Trullyn

Members
  • Content count

    13
  • Joined

  • Last visited

About Trullyn

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Thanks for the reply, here is the log. ComboFix 11-05-12.02 - Daniel 05/13/2011 6:49.1.6 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6747 [GMT -7:00] Running from: c:\users\Daniel\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))) . . 2011-05-13 13:52 . 2011-05-13 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-12 02:35 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-12 02:35 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-05-12 02:35 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-05-12 02:35 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-05-12 02:35 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-05-12 02:35 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-12 02:35 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-05-12 02:35 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-05-12 02:35 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-05-12 02:35 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-05-11 13:35 . 2011-05-11 13:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-05-11 13:35 . 2011-05-11 13:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-05-11 13:18 . 2011-05-11 13:18 -------- d-----w- c:\users\Daniel\AppData\Local\Apps 2011-05-11 12:55 . 2011-05-11 12:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes 2011-05-11 12:55 . 2011-05-11 12:55 -------- d-----w- c:\programdata\Malwarebytes 2011-05-11 12:55 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-11 12:55 . 2011-05-11 12:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-05-11 12:55 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 13:45 . 2011-05-13 13:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1206000.01D 2011-05-06 16:56 . 2011-05-13 13:10 -------- d-----w- c:\users\UpdatusUser 2011-04-28 13:40 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe 2011-04-28 13:40 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe 2011-04-28 13:40 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-28 13:40 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-04-27 13:30 . 2011-05-11 12:22 -------- d-----w- c:\users\Daniel\AppData\Roaming\skypePM 2011-04-27 13:30 . 2011-05-11 12:22 -------- d-----w- c:\programdata\Skype Extras 2011-04-27 13:28 . 2011-05-11 12:22 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype 2011-04-27 13:28 . 2011-04-27 13:28 -------- d-----r- c:\program files (x86)\Skype 2011-04-27 13:28 . 2011-04-27 13:28 -------- d-----w- c:\program files (x86)\Common Files\Skype 2011-04-27 13:27 . 2011-04-27 13:28 -------- d-----w- c:\programdata\Skype 2011-04-18 20:37 . 2011-04-18 20:55 -------- d-----w- c:\users\Public\Games 2011-04-18 20:36 . 2011-04-18 20:36 -------- d-----w- c:\programdata\Blizzard 2011-04-18 19:17 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-18 19:17 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-04-18 19:17 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll 2011-04-18 19:17 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-04-18 19:17 . 2011-03-03 03:58 3133440 ----a-w- c:\windows\system32\win32k.sys 2011-04-18 19:17 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-04-18 19:17 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-18 19:17 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-04-18 19:17 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-11 12:46 . 2011-03-17 14:51 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2011-04-08 06:19 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-08 06:19 . 2011-04-08 06:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-04-08 06:19 . 2011-04-08 06:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-08 06:19 . 2011-04-08 06:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-08 06:19 . 2011-04-08 06:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll 2011-04-08 05:14 . 2011-02-23 03:18 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-04-08 05:14 . 2011-02-23 03:18 2273896 ----a-w- c:\windows\system32\nvapi64.dll 2011-04-08 05:14 . 2011-02-23 03:18 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-03-04 06:17 . 2011-04-28 13:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17 . 2011-04-28 13:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-02-24 15:45 . 2011-02-24 15:45 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-02-19 06:37 . 2011-03-10 02:23 1135104 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 06:37 . 2011-03-10 02:23 1540608 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 06:36 . 2011-03-10 02:23 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 05:32 . 2011-03-10 02:23 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-02-19 05:32 . 2011-03-10 02:23 739840 ----a-w- c:\windows\SysWow64\d2d1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-02-23 1242448] "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-01 39408] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 136176] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-04-15 1127032] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110512.001\IDSvia64.sys [2011-03-14 476792] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 14:37] . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 14:37] . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3794976025-917683207-290744450-1000Core.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 14:37] . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3794976025-917683207-290744450-1000UA.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 14:37] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3794976025-917683207-290744450-1000\Software\SecuROM\License information*] "datasecu"=hex:87,ef,24,db,8c,bd,35,7b,05,0e,88,95,e7,a0,fa,5d,aa,f5,65,83,4b, 65,c9,71,84,35,6b,77,29,86,7d,3f,a6,0c,46,af,07,b7,0b,56,46,7d,38,58,bd,cc,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] @="Microsoft Windows Media Player" "Version"="12,0,7600,16667" "IsInstalled"=dword:00000000 "ComponentID"="WMPACCESS" "LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128" "StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP" "DontAsk"=dword:00000002 "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] @="Internet Explorer" "Version"="8,0,7600,17136" "IsInstalled"=dword:00000001 "ComponentID"="IEACCESS" "LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21" "StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig" "Dontask"=dword:00000002 "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] @="Browser Customizations" "IsInstalled"=dword:00000001 "Version"="8,0,7100,0" "ComponentiD"="BRANDING.CAB" "LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052" "StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] @="Microsoft Windows Media Player 12.0" "IsInstalled"=dword:00000001 "Version"="12,0,7600,16667" "DontAsk"=dword:00000002 "Locale"="EN" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] @="Themes Setup" "LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682" "ComponentID"="Theme Component" "IsInstalled"=dword:00000001 "Locale"="EN" "StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll" "Version"="1,1,1,9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] @="Offline