installed AVG Free 9.0
RP775: 9/7/2011 12:47:11 PM - Software Distribution Service 3.0
RP776: 9/8/2011 5:00:17 AM - Software Distribution Service 3.0
RP777: 9/9/2011 6:21:44 AM - Software Distribution Service 3.0
RP778: 9/10/2011 10:28:01 AM - Software Distribution Service 3.0
RP779: 9/12/2011 6:21:32 AM - Software Distribution Service 3.0
RP780: 9/13/2011 6:34:10 AM - Software Distribution Service 3.0
RP781: 9/14/2011 7:38:27 AM - System Checkpoint
RP782: 9/14/2011 8:07:50 AM - Software Distribution Service 3.0
RP783: 9/14/2011 11:33:27 AM - Software Distribution Service 3.0
RP784: 9/15/2011 5:00:23 AM - Software Distribution Service 3.0
RP785: 9/16/2011 8:53:19 AM - Software Distribution Service 3.0
RP786: 9/19/2011 12:38:29 PM - Software Distribution Service 3.0
RP787: 9/20/2011 2:11:43 PM - System Checkpoint
RP788: 9/20/2011 4:59:39 PM - Software Distribution Service 3.0
RP789: 9/22/2011 5:58:11 PM - Software Distribution Service 3.0
RP790: 9/24/2011 9:02:01 AM - Software Distribution Service 3.0
RP791: 9/25/2011 2:28:24 AM - Software Distribution Service 3.0
RP792: 9/25/2011 12:33:18 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DellSupport
Download Updater (AOL LLC)
ERUNT 1.1j
ESET Online Scanner v3
Eusing Free Registry Cleaner
Free Internet Window Washer
Free Window Registry Repair
Garmin USB Drivers
Garmin WebUpdater
Glary Registry Repair 3.3.0.852
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GTOneCare
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.22)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MWSnap 3
Octoshape add-in for Adobe Flash Player
PowerDVD
Privacy and Registry Cleaner
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.92
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
SUPERAntiSpyware
Undelete Plus 2.98
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online DSL
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
WinUndelete
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
.
==== Event Viewer Messages From Past Week ========
.
9/24/2011 8:52:26 AM, error: NetBT [4321] - The name "STONE :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.45 did not allow the name to be claimed by this machine.
9/23/2011 10:37:16 AM, error: NetBT [4321] - The name "DRFANNING :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.46 did not allow the name to be claimed by this machine.
9/21/2011 10:02:34 AM, error: NetBT [4321] - The name "ANONYMOUS :0" could not be registered on the Interface with IP address 192.168.1.44. The machine with the IP address 192.168.1.47 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================

stonemanjr · « **Reply #4 on:** September 26, 2011, 12:02:17 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/26/2011 at 01:51 PM

Application Version : 4.48.1000

Core Rules Database Version : 7726
Trace Rules Database Version: 5538

Scan type : Complete Scan
Total Scan Time : 01:26:25

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 7561
Registry threats detected : 1
File items scanned : 23344
File threats detected : 70

Adware.Tracking Cookie
   C:\Documents and Settings\TERESA\Cookies\DQ2HDGTM.txt
   C:\Documents and Settings\TERESA\Cookies\0VPYC8NV.txt
   C:\Documents and Settings\TERESA\Cookies\9UK0NFUR.txt
   C:\Documents and Settings\TERESA\Cookies\WAO42BM0.txt
   C:\Documents and Settings\TERESA\Cookies\759RG44L.txt
   C:\Documents and Settings\TERESA\Cookies\PPIAKAQJ.txt
   C:\Documents and Settings\TERESA\Cookies\7NBJBCES.txt
   C:\Documents and Settings\TERESA\Cookies\B9Q2LXU0.txt
   C:\Documents and Settings\TERESA\Cookies\LG6BAI97.txt
   C:\Documents and Settings\TERESA\Cookies\YKIEIMTU.txt
   C:\Documents and Settings\TERESA\Cookies\6GLIM98G.txt
   C:\Documents and Settings\TERESA\Cookies\HE56IIRA.txt
   C:\Documents and Settings\TERESA\Cookies\TSYUNS5E.txt
   C:\Documents and Settings\TERESA\Cookies\3R1E5K08.txt
   C:\Documents and Settings\TERESA\Cookies\TQ3FHELU.txt
   C:\Documents and Settings\TERESA\Cookies\GPD9VIVV.txt
   C:\Documents and Settings\TERESA\Cookies\2YRB44AG.txt
   C:\Documents and Settings\TERESA\Cookies\UVJ67UVH.txt
   C:\Documents and Settings\TERESA\Cookies\RMHO96Q6.txt
   C:\Documents and Settings\TERESA\Cookies\1UMR1ICZ.txt
   C:\Documents and Settings\TERESA\Cookies\9U3WH04M.txt
   C:\Documents and Settings\TERESA\Cookies\NMSKPO1S.txt
   C:\Documents and Settings\TERESA\Cookies\SFPNCDX7.txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@pointroll[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@invitemedia[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@trafficmp[2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][3].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@tribalfusion[2].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@realmedia[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\cornerstone_llc@media6degrees[1].txt
   C:\Documents and Settings\CORNERSTONE LLC\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@mediabrandsww[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@pointroll[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@legolas-media[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@invitemedia[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@mediapromoter[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@partypoker[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][3].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@ru4[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   ia.media-imdb.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   media.mtvnservices.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   msnbcmedia.msn.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   s0.2mdn.net [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]
   sftrack.searchforce.net [ C:\Documents and Settings\TERESA\Application Data\Macromedia\Flash Player\#SharedObjects\K8WWN7FA ]

Adware.Gamevance
   HKU\S-1-5-21-3164414362-3184867574-2224378191-501\Software\gvtl

SuperDave · « **Reply #5 on:** September 26, 2011, 05:18:21 PM »

Quote

How things in Canada? I have family from SASK, Prince ALbert

Good. We're finally getting some good weather after a very wet summer. SASK is a long way from where I live in the Maritimes.

You have two AV programs running on your computer which is a no-no. Either AntiVir Desktop or Microsoft Security Essentials will have to be disabled/uninstalled. I would recommend you keep MSE.

You have remnants of AVG on your computer. Please run this Removal Tool to remove all traces.
AVG Antivirus - AVG Antivirus Remover utility
**************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner, Glary Registry Repair 3.3.0.852, Wise Registry Cleaner 5.9.4 and Free Window Registry Repair
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
****************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\drivers\fzbjjxqk.sys 
c:\windows\system32\drivers\jicuygtu.sys 
c:\windows\system32\drivers\pmirdaoq.sys 
c:\windows\system32\drivers\qlupagro.sys 
c:\windows\system32\drivers\rdjnrndg.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**************************************************
This program files\npnzlrbdmjxegeqc looks very suspicious. I would recommend that you uninstall this program.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

stonemanjr · « **Reply #6 on:** September 27, 2011, 06:28:44 PM »

Ok, got it. Not sure how to access AVG removal tool, but I can do a sweeper thru REVO and get most of it.

Will remove Viewpoint

That funny file with the random letters and then the others in the system/win32 areas are related to All in ONe Keylogger which hides itself. SO they are ok!

SuperDave · « **Reply #7 on:** September 28, 2011, 04:44:54 PM »

Quote

Not sure how to access AVG removal tool, but I can do a sweeper thru REVO and get most of it.

There are detailed instructions for each type of AV in the link I've provided. If you still can't do it, please run ComboFix anyway.

stonemanjr · « **Reply #8 on:** September 29, 2011, 02:46:26 PM »

ok. here is a prior one from earlier. I can run again also.