Browsing Pack" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="MobilePk" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "IsInstalled"=dword:00000001 "Dontask"=dword:00000002 "Locale"="*" "ComponentID"="MailNews" "CloneUser"=dword:00000001 "StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE" "Version"="6,1,7600,16385" @="Microsoft Windows" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] @="DirectDrawEx" "ComponentID"="DirectDrawEx" "IsInstalled"=dword:00000001 "Locale"="*" "Version"="4,71,1113,0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] @="Internet Explorer Help" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="HelpCont" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] @="Microsoft Windows Script 5.6" "ComponentID"="MSVBScript" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,6,0,8833" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] @="Internet Explorer Setup Tools" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="GenSetup" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll" @="Browsing Enhancements" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="ExtraPack" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] @="Microsoft Windows Media Player" "IsInstalled"=dword:00000001 "Version"="12,0,7600,16667" "ComponentID"="Microsoft Windows Media Player" "LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128" "StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI" "DontAsk"=dword:00000002 "Locale"="EN" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] @="MSN Site Access" "IsInstalled"=dword:00000001 "Version"="4,9,9,2" "ComponentID"="MSN_Auth" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] @="Address Book 7" "Version"="6,1,7600,16684" "IsInstalled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] @=".NET Framework" "Locale"="" "ComponentID"=".NETFramework" "Version"="2,0,50727,0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] @="Windows Desktop Update" "LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969" "ComponentID"="IE4_SHELLID" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" "Version"="6,1,7600,16644" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] @="Web Platform Customizations" "IsInstalled"=dword:00000001 "Version"="8,0,7600,17136" "ComponentID"="BASEIE40_W2K" "LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000" "StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings" "Locale"="en" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "IsInstalled"=dword:00000001 "ComponentID"="DOTNETFRAMEWORKS" "StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install" "DontAsk"=dword:00000002 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] @="Dynamic HTML Data Binding" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="Tridata" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] @="Internet Explorer Core Fonts" "IsInstalled"=dword:00000001 "Version"="8,0,7600,17136" "ComponentID"="Fontcore" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] @="HTML Help" "IsInstalled"=dword:00000001 "Version"="6,1,7600,16385" "ComponentID"="HTMLHelp" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] @="Active Directory Service Interface" "ComponentID"="ADSI" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,0,00,0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] "Locale"="" "Version"="4,0,30319,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-05-13 06:53:56 ComboFix-quarantined-files.txt 2011-05-13 13:53 . Pre-Run: 880,486,940,672 bytes free Post-Run: 880,435,687,424 bytes free . - - End Of File - - 069FCF3D58770248295752CF1CFC73F1 And here is the new DDS log . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Daniel at 7:00:53.81 on Fri 05/13/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6543 [GMT -7:00] . AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Daniel\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1206000.01D\symds64.sys [2011-5-10 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1206000.01D\symefa64.sys [2011-5-10 912504] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-5-3 1127032] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110512.001\IDSviA64.sys [2011-5-13 476792] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1206000.01D\ironx64.sys [2011-5-10 171128] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1206000.01D\symnets.sys [2011-5-10 382584] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-6 2218600] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-11 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-10 136824] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-5-6 174184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-22 406632] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-22 38456] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 136176] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-24 1255736] . =============== Created Last 30 ================ . 2011-05-13 13:49:17 98816 ----a-w- C:\Windows\sed.exe 2011-05-13 13:49:17 89088 ----a-w- C:\Windows\MBR.exe 2011-05-13 13:49:17 256512 ----a-w- C:\Windows\PEV.exe 2011-05-13 13:49:17 161792 ----a-w- C:\Windows\SWREG.exe 2011-05-12 02:35:32 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-05-12 02:35:32 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-05-12 02:35:32 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-05-12 02:35:31 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-05-12 02:35:30 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2011-05-12 02:35:30 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2011-05-12 02:35:30 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-05-12 02:35:30 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys 2011-05-12 02:35:30 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2011-05-12 02:35:30 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2011-05-11 13:35:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-05-11 13:35:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy 2011-05-11 13:18:37 -------- d-----w- C:\Users\Daniel\AppData\Local\Apps 2011-05-11 12:55:29 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes 2011-05-11 12:55:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-11 12:55:21 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-05-11 12:55:18 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-11 12:55:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-05-10 13:45:13 912504 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symefa64.sys 2011-05-10 13:45:13 450680 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symds64.sys 2011-05-10 13:45:13 40568 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\srtspx64.sys 2011-05-10 13:45:13 382584 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symnets.sys 2011-05-10 13:45:12 744568 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\srtsp64.sys 2011-05-10 13:45:12 171128 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\ironx64.sys 2011-05-10 13:45:08 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1206000.01D 2011-04-28 13:40:01 2870272 ----a-w- C:\Windows\explorer.exe 2011-04-28 13:40:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-04-28 13:40:00 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-04-28 13:40:00 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-04-27 13:30:22 -------- d-----w- C:\PROGRA~3\Skype Extras 2011-04-27 13:28:03 -------- d-----r- C:\Program Files (x86)\Skype 2011-04-18 20:36:43 -------- d-----w- C:\PROGRA~3\Blizzard 2011-04-18 19:17:21 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-04-18 19:17:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-04-18 19:17:17 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-04-18 19:17:17 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-04-18 19:17:12 3133440 ----a-w- C:\Windows\System32\win32k.sys 2011-04-18 19:17:04 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-04-18 19:17:04 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-04-18 19:17:04 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-04-18 19:17:03 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll . ==================== Find3M ==================== . 2011-05-11 12:46:50 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2011-04-08 06:19:38 117864 ----a-w- C:\Windows\System32\nvmctray.dll 2011-04-08 06:19:36 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll 2011-04-08 06:19:36 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe 2011-04-08 06:19:26 6338152 ----a-w- C:\Windows\System32\nvcpl.dll 2011-04-08 06:19:08 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll 2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll 2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll 2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 15:59:24 29288 ----a-w- C:\Windows\System32\nvhdap64.dll 2011-03-03 15:59:18 174184 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2011-03-03 15:59:17 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll 2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-02-24 15:45:16 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec 2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe . ============= FINISH: 7:01:07.13 ===============
  2. My World of Warcraft account was hacked a couple times. Upon contacting customer service and changing my password, it was hacked, along with my email. I believe there must be some form of tracking on my computer because my accounts became compromised less than 12 hours from changing my passwords. Here are my logs: . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Daniel at 9:20:45.95 on Wed 05/11/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6077 [GMT -7:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Daniel\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1206000.01D\symds64.sys [2011-5-10 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1206000.01D\symefa64.sys [2011-5-10 912504] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-5-3 1127032] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110509.001\IDSviA64.sys [2011-5-11 476792] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1206000.01D\ironx64.sys [2011-5-10 171128] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-6 2218600] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-10 136824] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-5-6 174184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-22 406632] R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1205000.07D\symnets.sys [2011-3-17 382072] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-22 38456] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 136176] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-11 1153368] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-24 1255736] . =============== Created Last 30 ================ . 2011-05-11 13:35:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-05-11 13:35:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy 2011-05-11 13:18:37 -------- d-----w- C:\Users\Daniel\AppData\Local\Apps 2011-05-11 12:55:29 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes 2011-05-11 12:55:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-11 12:55:21 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-05-11 12:55:18 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-11 12:55:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-05-10 13:45:13 912504 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symefa64.sys 2011-05-10 13:45:13 450680 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symds64.sys 2011-05-10 13:45:13 40568 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\srtspx64.sys 2011-05-10 13:45:13 382584 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\symnets.sys 2011-05-10 13:45:12 744568 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\srtsp64.sys 2011-05-10 13:45:12 171128 ----a-w- C:\Windows\System32\drivers\NAVx64\1206000.01D\ironx64.sys 2011-05-10 13:45:08 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1206000.01D 2011-04-28 13:40:01 2870272 ----a-w- C:\Windows\explorer.exe 2011-04-28 13:40:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-04-28 13:40:00 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-04-28 13:40:00 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-04-27 13:30:22 -------- d-----w- C:\PROGRA~3\Skype Extras 2011-04-27 13:28:03 -------- d-----r- C:\Program Files (x86)\Skype 2011-04-18 20:36:43 -------- d-----w- C:\PROGRA~3\Blizzard 2011-04-18 19:17:21 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-04-18 19:17:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-04-18 19:17:17 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-04-18 19:17:17 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-04-18 19:17:12 3133440 ----a-w- C:\Windows\System32\win32k.sys 2011-04-18 19:17:04 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-04-18 19:17:04 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-04-18 19:17:04 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-04-18 19:17:03 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll . ==================== Find3M ==================== . 2011-05-11 12:46:50 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2011-04-08 06:19:38 117864 ----a-w- C:\Windows\System32\nvmctray.dll 2011-04-08 06:19:36 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll 2011-04-08 06:19:36 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe 2011-04-08 06:19:26 6338152 ----a-w- C:\Windows\System32\nvcpl.dll 2011-04-08 06:19:08 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll 2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll 2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll 2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 15:59:24 29288 ----a-w- C:\Windows\System32\nvhdap64.dll 2011-03-03 15:59:18 174184 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2011-03-03 15:59:17 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll 2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-02-24 15:45:16 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec 2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe . ============= FINISH: 9:21:00.52 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6554 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/11/2011 9:18:55 AM mbam-log-2011-05-11 (09-18-55).txt Scan type: Quick scan Objects scanned: 138469 Time elapsed: 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Let me know what I can do!