ComboFix 11-01-31.02 - TERESA 02/04/2011 2:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.370 [GMT -5:00]
Running from: c:\documents and settings\TERESA\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TERESA\Application Data\MSA
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 07:36 . 2011-02-04 07:36   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsld94db114.sys
2011-02-04 00:14 . 2011-02-04 00:14   --------   d-----w-   c:\documents and settings\TERESA\Application Data\SUPERAntiSpyware.com
2011-02-04 00:14 . 2011-02-04 00:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-04 00:11 . 2011-02-04 00:14   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-03 23:44 . 2011-02-03 23:44   --------   d-----w-   c:\documents and settings\TERESA\Application Data\Malwarebytes
2011-02-03 23:44 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 23:44 . 2011-02-03 23:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-03 23:44 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-03 23:44 . 2011-02-03 23:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-21 21:54 . 2011-01-21 21:54   --------   d-----w-   C:\PAYROLL
2011-01-21 19:17 . 2011-01-21 19:17   --------   d-----w-   c:\program files\ACW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 14:56 . 2009-09-04 06:33   135096   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-11-22 13:16 . 2009-09-04 06:33   61960   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 18:02   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 17:51   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-07-19 14:13 . 2009-11-23 22:15   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

SYSPROT LOG

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 680
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1160
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgchsvx.exe
PID: 1356
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgrsx.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 1528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 484
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgwdsvc.exe
PID: 1088
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Network Assistant\hnm_svc.exe
PID: 152
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 108
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PID: 2032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxtray.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 1216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1560
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgnsx.exe
PID: 1980
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 2204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 2284
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PID: 2316
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 2380
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2480
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG9\avgtray.exe
PID: 2520
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2552
Hidden: No
Window Visible: No

Name: C:\Program Files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe
PID: 2576
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Client\msseces.exe
PID: 2592
Hidden: No
Window Visible: No

Name: C:\Program Files\DellSupport\DSAgnt.exe
PID: 2668
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2916
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PID: 3220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3448
Hidden: No
Window Visible: No

Name: C:\Program Files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe
PID: 3716
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1864
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\vssvc.exe
PID: 3768
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\msdtc.exe
PID: 3204
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3468
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office\WINWORD.EXE
PID: 2996
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\TERESA\Desktop\SysProt.exe
PID: 3012
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\TERESA\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A8BB7000
Module End: A8BC2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A7D1B000
Module End: A7D3F000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806D0380
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D1000
Module End: 806F1300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7AF3000
Module End: F7AF5000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7A03000
Module End: F7A06000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F74C4000
Module End: F74F2000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7AF5000
Module End: F7AF7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F74B3000
Module End: F74C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F75F3000
Module End: F75FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7BBB000
Module End: F7BBC000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7873000
Module End: F787A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7603000
Module End: F760E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7494000
Module End: F74B3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F787B000
Module End: F7880000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7613000
Module End: F7620000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F747C000
Module End: F7494000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F73B5000
Module End: F747C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7623000
Module End: F762C000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7633000
Module End: F7640000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7395000
Module End: F73B5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7383000
Module End: F7395000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: F736D000
Module End: F7383000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7643000
Module End: F764C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7356000
Module End: F736D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72C9000
Module End: F7356000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F729C000
Module End: F72C9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7282000
Module End: F729C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7833000
Module End: F783C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: F64B0000
Module End: F6A2F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F649C000
Module End: F64B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: F645B000
Module End: F649C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7903000
Module End: F7909000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6437000
Module End: F645B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F790B000
Module End: F7913000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F640F000
Module End: F6437000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7913000
Module End: F791A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7843000
Module End: F784E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: F7B05000
Module End: F7B07000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7853000
Module End: F7863000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7863000
Module End: F7872000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F63EC000
Module End: F640F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7D41000
Module End: F7D42000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6ABF000
Module End: F6ACC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A9F000
Module End: F7AA2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F63D5000
Module End: F63EC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F6AAF000
Module End: F6ABA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F6A9F000
Module End: F6AAB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F791B000
Module End: F7920000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F63C4000
Module End: F63D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F6A8F000
Module End: F6A98000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7923000
Module End: F7928000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F792B000
Module End: F7930000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F6A7F000
Module End: F6A89000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7933000
Module End: F7939000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F793B000
Module End: F7941000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7B07000
Module End: F7B09000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6366000
Module End: F63C4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7AAF000
Module End: F7AB3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F6A5F000
Module End: F6A69000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F6A3F000
Module End: F6A4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7B0B000
Module End: F7B0D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: A9ACE000
Module End: A9F25000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: A9AAA000
Module End: A9ACE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F6A2F000
Module End: F6A3E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F723A000
Module End: F723D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: A9A33000
Module End: A9A5A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F6356000
Module End: F6359000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7673000
Module End: F767C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7953000
Module End: F795A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7B27000
Module End: F7B29000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7CFC000
Module End: F7CFD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7B29000
Module End: F7B2B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Service Name: DLARTL_M
Module Base: F7963000
Module End: F7969000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F796B000
Module End: F7971000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7B2B000
Module End: F7B2D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7B2D000
Module End: F7B2F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7973000
Module End: F7978000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F797B000
Module End: F7983000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F634E000
Module End: F6351000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A9A00000
Module End: A9A13000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A99A7000
Module End: A9A00000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: A996D000
Module End: A99A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A9947000
Module End: A996D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7693000
Module End: F769C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A991F000
Module End: A9947000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A98FD000
Module End: A991F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F76A3000
Module End: F76AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F7983000
Module End: F7989000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: A98DB000
Module End: A98FD000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F798B000
Module End: F7991000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A98B0000
Module End: A98DB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A9818000
Module End: A9888000
Hidden: No

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0AC0C6D-D1AE-40E4-AF9E-178CDF3758E7}\MpKslea9f7dca.sys
Service Name: MpKslea9f7dca
Module Base: F799B000
Module End: F79A1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A9AA6000
Module End: A9AA9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F76C3000
Module End: F76CE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: A97F1000
Module End: A9818000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: A9A9A000
Module End: A9A9E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F79A3000
Module End: F79A9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: A97BD000
Module End: A97F1000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F7B35000
Module End: F7B37000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76F3000
Module End: F7703000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A97A5000
Module End: A97BD000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B37000
Module End: F7B39000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F723E000
Module End: F7241000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F79BB000
Module End: F79C0000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7BDC000
Module End: F7BDD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: A964E000
Module End: A9665000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: F77F3000
Module End: F77FE000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResM.SYS
Service Name: DLADResM
Module Base: F7C4A000
Module End: F7C4B000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: A960E000
Module End: A9626000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: F79D3000
Module End: F79D8000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: F7B3F000
Module End: F7B41000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABMFSM.SYS
Service Name: DLABMFSM
Module Base: F79DB000
Module End: F79E2000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: F79E3000
Module End: F79EA000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: A95F8000
Module End: A960E000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: A95E1000
Module End: A95F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\packet.sys
Service Name: Packet
Module Base: A9642000
Module End: A9646000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A963E000
Module End: A9642000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A91CC000
Module End: A91F9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A90C7000
Module End: A90DC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7BAB000
Module End: F7BAD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A9249000
Module End: A9258000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A8D5F000
Module End: A8DB7000
Hidden: No

Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0AC0C6D-D1AE-40E4-AF9E-178CDF3758E7}\MpKsl87262213.sys
Service Name: MpKsl87262213
Module Base: F78CB000
Module End: F78D1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A82CB000
Module End: A830C000
Hidden: No

Module Name: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Service Name: DSproct
Module Base: F7B4B000
Module End: F7B4D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A7E7F000
Module End: A7EAA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F79EB000
Module End: F79F2000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F7D1290C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F7D128C6
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSection
Address: F7D12916
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7D128BC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7D128CB
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7D128D5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: F7D12907
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7D128DA
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7D128A8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7D128AD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7D128E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7D128DF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: F7D1291B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7D128D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F7D128B7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1106
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1105
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1104
Remote Address: IAD04S01-IN-F120.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1094
Remote Address: VW-IN-F103.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1090
Remote Address: QY-IN-F103.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1079
Remote Address: SINGLECLICK.DMARC.NJ3.ATLANTICMETRO.NET:HTTP
Type: TCP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: ESTABLISHED

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CORNERSTONE:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: CORNERSTONE:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: CORNERSTONE:5152
Remote Address: LOCALHOST:1088
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: CORNERSTONE:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: CORNERSTONE:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: LISTENING

Local Address: CORNERSTONE:1092
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1091
Remote Address: LOCALHOST:1092
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1088
Remote Address: LOCALHOST:5152
Type: TCP
Process: 2340 (PID)
State: FIN_WAIT2

Local Address: CORNERSTONE:1085
Remote Address: LOCALHOST:1084
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1084
Remote Address: LOCALHOST:1085
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CORNERSTONE:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: CORNERSTONE:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CORNERSTONE:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CORNERSTONE.MYHOME.WESTELL.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CORNERSTONE:10316
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\hnm_svc.exe
State: NA

Local Address: CORNERSTONE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CORNERSTONE:1078
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:1026
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: CORNERSTONE:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: CORNERSTONE:10426
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:10421
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CORNERSTONE:1039
Remote Address: NA
Type: UDP
Process: C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
State: NA

Local Address: CORNERSTONE:1027
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CORNERSTONE:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CORNERSTONE:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #9 on:** September 29, 2011, 04:25:19 PM »

ComboFix is running from the wrong location. Please uninstall/delete it, download a new one and install it on your desktop and run a new scan.
I don't recall asking you to run SysProt AntiRootkit. Please do not run any new programs unless requested to do so.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

stonemanjr · « **Reply #10 on:** September 29, 2011, 04:25:30 PM »