  3. Hey folks, I'm back for my second computer - you were so awesome last time, and I need help again. My second computer got a virus, and now won't even start in safe mode. It probably came from watching sports on internet feeds - I had to download some player that may have given me something bad. I came home to the computer off..... tried to turn it on, and it showed the motherboard screen, blue screened, and quickly restarted. It then went to the safe mode section, and I booted in safe mode. Then popped up some (What looked official) Microsoft scanning thing that I'd never seen before, and I let it run and fix what was wrong. Upon reboot, I can't get into windows, and safe mode will only get to isapnp.sys before it hangs. I got another Windows 7 installation CD that I plan on using, I just want to recover the files before I install Windows 7 (Gotta be a clean install, it's only an upgrade), and I can't even get to them! Thanks for your help. -Zach
  4. Everything has been uninstalled/deleted - thanks for your help. Everything is running great. I wasn't able to get entirely clean with other antivirus programs, so I'd like to purchase Malwarebytes, would you happen to be able to supply a coupon code? Thanks again, -Zach
  5. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, August 18, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, August 18, 2010 01:54:29 Records in database: 4138097 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ L:\ N:\ P:\ Scan statistics: Objects scanned: 236964 Threats found: 6 Infected objects found: 16 Suspicious objects found: 0 Scan duration: 03:55:18 File name / Threat / Threats count C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7964b810-4182a553 Infected: Trojan-Downloader.Java.Agent.ft 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7964b810-4182a553 Infected: Trojan-Downloader.Java.Agent.fu 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7964b810-4182a553 Infected: Trojan-Downloader.Java.Agent.fv 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-249df4fa Infected: Trojan-Downloader.Java.Agent.ft 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-249df4fa Infected: Trojan-Downloader.Java.Agent.fu 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-249df4fa Infected: Trojan-Downloader.Java.Agent.fv 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\940f860-10708606 Infected: Trojan-Downloader.Java.Agent.ft 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\940f860-10708606 Infected: Trojan-Downloader.Java.Agent.fu 1 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\940f860-10708606 Infected: Trojan-Downloader.Java.Agent.fv 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir Infected: Virus.Win32.TDSS.b 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\vtxakhgg.sys.vir Infected: Rootkit.Win32.Bubnix.fu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_vtxakhgg_.sys.zip Infected: Rootkit.Win32.Bubnix.fu 1 C:\Qoobox\Quarantine\[4]-Submit_2010-08-17_20.39.42.zip Infected: Rootkit.Win32.Bubnix.fu 1 C:\System Volume Information\_restore{0CB6C284-BE0B-43E8-9EB9-78F15D1EC52D}\RP17\A0018059.sys Infected: Virus.Win32.TDSS.b 1 C:\System Volume Information\_restore{0CB6C284-BE0B-43E8-9EB9-78F15D1EC52D}\RP18\A0018382.sys Infected: Rootkit.Win32.Bubnix.fu 1 F:\Downloads\PSP ISO Compressor 1.4.exe Infected: Trojan.Win32.BHO.aipj 1 Selected area has been scanned.
  6. A bit better than the first scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4443 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/17/2010 9:56:09 PM mbam-log-2010-08-17 (21-56-09).txt Scan type: Quick scan Objects scanned: 130871 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. ComboFix 10-08-16.04 - Zach 08/17/2010 20:39:44.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2865 [GMT -7:00] Running from: c:\documents and settings\Zach\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Zach\Desktop\CFScript.txt FILE :: "c:\windows\Isiqog.bin" file zipped: c:\windows\Qworililunutow.dat file zipped: c:\windows\system32\drivers\vtxakhgg.sys file zipped: c:\windows\system32\framebufw.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Update c:\documents and settings\NetworkService\Local Settings\Application Data\kstjpntbu c:\documents and settings\Zach\Application Data\3EA1A769637C132C6EA7D09AACD8BD49 c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp c:\windows\Isiqog.bin c:\windows\Qworililunutow.dat c:\windows\system32\drivers\vtxakhgg.sys c:\windows\system32\framebufw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VTXAKHGG -------\Service_Ndisrd -------\Service_vtxakhgg ((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))) . 2010-08-14 20:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-14 20:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-08-14 06:35 . 2010-08-14 06:35 -------- d-----w- c:\program files\BitDefender 2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\program files\Common Files\BitDefender 2010-08-14 06:29 . 2010-08-14 06:30 880 ----a-w- C:\BdUninstallTool2010.08.13-11.29.45.reg 2010-08-14 06:27 . 2010-08-14 06:28 79244 ----a-w- C:\BdUninstallTool2010.08.13-11.27.14.reg 2010-08-12 02:58 . 2010-08-12 02:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-09 08:59 . 2010-08-09 08:59 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcr71.dll 2010-08-09 08:59 . 2010-08-09 08:59 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcp71.dll 2010-08-09 08:59 . 2010-08-09 08:59 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\jmc.dll 2010-08-09 08:59 . 2010-08-09 08:59 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-sse.dll 2010-08-09 08:59 . 2010-08-09 08:59 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-d3d.dll 2010-08-08 21:37 . 2010-08-14 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-08 21:37 . 2010-08-08 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-08 21:21 . 2010-08-08 21:21 -------- d-----w- c:\documents and settings\Zach\Application Data\Malwarebytes 2010-08-05 23:12 . 2010-08-05 23:12 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-08-05 01:56 . 2010-08-05 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-04 10:28 . 2010-08-04 10:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-08-03 23:47 . 2010-08-03 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-08-03 23:40 . 2010-08-14 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-08-03 23:34 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-08-03 23:34 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-08-03 23:34 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-08-03 23:34 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-08-03 23:34 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-08-03 23:34 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-08-03 23:34 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-08-03 23:34 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-08-03 23:34 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\program files\Alwil Software 2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-08-03 23:22 . 2010-08-08 05:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-03 20:47 . 2010-08-03 20:47 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-08-02 13:31 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-07-26 14:01 . 2010-05-21 03:08 227944 ----a-w- c:\windows\system32\nvcohda.dll 2010-07-26 14:01 . 2010-03-10 01:48 58600 ----a-w- c:\windows\system32\drivers\nvhda32.sys 2010-07-26 14:01 . 2010-03-10 01:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2010-07-25 06:09 . 2010-07-25 06:15 -------- d-----w- c:\program files\Heroes of Newerth 2010-07-21 23:14 . 2010-07-21 23:14 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-21 23:09 . 2010-07-21 23:10 12124624 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\AdobeAIRInstaller.exe 2010-07-21 23:09 . 2010-07-21 23:09 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-18 01:54 . 2010-03-26 19:49 -------- d-----w- c:\documents and settings\Zach\Application Data\vlc 2010-08-03 23:25 . 2010-06-04 18:38 884 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-27 08:27 . 2010-04-22 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2010-07-27 08:27 . 2010-04-22 00:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-07-26 14:00 . 2009-10-12 04:38 -------- d-----w- c:\program files\NVIDIA Corporation 2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-07-26 14:00 . 2010-07-18 04:13 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-07-26 13:55 . 2008-12-20 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-21 23:10 . 2008-12-20 03:42 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-07-21 00:14 . 2009-12-28 23:37 -------- d-----w- c:\program files\Nancy Drew 2010-07-21 00:09 . 2008-10-11 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\program files\SystemRequirementsLab 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll 2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll 2010-07-17 19:38 . 2010-07-17 19:38 -------- d-----w- c:\documents and settings\Zach\Application Data\dvdcss 2010-07-02 22:47 . 2010-07-02 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-07-02 22:46 . 2010-07-02 22:46 -------- d-----w- c:\program files\Pando Networks 2010-06-28 22:20 . 2010-06-22 20:52 -------- d-----w- c:\program files\Google 2010-06-14 22:03 . 2009-11-22 03:15 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-06-14 22:03 . 2009-11-22 03:15 10260480 ----a-w- c:\windows\system32\nvcompiler.dll 2010-06-14 22:03 . 2009-09-27 23:12 4579328 ----a-w- c:\windows\system32\nvcuda.dll 2010-06-14 22:03 . 2009-09-27 23:12 2910824 ----a-w- c:\windows\system32\nvcuvid.dll 2010-06-14 22:03 . 2009-09-27 23:12 2505320 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcodins.dll 2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcod.dll 2010-06-14 22:03 . 2009-09-27 23:12 2195030 ----a-w- c:\windows\system32\nvdata.bin 2010-06-14 22:03 . 2009-09-27 23:12 1388544 ----a-w- c:\windows\system32\nvapi.dll 2010-06-14 22:03 . 2009-09-27 23:12 13533184 ----a-w- c:\windows\system32\nvoglnt.dll 2010-06-14 22:03 . 2008-09-17 16:55 6352768 ----a-w- c:\windows\system32\nv4_disp.dll 2010-06-14 22:03 . 2008-09-17 16:55 10596576 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-06-14 14:31 . 2008-10-10 17:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-07 02:57 . 2010-05-06 02:22 68250 ----a-w- c:\windows\hpoins05.dat 2010-06-02 11:55 . 2010-07-21 02:25 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-06-02 11:55 . 2010-07-21 02:25 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-06-02 11:55 . 2010-07-21 02:25 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-05-27 21:09 . 2010-05-27 21:09 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcp71.dll 2010-05-27 21:09 . 2010-05-27 21:09 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\jmc.dll 2010-05-27 21:09 . 2010-05-27 21:09 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcr71.dll 2010-05-27 21:09 . 2010-05-27 21:09 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-sse.dll 2010-05-27 21:09 . 2010-05-27 21:09 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-d3d.dll 2010-05-26 18:41 . 2010-07-21 02:25 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-28 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "CTHelper"="CTHELPER.EXE" [2005-08-07 16384] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "masqform.exe"="c:\program files\IBM\Lotus Forms\Viewer\3.0\masqform.exe" [2008-01-17 991232] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-10-09 33677312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-14 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-14 13917800] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk backup=c:\windows\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-28 01:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\BioWare\\DragonAge\\bin_ship\\DAOCharacterCreator.exe"= "d:\\Program Files\\BioWare\\DragonAge\\DAOriginsLauncher.exe"= "d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23687:TCP"= 23687:TCP:BitComet 23687 TCP "23687:UDP"= 23687:UDP:BitComet 23687 UDP "46123:TCP"= 46123:TCP:BitComet 46123 TCP "46123:UDP"= 46123:UDP:BitComet 46123 UDP "57093:TCP"= 57093:TCP:Pando Media Booster "57093:UDP"= 57093:UDP:Pando Media Booster R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/3/2010 4:34 PM 165456] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/30/2010 3:42 PM 44032] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/26/2010 7:01 AM 58600] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11/21/2009 7:54 PM 22328] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/21/2009 8:04 PM 1418368] S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2010 3:20 PM 135664] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/3/2009 1:35 PM 25832] S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/21/2009 8:05 PM 9216] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2010 8:56 AM 721904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20] 2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-17 20:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-573735546-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:16,03,6c,fa,b6,33,38,d5,1a,14,5e,70,24,62,07,8c,2d,b0,f9,d8,2c,c6,1d, 72,d9,1c,30,28,69,2a,32,b6,b9,ea,76,f6,5c,10,3e,8a,af,77,3b,44,30,6c,9b,ca,\ "??"=hex:e5,bd,29,ba,7d,03,71,d3,9d,9b,ff,6f,37,c5,dc,02 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(476) c:\windows\system32\ATL.DLL - - - - - - - > 'explorer.exe'(1616) c:\windows\system32\WININET.dll c:\windows\system32\ctagent.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\acs.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\windows\CTHELPER.EXE c:\windows\system32\CTXFIHLP.EXE c:\windows\SYSTEM32\CTXFISPI.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\HP\Digital Imaging\bin\hpqgalry.exe . ************************************************************************** . Completion time: 2010-08-17 20:49:28 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-18 03:49 ComboFix2.txt 2010-08-17 17:34 Pre-Run: 12,795,985,920 bytes free Post-Run: 12,781,150,208 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 80EDD33A010E46B1D6358FC0997C5BAF