ComboFix 11-09-29.06 - TERESA 09/29/2011 17:53:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.430 [GMT -4:00]
Running from: c:\documents and settings\TERESA\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
---- Previous Run -------
.
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\CORNERSTONE LLC\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\TERESA.CORNERSTONE\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\dsca.exe.7999547.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\EULA.exe.e24c9112.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\InCEE.exe.a3c237c3.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\SL11A.tmp.31bba02f.ini
c:\documents and settings\TERESA\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 15:10 . 2011-09-29 15:10   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\MpKsld66538a4.sys
2011-09-29 15:09 . 2011-09-29 15:09   56200   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\offreg.dll
2011-09-29 15:09 . 2011-09-12 23:14   7269712   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\mpengine.dll
2011-09-06 21:39 . 2011-09-29 14:58   --------   d-----w-   c:\windows\system32\CatRoot2
2011-09-03 10:17 . 2011-09-09 09:12   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-07-20 17:52   7269712   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 17:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-08-12 15:52 . 2011-08-12 15:52   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-08-25 11:25   7152464   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 09:05 . 2010-05-07 17:41   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2009-04-01 17:08   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-10 17:51   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:12 . 2009-09-04 06:33   66616   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-07-12 16:12 . 2009-09-04 06:33   138192   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-07-08 14:02 . 2004-08-10 17:51   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-02-03 23:44   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-03 23:44   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-19 14:13 . 2009-11-23 22:15   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-06_22.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-29 16:35 . 2011-09-29 16:35   16384 c:\windows\Temp\Perflib_Perfdata_abc.dat
+ 2011-09-08 17:54 . 2011-09-08 17:54   22016 c:\windows\Installer\1d9c144.msi
- 2011-06-15 20:08 . 2011-06-15 20:08   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-09-15 09:05 . 2011-09-15 09:05   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-01-02 23:54 . 2009-01-02 23:54   9851 c:\windows\system32\mswnnrote.dll
- 2010-07-25 21:59 . 2010-07-25 21:59   9851 c:\windows\system32\mswnnrote.dll
- 2011-07-07 19:24 . 2011-05-04 08:52   157472 c:\windows\system32\javaws.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05   157472 c:\windows\system32\javaws.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05   145184 c:\windows\system32\javaw.exe
- 2011-07-07 19:24 . 2011-05-04 08:52   145184 c:\windows\system32\javaw.exe
- 2011-07-07 19:24 . 2011-05-04 08:52   145184 c:\windows\system32\java.exe
+ 2011-09-29 16:35 . 2011-07-19 09:05   145184 c:\windows\system32\java.exe
+ 2011-09-29 16:58 . 2011-09-29 16:58   203776 c:\windows\Installer\6eb24e.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43   3795968 c:\windows\Installer\185edbca.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48   8181248 c:\windows\Installer\185edbc2.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39   9892352 c:\windows\Installer\185edbba.msp
+ 2009-04-03 23:21 . 2009-04-03 23:21   8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-01-08 05:56 . 2011-09-29 15:01   47369160 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 68856]
"enots"="c:\program files\Npnzlrbdmjxegeqc\qxzxjvblnw.exe" [2006-11-05 2289919]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-19 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"enots"="c:\program files\npnzlrbdmjxegeqc\qxzxjvblnw.exe" [2006-11-05 2289919]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQ
wAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUA VQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANQA
zADgAMwA3ADUAMAA5ADkALQBUADUALQBLAFYAMw ArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFMAV AAxAC
sAMgAtAEYAUAA5ACsANgAtAEIAQQBSADkATwArA DEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABP ADMANg
ArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AM QAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0A MgArA
DEALQBEAEQAVAArADUAOQA3ADAANwAtAEQARAA5 ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwA xAA&prod=90&ver=9.0.901" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-20 7168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"vtfonouchgduhrdehfhkTaskMgr"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 MpKsl835fca01;MpKsl835fca01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys [?]
R1 MpKsld66538a4;MpKsld66538a4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7FFD771-10A1-4662-AA5C-7E08DCC81685}\MpKsld66538a4.sys [9/29/2011 11:10 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/4/2009 2:33 AM 136360]
S1 aitvlgmq;aitvlgmq;\??\c:\windows\system32\drivers\aitvlgmq.sys --> c:\windows\system32\drivers\aitvlgmq.sys [?]
S1 csgcdngj;csgcdngj;\??\c:\windows\system32\drivers\csgcdngj.sys --> c:\windows\system32\drivers\csgcdngj.sys [?]
S1 fzbjjxqk;fzbjjxqk;\??\c:\windows\system32\drivers\fzbjjxqk.sys --> c:\windows\system32\drivers\fzbjjxqk.sys [?]
S1 jicuygtu;jicuygtu;\??\c:\windows\system32\drivers\jicuygtu.sys --> c:\windows\system32\drivers\jicuygtu.sys [?]
S1 MpKsl0821a7de;MpKsl0821a7de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl0821a7de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl0821a7de.sys [?]
S1 MpKsl0e44e987;MpKsl0e44e987;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09C1F489-DBEF-4352-A225-327C77F845E2}\MpKsl0e44e987.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09C1F489-DBEF-4352-A225-327C77F845E2}\MpKsl0e44e987.sys [?]
S1 MpKsl0e57dffb;MpKsl0e57dffb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAA1A41-0C55-446D-8853-5C8722EDA63B}\MpKsl0e57dffb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAA1A41-0C55-446D-8853-5C8722EDA63B}\MpKsl0e57dffb.sys [?]
S1 MpKsl3be578e8;MpKsl3be578e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{463C4246-A0AF-43B8-A4E5-C4CD9CD8E8ED}\MpKsl3be578e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{463C4246-A0AF-43B8-A4E5-C4CD9CD8E8ED}\MpKsl3be578e8.sys [?]
S1 MpKsl6df5701a;MpKsl6df5701a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{435A1F7B-FE54-4BAA-9D61-863F37589058}\MpKsl6df5701a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{435A1F7B-FE54-4BAA-9D61-863F37589058}\MpKsl6df5701a.sys [?]
S1 MpKsl730d167e;MpKsl730d167e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl730d167e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8045CF92-C260-4235-89FB-F68F10038BF1}\MpKsl730d167e.sys [?]
S1 MpKsl96e84b25;MpKsl96e84b25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67AFFD6F-4CF9-4D19-9A09-C2E89137EAB5}\MpKsl96e84b25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67AFFD6F-4CF9-4D19-9A09-C2E89137EAB5}\MpKsl96e84b25.sys [?]
S1 MpKsla4feba4a;MpKsla4feba4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsla4feba4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC131DCE-7DF4-4215-AF45-845205895ECC}\MpKsla4feba4a.sys [?]
S1 MpKsla63cd1ca;MpKsla63cd1ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B70390B-FEB2-4387-888D-F71AEE6FB829}\MpKsla63cd1ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B70390B-FEB2-4387-888D-F71AEE6FB829}\MpKsla63cd1ca.sys [?]
S1 MpKslb471e789;MpKslb471e789;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{088CDD4C-6C34-4750-A77E-CACB5704BF78}\MpKslb471e789.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{088CDD4C-6C34-4750-A77E-CACB5704BF78}\MpKslb471e789.sys [?]
S1 MpKslbd20a6ce;MpKslbd20a6ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F179367E-C9BB-4931-9C2F-37E8D4508FC3}\MpKslbd20a6ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F179367E-C9BB-4931-9C2F-37E8D4508FC3}\MpKslbd20a6ce.sys [?]
S1 MpKslcb1ffcb3;MpKslcb1ffcb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E268F040-C521-4F01-8DEB-689C60CCE460}\MpKslcb1ffcb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E268F040-C521-4F01-8DEB-689C60CCE460}\MpKslcb1ffcb3.sys [?]
S1 MpKslf03d2df7;MpKslf03d2df7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77B75F8B-7061-4B4D-9DF9-102D8BDCE7BA}\MpKslf03d2df7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77B75F8B-7061-4B4D-9DF9-102D8BDCE7BA}\MpKslf03d2df7.sys [?]
S1 MpKslfc685657;MpKslfc685657;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64AD3157-275D-4585-A345-0213513504B1}\MpKslfc685657.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64AD3157-275D-4585-A345-0213513504B1}\MpKslfc685657.sys [?]
S1 pmirdaoq;pmirdaoq;\??\c:\windows\system32\drivers\pmirdaoq.sys --> c:\windows\system32\drivers\pmirdaoq.sys [?]
S1 qlupagro;qlupagro;\??\c:\windows\system32\drivers\qlupagro.sys --> c:\windows\system32\drivers\qlupagro.sys [?]
S1 rdjnrndg;rdjnrndg;\??\c:\windows\system32\drivers\rdjnrndg.sys --> c:\windows\system32\drivers\rdjnrndg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:11 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/20/2007 5:01 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:11 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;

.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MPKSLD66538A4
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\TERESA\Application Data\Mozilla\Firefox\Profiles\o8k8dx0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'winlogon.exe'(160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-09-29 18:05:10
ComboFix-quarantined-files.txt 2011-09-29 22:05
ComboFix2.txt 2011-07-11 15:37
ComboFix3.txt 2011-02-04 07:42
.
Pre-Run: 58,928,177,152 bytes free
Post-Run: 59,266,224,128 bytes free
.
- - End Of File - - B4FDBD52425DC4FDBB12AF4D69F6CB00

stonemanjr · « **Reply #11 on:** September 29, 2011, 04:27:15 PM »

sorry Dave. I didnt run SysProt. That was an old file-log from a previous run. I just had saved in same folder and posted for you to see. I am following only your directs

stonemanjr · « **Reply #12 on:** September 29, 2011, 04:29:47 PM »

Results of screen317's Security Check version 0.99.19
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
GTOneCare
Microsoft Security Essentials
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Privacy and Registry Cleaner
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
Java(TM) 6 Update 27
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox ((3.6.23)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

SuperDave · « **Reply #13 on:** September 29, 2011, 04:55:57 PM »

Wow! That was fast. How's your computer running now?