  8. First method worked, I am now connected to the internet again .
  9. Right-click followed by repair does not work. I get the following: "Failed to query TCP/IP settings of the connection. Cannot Proceed." Also, I went to Internet Protocol (TCP/IP) and "Obtain DNS server address automatically" was already selected.
  10. Also, I can no longer access the internet on the infected computer. Not sure if this is from the diagnostic and part of the plan, thought I should let you know.
  11. After running Combofix it told me that Rootkit activity was detected and it needed to restart. I restarted the computer and Combofix started back up again, and restarted again. Here are the logs: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000afbc Kernel Drivers (total 127): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xB85A8000 \WINDOWS\system32\KDCOM.DLL 0xB84B8000 \WINDOWS\system32\BOOTVID.dll 0xB7F79000 ACPI.sys 0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB7F68000 pci.sys 0xB80A8000 ohci1394.sys 0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xB80C8000 isapnp.sys 0xB7EA2000 vtxakhgg.sys 0xB8670000 pciide.sys 0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xB80D8000 MountMgr.sys 0xB7E83000 ftdisk.sys 0xB85AC000 dmload.sys 0xB7E5D000 dmio.sys 0xB8330000 PartMgr.sys 0xB8671000 amdide.sys 0xB80E8000 VolSnap.sys 0xB7E45000 atapi.sys 0xB80F8000 disk.sys 0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB7E25000 fltmgr.sys 0xB7E13000 sr.sys 0xB8118000 PxHelp20.sys 0xB7DFC000 KSecDD.sys 0xB7DE9000 WudfPf.sys 0xB7D5C000 Ntfs.sys 0xB7D2F000 NDIS.sys 0xB7D15000 Mup.sys 0xB8168000 \SystemRoot\system32\DRIVERS\AmdPPM.sys 0xB32B1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB329D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB3275000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB8178000 \SystemRoot\system32\DRIVERS\l1c51x86.sys 0xB8370000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xB3251000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xB854C000 \SystemRoot\system32\DRIVERS\usbfilter.sys 0xB85B6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xB8380000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB8188000 \SystemRoot\system32\DRIVERS\imapi.sys 0xB8198000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xB81A8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB322E000 \SystemRoot\system32\DRIVERS\ks.sys 0xB81B8000 \SystemRoot\system32\DRIVERS\serial.sys 0xB8560000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB31C2000 \SystemRoot\system32\drivers\ctaud2k.sys 0xB319E000 \SystemRoot\system32\drivers\portcls.sys 0xB81C8000 \SystemRoot\system32\drivers\drmk.sys 0xB316C000 \SystemRoot\system32\drivers\ctoss2k.sys 0xB8398000 \SystemRoot\system32\drivers\ctprxy2k.sys 0xB8574000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xB87D5000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB81D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB312D000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB81E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB81F8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xB83B8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB307C000 \SystemRoot\system32\DRIVERS\psched.sys 0xB8208000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xB83C8000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xB83D8000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB8218000 \SystemRoot\system32\DRIVERS\ndisrd.sys 0xB304C000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xB8228000 \SystemRoot\system32\DRIVERS\termdd.sys 0xB83E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB83F0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB85CE000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB2FEE000 \SystemRoot\system32\DRIVERS\update.sys 0xB85A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB8258000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xB8268000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB8278000 \SystemRoot\system32\drivers\nvhda32.sys 0xACAF6000 \SystemRoot\system32\drivers\ha20x2k.sys 0xACAC9000 \SystemRoot\system32\drivers\emupia2k.sys 0xACAA2000 \SystemRoot\system32\drivers\ctsfm2k.sys 0xACA06000 \SystemRoot\system32\drivers\ctac32k.sys 0xAC68C000 \SystemRoot\system32\drivers\viahduaa.sys 0xB85E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB86DC000 \SystemRoot\System32\Drivers\Null.SYS 0xB85EA000 \SystemRoot\System32\Drivers\Beep.SYS 0xB8468000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xB8488000 \SystemRoot\System32\drivers\vga.sys 0xB85EE000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xB85F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xB8498000 \SystemRoot\System32\Drivers\Msfs.SYS 0xB84A8000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB2FDA000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAC659000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAC600000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB30BD000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xB30AD000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAC5B0000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAC58E000 \SystemRoot\System32\drivers\afd.sys 0xB309D000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAC4C3000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAC453000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB8238000 \SystemRoot\System32\Drivers\Fips.SYS 0xB8430000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xAC42C000 \SystemRoot\System32\Drivers\aswSP.SYS 0xB8340000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xAC848000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB8298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xB859C000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xB2FEA000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB30ED000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB8480000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xAC424000 \SystemRoot\System32\drivers\Dxapi.sys 0xB8390000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xB8777000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xAC113000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xABECB000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xABEEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xABD8C000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xABAA7000 \SystemRoot\system32\drivers\wdmaud.sys 0xABF3B000 \SystemRoot\system32\drivers\sysaudio.sys 0xAB842000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xAB74B000 \SystemRoot\system32\DRIVERS\srv.sys 0xAB372000 \SystemRoot\System32\Drivers\HTTP.sys 0xAA46B000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 41): 0 System Idle Process 4 System 856 C:\WINDOWS\system32\smss.exe 912 csrss.exe 936 C:\WINDOWS\system32\winlogon.exe 984 C:\WINDOWS\system32\services.exe 996 C:\WINDOWS\system32\lsass.exe 1168 C:\WINDOWS\system32\nvsvc32.exe 1240 C:\WINDOWS\system32\svchost.exe 1324 svchost.exe 1464 C:\WINDOWS\system32\svchost.exe 1564 C:\WINDOWS\system32\svchost.exe 1680 svchost.exe 1900 svchost.exe 2004 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 440 C:\WINDOWS\explorer.exe 772 C:\WINDOWS\system32\spoolsv.exe 780 C:\WINDOWS\system32\rundll32.exe 352 svchost.exe 412 C:\WINDOWS\system32\acs.exe 720 C:\WINDOWS\system32\CTSVCCDA.EXE 1420 C:\Program Files\Java\jre6\bin\jqs.exe 1700 C:\WINDOWS\system32\HPZipm12.exe 2104 C:\WINDOWS\system32\svchost.exe 2748 C:\WINDOWS\system32\ctfmon.exe 3016 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3024 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe 3128 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe 3364 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe 3376 C:\WINDOWS\CTHELPER.EXE 3384 C:\WINDOWS\system32\CTXFIHLP.EXE 3408 C:\Program Files\QuickTime\qttask.exe 3416 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3424 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 3456 C:\WINDOWS\system32\rundll32.exe 3480 C:\Program Files\Messenger\msmsgs.exe 3488 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 3520 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 3688 C:\WINDOWS\system32\CTXFISPI.EXE 360 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe 2848 C:\Documents and Settings\Zach\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x0000001f`ff588800 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\N: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive1 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03 PhysicalDrive0 Model Number: WDCWD1600KS-00MJB0, Rev: 02.01C03 PhysicalDrive7 Model Number: WD6400AAK External, Rev: 1.05 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 149 GB \\.\PhysicalDrive0 Legit MBR code detected SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495 596 GB \\.\PhysicalDrive7 RE: Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done! ComboFix 10-08-16.04 - Zach 08/17/2010 6:57.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2980 [GMT -7:00] Running from: c:\documents and settings\Zach\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A} c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\chrome.manifest c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\chrome\content\_cfg.js c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\chrome\content\overlay.xul c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\install.rdf c:\windows\ewazurowov.dll c:\windows\system32\drivers\ndisrd.sys N:\Autorun.inf Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_ndisrd ((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 ))))))))))))))))))))))))))))))) . 2010-08-14 20:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-14 20:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-08-14 06:35 . 2010-08-14 06:35 -------- d-----w- c:\program files\BitDefender 2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\program files\Common Files\BitDefender 2010-08-14 06:29 . 2010-08-14 06:30 880 ----a-w- C:\BdUninstallTool2010.08.13-11.29.45.reg 2010-08-14 06:27 . 2010-08-14 06:28 79244 ----a-w- C:\BdUninstallTool2010.08.13-11.27.14.reg 2010-08-12 02:58 . 2010-08-12 02:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-08 21:37 . 2010-08-14 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-08 21:37 . 2010-08-08 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-08 21:21 . 2010-08-08 21:21 -------- d-----w- c:\documents and settings\Zach\Application Data\Malwarebytes 2010-08-08 20:55 . 2010-08-09 05:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kstjpntbu 2010-08-05 01:56 . 2010-08-05 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-08-04 10:28 . 2010-08-04 10:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-08-03 23:47 . 2010-08-03 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-08-03 23:40 . 2010-08-14 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-08-03 23:34 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-08-03 23:34 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-08-03 23:34 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-08-03 23:34 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-08-03 23:34 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-08-03 23:34 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-08-03 23:34 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-08-03 23:34 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-08-03 23:34 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\program files\Alwil Software 2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-08-03 23:22 . 