I still see two AV's running on your computer; Avira AntiVir Personal and Microsoft Security Essentials. One will have to be disabled.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner, Privacy and Registry Cleaner and Wise Registry Cleaner 5.9.4
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
***************************************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

stonemanjr · « **Reply #14 on:** September 29, 2011, 05:27:14 PM »

ok. will do tonite. yeah, I had already run the new COmboFix figuring that you'd want to see it.

stonemanjr · « **Reply #15 on:** September 29, 2011, 05:32:58 PM »

everthing is running great by the way..and printer seems to be fine now. Do you still want me to run the RootRepeal? I have not tried shutting down and rebooting and this was when that TR/Keylogger.qme would pop up.

SuperDave · « **Reply #16 on:** September 30, 2011, 04:46:57 PM »

Quote

Do you still want me to run the RootRepeal? I have not tried shutting down and rebooting and this was when that TR/Keylogger.qme would pop up.

Yes please. I would like to see the log.

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

stonemanjr · « **Reply #17 on:** October 03, 2011, 10:07:44 AM »

ok. copy

stonemanjr · « **Reply #18 on:** October 04, 2011, 01:30:38 PM »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/10/04 15:25
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF74C4000   Size: 187776   File Visible: -   Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000   Size: 2069376   File Visible: -   Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9908000   Size: 138496   File Visible: -   Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF747C000   Size: 96512   File Visible: -   Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBF48D000   Size: 290816   File Visible: -   Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C44000   Size: 3072   File Visible: -   Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7B77000   Size: 6144   File Visible: -   Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA9667000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA97D6000   Size: 159744   File Visible: -   Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B6F000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A03000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\TERESA\LOCALS~1\Temp\catchme.sys
Address: 0xF7973000   Size: 31744   File Visible: No   Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7743000   Size: 63744   File Visible: -   Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF77E3000   Size: 62976   File Visible: -   Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7633000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7623000   Size: 36352   File Visible: -   Signed: -
Status: -

Name: DLABMFSM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABMFSM.SYS
Address: 0xF78E3000   Size: 28192   File Visible: -   Signed: -
Status: -

Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xF78EB000   Size: 25568   File Visible: -   Signed: -
Status: -

Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xF7B15000   Size: 6016   File Visible: -   Signed: -
Status: -

Name: DLADResM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResM.SYS
Address: 0xF7C0C000   Size: 2496   File Visible: -   Signed: -
Status: -

Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xA964F000   Size: 97568   File Visible: -   Signed: -
Status: -

Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xF78DB000   Size: 19104   File Visible: -   Signed: -
Status: -

Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xF7BA5000   Size: 7616   File Visible: -   Signed: -
Status: -

Name: DLARTL_M.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Address: 0xF79AB000   Size: 21280   File Visible: -   Signed: -
Status: -

Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xA95FA000   Size: 90944   File Visible: -   Signed: -
Status: -

Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xA9611000   Size: 87744   File Visible: -   Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7693000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xF736D000   Size: 90080   File Visible: -   Signed: -
Status: -

Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xF76B3000   Size: 42496   File Visible: -   Signed: -
Status: -

Name: DSproct.sys
Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Address: 0xF7BAD000   Size: 4736   File Visible: -   Signed: -
Status: -

Name: dsunidrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Address: 0xF7B8B000   Size: 5376   File Visible: -   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA97BE000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B85000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF6B06000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000   Size: 73728   File Visible: -   Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D45000   Size: 4096   File Visible: -   Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xF6C66000   Size: 266240   File Visible: -   Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA790D000   Size: 143744   File Visible: -   Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA790D000   Size: 143744   File Visible: -   Signed: -
Status: Hidden from the Windows API!

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7933000   Size: 27392   File Visible: -   Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76F3000   Size: 44544   File Visible: -   Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7395000   Size: 129792   File Visible: -   Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B6D000   Size: 7936   File Visible: -   Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7494000   Size: 125056   File Visible: -   Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D1000   Size: 131840   File Visible: -   Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6C1A000   Size: 163840   File Visible: -   Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF76A3000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF799B000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA9A45000   Size: 10368   File Visible: -   Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA80F4000   Size: 265728   File Visible: -   Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7AA7000   Size: 8576   File Visible: -   Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF73B5000   Size: 815104   File Visible: -   Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04E000   Size: 1720320   File Visible: -   Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1F2000   Size: 2732032   File Visible: -   Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000   Size: 172032   File Visible: -   Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF6CBB000   Size: 5760096   File Visible: -   Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000   Size: 73728   File Visible: -   Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF77D3000   Size: 42112   File Visible: -   Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF77C3000   Size: 36352   File Visible: -   Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA97FD000   Size: 152832   File Visible: -   Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA99AB000   Size: 75264   File Visible: -   Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F3000   Size: 37248   File Visible: -   Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7953000   Size: 24576   File Visible: -   Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xA9A19000   Size: 14592   File Visible: -   Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7AF3000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6BF7000   Size: 143360   File Visible: -   Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7356000   Size: 92928   File Visible: -   Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B71000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF795B000   Size: 23040   File Visible: -   Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA9A21000   Size: 12160   File Visible: -   Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7603000   Size: 42368   File Visible: -   Signed: -
Status: -

Name: MpFilter.sys
Image Path: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Address: 0xA99DE000   Size: 157696   File Visible: -   Signed: -
Status: -

Name: MpKsl19561af1.sys
Image Path: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A879DE17-9E57-40C1-9300-FCB19C9319F5}\MpKsl19561af1.sys
Address: 0xF78D3000   Size: 22784   File Visible: -   Signed: -
Status: -

Name: MpKsl835fca01.sys
Image Path: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4891F144-7B5C-4574-A64F-0DDA146E13E1}\MpKsl835fca01.sys
Address: 0xF79EB000   Size: 22784   File Visible: No   Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9068000   Size: 180608   File Visible: -   Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9823000   Size: 456320   File Visible: -   Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF79BB000   Size: 19072   File Visible: -   Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7833000   Size: 35072   File Visible: -   Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7AD7000   Size: 15488   File Visible: -   Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7282000   Size: 105472   File Visible: -   Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF729C000   Size: 182656   File Visible: -   Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7AC3000   Size: 10496   File Visible: -   Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA95F2000   Size: 14592   File Visible: -   Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6BE0000   Size: 91520   File Visible: -   Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7863000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76C3000   Size: 34688   File Visible: -   Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA992A000   Size: 162816   File Visible: -   Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF79C3000   Size: 30848   File Visible: -   Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF72C9000   Size: 574976   File Visible: -   Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000   Size: 2069376   File Visible: -   Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CD6000   Size: 2944   File Visible: -   Signed: -
Status: -

Name: packet.sys
Image Path: C:\WINDOWS\system32\DRIVERS\packet.sys
Address: 0xA95F6000   Size: 12672   File Visible: -   Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF787B000   Size: 19712   File Visible: -   Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF74B3000   Size: 68224   File Visible: -   Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7BBB000   Size: 3328   File Visible: -   Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7873000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000   Size: 2069376   File Visible: -   Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA9A55000   Size: 147456   File Visible: -   Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7B9D000   Size: 7872   File Visible: No   Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6BCF000   Size: 69120   File Visible: -   Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7943000   Size: 17792   File Visible: -   Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7643000   Size: 35648   File Visible: -   Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA9A3D000   Size: 8832   File Visible: -   Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7803000   Size: 51328   File Visible: -   Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7813000   Size: 41472   File Visible: -   Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7823000   Size: 48384   File Visible: -   Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF794B000   Size: 16512   File Visible: -   Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000   Size: 2069376   File Visible: -   Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA98BB000   Size: 175744   File Visible: -   Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B73000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF77F3000   Size: 57600   File Visible: -   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA82F5000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA9A79000   Size: 4550656   File Visible: -   Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF79D3000   Size: 24576   File Visible: -   Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xA98E6000   Size: 139264   File Visible: -   Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7383000   Size: 73472   File Visible: -   Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA8EF8000   Size: 357888   File Visible: -   Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF79CB000   Size: 23040   File Visible: -   Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B19000   Size: 4352   File Visible: -   Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9442000   Size: 60800   File Visible: -   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9952000   Size: 361600   File Visible: -   Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF793B000   Size: 20480   File Visible: -   Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7843000   Size: 40704   File Visible: -   Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\WINDOWS\System32\TSDDD.dll
Address: 0xBFF50000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6B71000   Size: 384768   File Visible: -   Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B1D000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF792B000   Size: 30208   File Visible: -   Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7683000   Size: 59520   File Visible: -   Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6C42000   Size: 147456   File Visible: -   Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xA8540000   Size: 25856   File Visible: -   Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7923000   Size: 20608   File Visible: -   Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF79B3000   Size: 20992   File Visible: -   Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6CA7000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7613000   Size: 52352   File Visible: -   Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76E3000   Size: 34560   File Visible: -   Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78BB000   Size: 20480   File Visible: -   Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA92C5000   Size: 83072   File Visible: -   Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000   Size: 1859584   File Visible: -   Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000   Size: 1859584   File Visible: -   Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7AF5000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000   Size: 2069376   File Visible: -   Signed: -
Status: -

SuperDave · « **Reply #19 on:** October 04, 2011, 01:32:36 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

stonemanjr · « **Reply #20 on:** October 04, 2011, 03:15:38 PM »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7869

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/4/2011 4:01:30 PM
mbam-log-2011-10-04 (16-01-30).txt

Scan type: Quick scan
Objects scanned: 209757
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #21 on:** October 04, 2011, 04:18:33 PM »

I will need to see the log from ESET.

stonemanjr · « **Reply #22 on:** October 06, 2011, 05:21:29 PM »

stonemanjr · « **Reply #23 on:** October 12, 2011, 08:51:29 AM »

# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-04 11:48:40
# local_time=2011-10-04 07:48:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 85459454 85459454 0 0
# compatibility_mode=1024 16777215 100 0 337369 337369 0 0
# compatibility_mode=1797 16775125 100 100 0 91712757 0 0
# compatibility_mode=5891 16776533 42 87 0 13694263 0 0
# compatibility_mode=8192 67108863 100 0 43640425 43640425 0 0
# scanned=64144
# found=0
# cleaned=0
# scan_time=9130
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d9aee047b2824e49b50e094c890765d8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-11 05:30:59
# local_time=2011-10-11 01:30:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 86041046 86041046 0 0
# compatibility_mode=1024 16777215 100 0 918961 918961 0 0
# compatibility_mode=1797 16775125 100 100 0 92294349 0 0
# compatibility_mode=5891 16776533 42 87 0 14275855 0 0
# compatibility_mode=8192 67108863 100 0 44222017 44222017 0 0
# scanned=65329
# found=0
# cleaned=0
# scan_time=9678
ESETSmartInstaller@High as downloader log:
all ok

stonemanjr · « **Reply #24 on:** October 12, 2011, 08:58:00 AM »

thanks Dave!

We are still seeing this notice from avira that says "TR/Keylogger file found and then things like msmuneero.dll and other unknown .dll files popping up connected to the TR/Keyloffer announcements.

SuperDave · « **Reply #25 on:** October 12, 2011, 04:30:26 PM »

Please try this. Download and install MSE on your computer. Disable your Avira Anti-virus. Run a complete scan with MSE and tell if anything shows up.

Microsoft Security Essentials for Windows XP

stonemanjr · « **Reply #26 on:** October 13, 2011, 10:07:35 AM »

ok good deal. Will run

stonemanjr · « **Reply #27 on:** October 20, 2011, 07:25:30 PM »

nothing found with essentials

stonemanjr · « **Reply #28 on:** October 20, 2011, 07:27:18 PM »

Everything is running fine, no issues with internet, but when computer is shut down, and rebooted then we see the avira notice of TR/Keylogger found and this msmuneero.dll file found.

also, the printer will run sometimes and other times it will not??

SuperDave · « **Reply #29 on:** October 21, 2011, 12:06:15 PM »

Quote

Everything is running fine, no issues with internet, but when computer is shut down, and rebooted then we see the avira notice of TR/Keylogger found and this msmuneero.dll file found.

Disable Avira and enable MSE. Run it for a few days to see if anything shows. If nothing shows, you then have a choice of keeping Avira or MSE. Please let me know how it turns out then we can do some cleanup.

Quote

also, the printer will run sometimes and other times it will not??

You should start a new thread in the hardware forum for this problem.

stonemanjr · « **Reply #30 on:** October 25, 2011, 01:43:50 PM »

OK. it has been running pretty much since installed. It seems that when the Combo Fix was run, that the notice at first disappeared. The other notice that appears is a file in the temp (which is not visible) is being alerted for called "ark5.dll" and is connected with the TR/Keylogger notice and the other file the "msruneero.dll" do either of these sound suspicious? esp with us not being able to find them when looking for them?

SuperDave · « **Reply #31 on:** October 26, 2011, 01:39:39 PM »

Quote

The other notice that appears is a file in the temp (which is not visible) is being alerted for called "ark5.dll" and is connected with the TR/Keylogger notice and the other file the "msruneero.dll" do either of these sound suspicious? esp with us not being able to find them when looking for them?

What program is giving you these warnings?

stonemanjr · « **Reply #32 on:** October 29, 2011, 02:51:30 PM »

Avira AntiVir..shows a pop up windows that then asks if we want to remove. We select it runs thru a scan and what seems to be a removal and quarantine process. Dont see again until machine is shut down and restarted.

Cannot locate thes files in any directory that they indicate where located in that warning

SuperDave · « **Reply #33 on:** October 29, 2011, 07:00:56 PM »

Were you getting those warnings with MSE?

stonemanjr · « **Reply #34 on:** November 01, 2011, 02:13:47 PM »

no nothing being picked up anywhere else or by other programs

SuperDave · « **Reply #35 on:** November 01, 2011, 04:15:24 PM »

It looks like a false-positive from Avira. Did you try uninstalling and re-installing Avira?

stonemanjr · « **Reply #36 on:** November 03, 2011, 01:57:26 PM »

yes. the strange thing is that it continues to refer to a TR/Keylogger with the names of files in a source directory that we cannot find them-not visible

SuperDave · « **Reply #37 on:** November 03, 2011, 04:24:54 PM »

Quote

yes. the strange thing is that it continues to refer to a TR/Keylogger with the names of files in a source directory that we cannot find them-not visible

Also strange is that no other protective program is picking this up. Let's try a few rootkit scans to see if there's anything there.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

***************************************************
Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

stonemanjr · « **Reply #38 on:** November 07, 2011, 09:39:07 AM »

Kaspersky showed no threats but didnt create a report, when closed

stonemanjr · « **Reply #39 on:** November 07, 2011, 09:53:46 AM »

ok, while the aswMBR scan was running, a notice popped up saying: unp259168444.tmp file found with a notification from: TR/Crypt.XPack.Gen

stonemanjr · « **Reply #40 on:** November 07, 2011, 10:05:37 AM »

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 11:34:03
-----------------------------
11:34:03.953 OS Version: Windows 5.1.2600 Service Pack 3
11:34:03.953 Number of processors: 1 586 0x1601
11:34:03.953 ComputerName: CORNERSTONE UserName: TERESA
11:34:08.328 Initialize success
11:37:01.359 AVAST engine defs: 11110700
11:37:59.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:37:59.218 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
11:38:01.265 Disk 0 MBR read successfully
11:38:01.265 Disk 0 MBR scan
11:38:01.406 Disk 0 Windows XP default MBR code
11:38:01.421 Disk 0 scanning sectors +156232125
11:38:01.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:39:23.718 Service scanning
11:39:27.406 Service MpKsl6f2081d9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19BC5739-9468-4930-83D5-25D96BF830C7}\MpKsl6f2081d9.sys **LOCKED** 32
11:39:28.078 Modules scanning
11:39:41.812 Disk 0 trace - called modules:
11:39:41.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:39:41.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8eab8]
11:39:41.875 3 CLASSPNP.SYS[f75f3fd7] -> nt!IofCallDriver -> \Device\00000070[0x86d261c8]
11:39:41.875 5 ACPI.sys[f748a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d1f940]
11:39:43.125 AVAST engine scan C:\WINDOWS
11:40:21.906 AVAST engine scan C:\WINDOWS\system32
11:46:14.187 AVAST engine scan C:\WINDOWS\system32\drivers
11:46:42.203 AVAST engine scan C:\Documents and Settings\TERESA
11:50:07.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\MBR.dat"
11:50:08.000 The log file has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 11:34:03
-----------------------------
11:34:03.953 OS Version: Windows 5.1.2600 Service Pack 3
11:34:03.953 Number of processors: 1 586 0x1601
11:34:03.953 ComputerName: CORNERSTONE UserName: TERESA
11:34:08.328 Initialize success
11:37:01.359 AVAST engine defs: 11110700
11:37:59.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:37:59.218 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
11:38:01.265 Disk 0 MBR read successfully
11:38:01.265 Disk 0 MBR scan
11:38:01.406 Disk 0 Windows XP default MBR code
11:38:01.421 Disk 0 scanning sectors +156232125
11:38:01.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:39:23.718 Service scanning
11:39:27.406 Service MpKsl6f2081d9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19BC5739-9468-4930-83D5-25D96BF830C7}\MpKsl6f2081d9.sys **LOCKED** 32
11:39:28.078 Modules scanning
11:39:41.812 Disk 0 trace - called modules:
11:39:41.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:39:41.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8eab8]
11:39:41.875 3 CLASSPNP.SYS[f75f3fd7] -> nt!IofCallDriver -> \Device\00000070[0x86d261c8]
11:39:41.875 5 ACPI.sys[f748a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d1f940]
11:39:43.125 AVAST engine scan C:\WINDOWS
11:40:21.906 AVAST engine scan C:\WINDOWS\system32
11:46:14.187 AVAST engine scan C:\WINDOWS\system32\drivers
11:46:42.203 AVAST engine scan C:\Documents and Settings\TERESA
11:50:07.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\MBR.dat"
11:50:08.000 The log file has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\aswMBR.txt"
11:54:58.234 AVAST engine scan C:\Documents and Settings\All Users
11:56:32.625 Scan finished successfully
12:00:15.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\MBR.dat"
12:00:15.812 The log file has been saved successfully to "C:\Documents and Settings\TERESA\Desktop\aswMBR.txt"

SuperDave · « **Reply #41 on:** November 07, 2011, 12:59:08 PM »

Were you able to run TDSSKiller from Reply # 37?

stonemanjr · « **Reply #42 on:** November 07, 2011, 03:45:18 PM »

OK found the log text under C:\
see here

11:33:11.0328 2820   TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
11:33:11.0640 2820   ============================================================
11:33:11.0640 2820   Current date / time: 2011/11/07 11:33:11.0640
11:33:11.0640 2820   SystemInfo:
11:33:11.0640 2820
11:33:11.0640 2820   OS Version: 5.1.2600 ServicePack: 3.0
11:33:11.0640 2820   Product type: Workstation
11:33:11.0640 2820   ComputerName: CORNERSTONE
11:33:11.0640 2820   UserName: TERESA
11:33:11.0640 2820   Windows directory: C:\WINDOWS
11:33:11.0640 2820   System windows directory: C:\WINDOWS
11:33:11.0640 2820   Processor architecture: Intel x86
11:33:11.0640 2820   Number of processors: 1
11:33:11.0640 2820   Page size: 0x1000
11:33:11.0640 2820   Boot type: Normal boot
11:33:11.0640 2820   ============================================================
11:33:14.0640 2820   Initialize success
11:33:17.0390 0624   ============================================================
11:33:17.0390 0624   Scan started
11:33:17.0390 0624   Mode: Manual;
11:33:17.0390 0624   ============================================================
11:33:18.0937 0624   Abiosdsk - ok
11:33:19.0015 0624   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:33:19.0031 0624   abp480n5 - ok
11:33:19.0109 0624   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:33:19.0109 0624   ACPI - ok
11:33:19.0187 0624   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:33:19.0187 0624   ACPIEC - ok
11:33:19.0281 0624   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:33:19.0281 0624   adpu160m - ok
11:33:19.0328 0624   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:33:19.0328 0624   aec - ok
11:33:19.0390 0624   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:33:19.0390 0624   AFD - ok
11:33:19.0453 0624   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:33:19.0453 0624   agp440 - ok
11:33:19.0484 0624   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:33:19.0484 0624   agpCPQ - ok
11:33:19.0578 0624   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:33:19.0578 0624   Aha154x - ok
11:33:19.0640 0624   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:33:19.0640 0624   aic78u2 - ok
11:33:19.0703 0624   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:33:19.0703 0624   aic78xx - ok
11:33:19.0734 0624   aitvlgmq - ok
11:33:19.0765 0624   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:33:19.0765 0624   AliIde - ok
11:33:19.0812 0624   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:33:19.0812 0624   alim1541 - ok
11:33:20.0234 0624   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:33:20.0234 0624   amdagp - ok
11:33:20.0421 0624   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:33:20.0453 0624   amsint - ok
11:33:20.0875 0624   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:33:20.0890 0624   asc - ok
11:33:21.0031 0624   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:33:21.0031 0624   asc3350p - ok
11:33:21.0093 0624   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:33:21.0093 0624   asc3550 - ok
11:33:21.0125 0624   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:33:21.0125 0624   AsyncMac - ok
11:33:21.0156 0624   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:33:21.0156 0624   atapi - ok
11:33:21.0203 0624   Atdisk - ok
11:33:21.0218 0624   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:33:21.0218 0624   Atmarpc - ok
11:33:21.0281 0624   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:33:21.0281 0624   audstub - ok
11:33:21.0328 0624   avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:33:21.0328 0624   avgntflt - ok
11:33:21.0375 0624   avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:33:21.0375 0624   avipbb - ok
11:33:21.0421 0624   avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:33:21.0453 0624   avkmgr - ok
11:33:21.0625 0624   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:33:21.0640 0624   Beep - ok
11:33:21.0781 0624   catchme - ok
11:33:21.0859 0624   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:33:21.0859 0624   cbidf - ok
11:33:21.0859 0624   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:33:21.0859 0624   cbidf2k - ok
11:33:21.0921 0624   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:33:21.0921 0624   cd20xrnt - ok
11:33:22.0062 0624   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:33:22.0062 0624   Cdaudio - ok
11:33:22.0078 0624   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:33:22.0078 0624   Cdfs - ok
11:33:22.0093 0624   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:33:22.0093 0624   Cdrom - ok
11:33:22.0109 0624   Changer - ok
11:33:22.0171 0624   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:33:22.0171 0624   CmdIde - ok
11:33:22.0187 0624   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:33:22.0187 0624   Cpqarray - ok
11:33:22.0203 0624   csgcdngj - ok
11:33:22.0234 0624   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:33:22.0234 0624   dac2w2k - ok
11:33:22.0265 0624   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:33:22.0265 0624   dac960nt - ok
11:33:22.0359 0624   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:33:22.0359 0624   Disk - ok
11:33:22.0437 0624   DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
11:33:22.0437 0624   DLABMFSM - ok
11:33:22.0453 0624   DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:33:22.0453 0624   DLABOIOM - ok
11:33:22.0515 0624   DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:33:22.0515 0624   DLACDBHM - ok
11:33:22.0515 0624   DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
11:33:22.0531 0624   DLADResM - ok
11:33:22.0531 0624   DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:33:22.0531 0624   DLAIFS_M - ok
11:33:22.0546 0624   DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:33:22.0546 0624   DLAOPIOM - ok
11:33:22.0562 0624   DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:33:22.0562 0624   DLAPoolM - ok
11:33:22.0562 0624   DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:33:22.0562 0624   DLARTL_M - ok
11:33:22.0578 0624   DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:33:22.0578 0624   DLAUDFAM - ok
11:33:22.0593 0624   DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:33:22.0593 0624   DLAUDF_M - ok
11:33:22.0687 0624   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:33:22.0687 0624   dmboot - ok
11:33:22.0703 0624   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:33:22.0718 0624   dmio - ok
11:33:22.0781 0624   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:33:22.0781 0624   dmload - ok
11:33:23.0078 0624   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:33:23.0078 0624   DMusic - ok
11:33:23.0109 0624   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:33:23.0109 0624   dpti2o - ok
11:33:23.0140 0624   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:33:23.0140 0624   drmkaud - ok
11:33:23.0156 0624   DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:33:23.0156 0624   DRVMCDB - ok
11:33:23.0171 0624   DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:33:23.0171 0624   DRVNDDM - ok
11:33:23.0296 0624   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:33:23.0296 0624   DSproct - ok
11:33:23.0343 0624   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
11:33:23.0343 0624   dsunidrv - ok
11:33:23.0390 0624   E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:33:23.0390 0624   E100B - ok
11:33:23.0437 0624   e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:33:23.0437 0624   e1express - ok
11:33:23.0484 0624   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:33:23.0484 0624   Fastfat - ok
11:33:23.0500 0624   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:33:23.0500 0624   Fdc - ok
11:33:23.0515 0624   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:33:23.0515 0624   Fips - ok
11:33:23.0546 0624   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:33:23.0546 0624   Flpydisk - ok
11:33:23.0578 0624   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:33:23.0593 0624   FltMgr - ok
11:33:23.0640 0624   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:33:23.0640 0624   Fs_Rec - ok
11:33:23.0640 0624   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:33:23.0640 0624   Ftdisk - ok
11:33:23.0656 0624   fzbjjxqk - ok
11:33:23.0671 0624   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:33:23.0671 0624   Gpc - ok
11:33:23.0687 0624   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:33:23.0687 0624   HDAudBus - ok
11:33:23.0687 0624   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:33:23.0687 0624   HidUsb - ok
11:33:23.0718 0624   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:33:23.0718 0624   hpn - ok
11:33:23.0781 0624   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:33:23.0781 0624   HTTP - ok
11:33:23.0875 0624   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:33:23.0875 0624   i2omgmt - ok
11:33:23.0937 0624   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:33:23.0937 0624   i2omp - ok
11:33:24.0031 0624   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:33:24.0031 0624   i8042prt - ok
11:33:24.0250 0624   ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:33:24.0296 0624   ialm - ok
11:33:24.0328 0624   iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
11:33:24.0328 0624   iaStor - ok
11:33:24.0343 0624   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:33:24.0343 0624   Imapi - ok
11:33:24.0375 0624   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:33:24.0375 0624   ini910u - ok
11:33:24.0531 0624   IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:33:24.0562 0624   IntcAzAudAddService - ok
11:33:24.0593 0624   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:33:24.0593 0624   IntelIde - ok
11:33:24.0656 0624   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:33:24.0656 0624   intelppm - ok
11:33:24.0703 0624   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:33:24.0703 0624   Ip6Fw - ok
11:33:24.0718 0624   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:33:24.0718 0624   IpFilterDriver - ok
11:33:24.0734 0624   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:33:24.0734 0624   IpInIp - ok
11:33:24.0796 0624   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:33:24.0796 0624   IpNat - ok
11:33:24.0812 0624   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:33:24.0812 0624   IPSec - ok
11:33:24.0859 0624   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:33:24.0859 0624   IRENUM - ok
11:33:24.0875 0624   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:33:24.0875 0624   isapnp - ok
11:33:24.0875 0624   jicuygtu - ok
11:33:24.0953 0624   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:33:24.0953 0624   Kbdclass - ok
11:33:24.0968 0624   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:33:24.0968 0624   kbdhid - ok
11:33:25.0015 0624   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:33:25.0015 0624   kmixer - ok
11:33:25.0046 0624   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:33:25.0046 0624   KSecDD - ok
11:33:25.0046 0624   lbrtfdc - ok
11:33:25.0062 0624   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:33:25.0062 0624   mnmdd - ok
11:33:25.0109 0624   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:33:25.0109 0624   Modem - ok
11:33:25.0140 0624   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:33:25.0140 0624   Mouclass - ok
11:33:25.0187 0624   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:33:25.0187 0624   mouhid - ok
11:33:25.0187 0624   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:33:25.0187 0624   MountMgr - ok
11:33:25.0265 0624   MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:33:25.0265 0624   MpFilter - ok
11:33:25.0390 0624   MpKsl0821a7de - ok
11:33:25.0390 0624   MpKsl0e44e987 - ok
11:33:25.0390 0624   MpKsl0e57dffb - ok
11:33:25.0390 0624   MpKsl3be578e8 - ok
11:33:25.0390 0624   MpKsl6df5701a - ok
11:33:25.0437 0624   MpKsl6f2081d9 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19BC5739-9468-4930-83D5-25D96BF830C7}\MpKsl6f2081d9.sys
11:33:25.0437 0624   MpKsl6f2081d9 - ok
11:33:25.0437 0624   MpKsl730d167e - ok
11:33:25.0453 0624   MpKsl96e84b25 - ok
11:33:25.0453 0624   MpKsla4feba4a - ok
11:33:25.0453 0624   MpKsla63cd1ca - ok
11:33:25.0453 0624   MpKslb471e789 - ok
11:33:25.0453 0624   MpKslbd20a6ce - ok
11:33:25.0453 0624   MpKslcb1ffcb3 - ok
11:33:25.0468 0624   MpKslf03d2df7 - ok
11:33:25.0468 0624   MpKslfc685657 - ok
11:33:25.0531 0624   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:33:25.0531 0624   mraid35x - ok
11:33:25.0562 0624   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:33:25.0562 0624   MRxDAV - ok
11:33:25.0640 0624   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:33:25.0640 0624   MRxSmb - ok
11:33:25.0656 0624   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:33:25.0656 0624   Msfs - ok
11:33:25.0671 0624   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:33:25.0671 0624   MSKSSRV - ok
11:33:25.0687 0624   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:33:25.0687 0624   MSPCLOCK - ok
11:33:25.0703 0624   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:33:25.0703 0624   MSPQM - ok
11:33:25.0750 0624   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:33:25.0750 0624   mssmbios - ok
11:33:25.0765 0624   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:33:25.0781 0624   Mup - ok
11:33:25.0781 0624   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:33:25.0781 0624   NDIS - ok
11:33:25.0828 0624   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:33:25.0828 0624   NdisTapi - ok
11:33:25.0859 0624   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:33:25.0859 0624   Ndisuio - ok
11:33:25.0875 0624   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:33:25.0875 0624   NdisWan - ok
11:33:25.0968 0624   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:33:25.0968 0624   NDProxy - ok
11:33:26.0046 0624   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:33:26.0046 0624   NetBIOS - ok
11:33:26.0109 0624   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:33:26.0109 0624   NetBT - ok
11:33:26.0171 0624   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:33:26.0171 0624   Npfs - ok
11:33:26.0234 0624   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:33:26.0234 0624   Ntfs - ok
11:33:26.0265 0624   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:33:26.0265 0624   Null - ok
11:33:26.0390 0624   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:33:26.0406 0624   nv - ok
11:33:26.0437 0624   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:33:26.0437 0624   NwlnkFlt - ok
11:33:26.0453 0624   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:33:26.0453 0624   NwlnkFwd - ok
11:33:26.0546 0624   Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
11:33:26.0546 0624   Packet - ok
11:33:26.0593 0624   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:33:26.0609 0624   Parport - ok
11:33:26.0609 0624   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:33:26.0609 0624   PartMgr - ok
11:33:26.0640 0624   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:33:26.0640 0624   ParVdm - ok
11:33:26.0671 0624   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:33:26.0671 0624   PCI - ok
11:33:26.0671 0624   PCIDump - ok
11:33:26.0703 0624   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:33:26.0703 0624   PCIIde - ok
11:33:26.0734 0624   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:33:26.0734 0624   Pcmcia - ok
11:33:26.0750 0624   PDCOMP - ok
11:33:26.0750 0624   PDFRAME - ok
11:33:26.0750 0624   PDRELI - ok
11:33:26.0765 0624   PDRFRAME - ok
11:33:26.0781 0624   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:33:26.0781 0624   perc2 - ok
11:33:26.0859 0624   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:33:26.0859 0624   perc2hib - ok
11:33:26.0859 0624   pmirdaoq - ok
11:33:26.0921 0624   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:33:26.0921 0624   PptpMiniport - ok
11:33:26.0921 0624   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:33:26.0921 0624   PSched - ok
11:33:26.0937 0624   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:33:26.0937 0624   Ptilink - ok
11:33:26.0984 0624   PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:33:27.0000 0624   PxHelp20 - ok
11:33:27.0031 0624   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:33:27.0031 0624   ql1080 - ok
11:33:27.0046 0624   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:33:27.0046 0624   Ql10wnt - ok
11:33:27.0046 0624   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:33:27.0046 0624   ql12160 - ok
11:33:27.0062 0624   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:33:27.0062 0624   ql1240 - ok
11:33:27.0062 0624   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:33:27.0062 0624   ql1280 - ok
11:33:27.0078 0624   qlupagro - ok
11:33:27.0093 0624   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:33:27.0093 0624   RasAcd - ok
11:33:27.0109 0624   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:33:27.0109 0624   Rasl2tp - ok
11:33:27.0109 0624   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:33:27.0125 0624   RasPppoe - ok
11:33:27.0140 0624   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:33:27.0140 0624   Raspti - ok
11:33:27.0156 0624   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:33:27.0156 0624   Rdbss - ok
11:33:27.0156 0624   rdjnrndg - ok
11:33:27.0171 0624   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:33:27.0171 0624   RDPCDD - ok
11:33:27.0203 0624   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:33:27.0203 0624   rdpdr - ok
11:33:27.0265 0624   RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:33:27.0265 0624   RDPWD - ok
11:33:27.0312 0624   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:33:27.0312 0624   redbook - ok
11:33:27.0468 0624   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:33:27.0468 0624   SASDIFSV - ok
11:33:27.0484 0624   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:33:27.0484 0624   SASKUTIL - ok
11:33:27.0500 0624   SDDMI2 - ok
11:33:27.0531 0624   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:33:27.0531 0624   Secdrv - ok
11:33:27.0562 0624   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:33:27.0562 0624   serenum - ok
11:33:27.0593 0624   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:33:27.0593 0624   Serial - ok
11:33:27.0609 0624   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:33:27.0609 0624   Sfloppy - ok
11:33:27.0609 0624   Simbad - ok
11:33:27.0656 0624   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:33:27.0656 0624   sisagp - ok
11:33:27.0718 0624   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:33:27.0718 0624   Sparrow - ok
11:33:27.0750 0624   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:33:27.0750 0624   splitter - ok
11:33:27.0781 0624   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:33:27.0781 0624   sr - ok
11:33:27.0828 0624   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:33:27.0843 0624   Srv - ok
11:33:27.0875 0624   ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:33:27.0875 0624   ssmdrv - ok
11:33:27.0890 0624   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:33:27.0890 0624   swenum - ok
11:33:27.0968 0624   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:33:27.0968 0624   swmidi - ok
11:33:28.0015 0624   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:33:28.0015 0624   symc810 - ok
11:33:28.0046 0624   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:33:28.0046 0624   symc8xx - ok
11:33:28.0046 0624   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:33:28.0046 0624   sym_hi - ok
11:33:28.0062 0624   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:33:28.0062 0624   sym_u3 - ok
11:33:28.0078 0624   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:33:28.0078 0624   sysaudio - ok
11:33:28.0140 0624   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:33:28.0156 0624   Tcpip - ok
11:33:28.0171 0624   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:33:28.0171 0624   TDPIPE - ok
11:33:28.0203 0624   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:33:28.0218 0624   TDTCP - ok
11:33:28.0234 0624   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:33:28.0234 0624   TermDD - ok
11:33:28.0281 0624   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:33:28.0281 0624   TosIde - ok
11:33:28.0312 0624   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:33:28.0312 0624   Udfs - ok
11:33:28.0609 0624   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:33:28.0609 0624   ultra - ok
11:33:28.0656 0624   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:33:28.0671 0624   Update - ok
11:33:28.0703 0624   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:33:28.0703 0624   usbehci - ok
11:33:28.0718 0624   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:33:28.0718 0624   usbhub - ok
11:33:28.0765 0624   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:33:28.0765 0624   usbprint - ok
11:33:28.0828 0624   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:33:28.0828 0624   usbscan - ok
11:33:29.0125 0624   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:33:29.0125 0624   USBSTOR - ok
11:33:29.0171 0624   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:33:29.0171 0624   usbuhci - ok
11:33:29.0187 0624   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:33:29.0187 0624   VgaSave - ok
11:33:29.0218 0624   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:33:29.0218 0624   viaagp - ok
11:33:29.0265 0624   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:33:29.0265 0624   ViaIde - ok
11:33:29.0328 0624   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:33:29.0328 0624   VolSnap - ok
11:33:29.0390 0624   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:33:29.0390 0624   Wanarp - ok
11:33:29.0406 0624   wanatw - ok
11:33:29.0406 0624   WDICA - ok
11:33:29.0421 0624   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:33:29.0437 0624   wdmaud - ok
11:33:29.0500 0624   WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:33:29.0515 0624   WpdUsb - ok
11:33:29.0546 0624   MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:33:29.0687 0624   \Device\Harddisk0\DR0 - ok
11:33:29.0687 0624   Boot (0x1200) (6e6ae64fed308109edb06ab1eeee5deb) \Device\Harddisk0\DR0\Partition0
11:33:29.0703 0624   \Device\Harddisk0\DR0\Partition0 - ok
11:33:29.0703 0624   ============================================================
11:33:29.0703 0624   Scan finished
11:33:29.0703 0624   ============================================================
11:33:29.0718 3276   Detected object count: 0
11:33:29.0718 3276   Actual detected object count: 0
11:33:33.0218 3296   Deinitialize success

stonemanjr · « **Reply #43 on:** November 07, 2011, 03:46:18 PM »

What is this?

unp259168444.tmp file

TR/Crypt.XPack.Gen

SuperDave · « **Reply #44 on:** November 07, 2011, 04:49:54 PM »

Please update and run another scan with SAS and post the log.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

stonemanjr · « **Reply #45 on:** November 10, 2011, 03:30:27 PM »

Done. It seems to not be appearing now when computer is restarted-rebooted. Looking for log from this scan in order to post

SuperDave · « **Reply #46 on:** November 10, 2011, 04:51:16 PM »

I don't think there's any log from that. Please give it a few days and then come back and we'll so some cleanup.

stonemanjr · « **Reply #47 on:** November 30, 2011, 04:39:06 PM »

ok. Heres what is popping up now EXP/Pdfka.OG with some kind of ARC5 file in the temp folder.

??

SuperDave · « **Reply #48 on:** November 30, 2011, 07:43:55 PM »

Quote

ok. Heres what is popping up now EXP/Pdfka.OG with some kind of ARC5 file in the temp folder.

Did you get a warning about that or did you just find it?

stonemanjr · « **Reply #49 on:** December 01, 2011, 03:16:19 PM »

yes....Avira is picking this thing up. any ideas?

SuperDave · « **Reply #50 on:** December 01, 2011, 04:28:35 PM »

Quote

Avira is picking this thing up. any ideas?

It's probably a false positive. Enable MSE and disable Avira as your AV and try that for a while.

stonemanjr · « **Reply #51 on:** December 02, 2011, 04:23:37 PM »

ok. When I looked this up, it seemed to be common problem that some other were seeing and required a clean/scan. is there such a thing to run?

SuperDave · « **Reply #52 on:** December 02, 2011, 07:03:55 PM »

Quote

When I looked this up, it seemed to be common problem that some other were seeing and required a clean/scan. is there such a thing to run?

Nothing has turned up in all the scans we've run. There's one more thing we can try.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

stonemanjr · « **Reply #53 on:** December 05, 2011, 10:54:08 AM »

thanks dave. Ok will do. yeah, Security Essentials keeps popping notice of infected files found and then runs a clean/scan. this is combined with the AVIRA giving notices of the EXP/Pdfka.OG virus? and then an ARC5.dll file being found. it then runs its short scan each time. We were seeing this before but with a different named virus earlier, which seemed to disappear after something we had done that you told me to run. I am going back to read those notes know

SuperDave · « **Reply #54 on:** December 05, 2011, 01:09:36 PM »

Quote

Security Essentials keeps popping notice of infected files found and then runs a clean/scan. this is combined with the AVIRA giving notices of the EXP/Pdfka.OG virus?

You should not have two AV programs running at any time on your computer. It can cause conflicts.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

stonemanjr · « **Reply #55 on:** December 07, 2011, 03:22:41 PM »

ok will do. Just to let you know, I ran a Microsoft security Essentials scan and then ran the TLC by Old Timer again since you had told me to do this first time around, followed by Combo Fix. Scan showed zero issues/infections, TLC cleaned out stuff and then ComboFIx deleted several files and fixed a Win32 system? file. I restarted and nothing is poping up now. miracle. what do you think?

SuperDave · « **Reply #56 on:** December 07, 2011, 04:52:52 PM »

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

stonemanjr · « **Reply #57 on:** December 09, 2011, 09:11:25 AM »

thank you--ok. last quick question, for some reason now the printer a HP 6MP, will not print and it was doing fine before I ran combofix 2nd time. any thoughts. tried reinstalling driver,etc. but continues to give error. thanks again for all the help here.

SuperDave · « **Reply #58 on:** December 09, 2011, 04:28:43 PM »

Try re-installing the printer.

stonemanjr · « **Reply #59 on:** December 10, 2011, 09:28:06 AM »

ok. did that yesterday and it seems to continue rejecting in ERROR. saw this early on when that TR/Keylogger was popping up all the time

SuperDave · « **Reply #60 on:** December 10, 2011, 11:45:18 AM »

Try posting a thread in the hardware forum for the printer.

stonemanjr · « **Reply #61 on:** December 14, 2011, 09:24:04 AM »

ok thanks alot for all of your help! You have been great ---Merry Christmas

SuperDave · « **Reply #62 on:** December 14, 2011, 12:00:50 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. Happy Holidays.

Computer Hope Forum

News:

Author Topic: Malware TR/spy.keylogger.qme Help! (Read 34847 times)

stonemanjr

SuperDave

stonemanjr

stonemanjr

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

stonemanjr

stonemanjr

SuperDave

stonemanjr

stonemanjr

SuperDave

stonemanjr

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

stonemanjr

stonemanjr

SuperDave

stonemanjr

stonemanjr

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

stonemanjr

stonemanjr

SuperDave

stonemanjr

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave

stonemanjr

SuperDave