2010-08-08 05:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-03 20:47 . 2010-08-03 20:47 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-08-03 20:46 . 2010-08-12 03:39 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp 2010-08-03 20:46 . 2010-08-03 20:46 0 ----a-w- c:\windows\Isiqog.bin 2010-08-03 20:46 . 2010-08-03 20:46 120 ----a-w- c:\windows\Qworililunutow.dat 2010-08-03 20:46 . 2010-08-04 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Update 2010-08-03 20:45 . 2010-08-03 20:45 102400 --sha-r- c:\windows\system32\framebufw.dll 2010-08-03 20:44 . 2010-08-17 17:29 782336 ----a-w- c:\windows\system32\drivers\vtxakhgg.sys 2010-08-03 20:44 . 2010-08-03 20:44 -------- d-----w- c:\documents and settings\Zach\Application Data\3EA1A769637C132C6EA7D09AACD8BD49 2010-08-02 13:31 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-07-26 14:01 . 2010-05-21 03:08 227944 ----a-w- c:\windows\system32\nvcohda.dll 2010-07-26 14:01 . 2010-03-10 01:48 58600 ----a-w- c:\windows\system32\drivers\nvhda32.sys 2010-07-26 14:01 . 2010-03-10 01:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2010-07-25 06:09 . 2010-07-25 06:15 -------- d-----w- c:\program files\Heroes of Newerth 2010-07-21 23:14 . 2010-07-21 23:14 -------- d-----w- c:\program files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-09 08:59 . 2010-08-09 08:59 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcr71.dll 2010-08-09 08:59 . 2010-08-09 08:59 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcp71.dll 2010-08-09 08:59 . 2010-08-09 08:59 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\jmc.dll 2010-08-09 08:59 . 2010-08-09 08:59 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-sse.dll 2010-08-09 08:59 . 2010-08-09 08:59 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-d3d.dll 2010-08-06 01:57 . 2010-03-26 19:49 -------- d-----w- c:\documents and settings\Zach\Application Data\vlc 2010-08-05 23:12 . 2010-08-05 23:12 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-08-03 23:25 . 2010-06-04 18:38 884 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-27 08:27 . 2010-04-22 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2010-07-27 08:27 . 2010-04-22 00:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-07-26 14:00 . 2009-10-12 04:38 -------- d-----w- c:\program files\NVIDIA Corporation 2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-07-26 14:00 . 2010-07-18 04:13 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-07-26 13:55 . 2008-12-20 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-21 23:10 . 2008-12-20 03:42 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-07-21 23:10 . 2010-07-21 23:09 12124624 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\AdobeAIRInstaller.exe 2010-07-21 23:09 . 2010-07-21 23:09 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-07-21 00:14 . 2009-12-28 23:37 -------- d-----w- c:\program files\Nancy Drew 2010-07-21 00:09 . 2008-10-11 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\program files\SystemRequirementsLab 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll 2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll 2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll 2010-07-17 19:38 . 2010-07-17 19:38 -------- d-----w- c:\documents and settings\Zach\Application Data\dvdcss 2010-07-02 22:47 . 2010-07-02 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-07-02 22:46 . 2010-07-02 22:46 -------- d-----w- c:\program files\Pando Networks 2010-06-28 22:20 . 2010-06-22 20:52 -------- d-----w- c:\program files\Google 2010-06-14 22:03 . 2009-11-22 03:15 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-06-14 22:03 . 2009-11-22 03:15 10260480 ----a-w- c:\windows\system32\nvcompiler.dll 2010-06-14 22:03 . 2009-09-27 23:12 4579328 ----a-w- c:\windows\system32\nvcuda.dll 2010-06-14 22:03 . 2009-09-27 23:12 2910824 ----a-w- c:\windows\system32\nvcuvid.dll 2010-06-14 22:03 . 2009-09-27 23:12 2505320 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcodins.dll 2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcod.dll 2010-06-14 22:03 . 2009-09-27 23:12 2195030 ----a-w- c:\windows\system32\nvdata.bin 2010-06-14 22:03 . 2009-09-27 23:12 1388544 ----a-w- c:\windows\system32\nvapi.dll 2010-06-14 22:03 . 2009-09-27 23:12 13533184 ----a-w- c:\windows\system32\nvoglnt.dll 2010-06-14 22:03 . 2008-09-17 16:55 6352768 ----a-w- c:\windows\system32\nv4_disp.dll 2010-06-14 22:03 . 2008-09-17 16:55 10596576 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-06-14 14:31 . 2008-10-10 17:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-07 02:57 . 2010-05-06 02:22 68250 ----a-w- c:\windows\hpoins05.dat 2010-06-02 11:55 . 2010-07-21 02:25 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-06-02 11:55 . 2010-07-21 02:25 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-06-02 11:55 . 2010-07-21 02:25 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-05-27 21:09 . 2010-05-27 21:09 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcp71.dll 2010-05-27 21:09 . 2010-05-27 21:09 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\jmc.dll 2010-05-27 21:09 . 2010-05-27 21:09 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcr71.dll 2010-05-27 21:09 . 2010-05-27 21:09 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-sse.dll 2010-05-27 21:09 . 2010-05-27 21:09 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-d3d.dll 2010-05-26 18:41 . 2010-07-21 02:25 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-05-26 18:41 . 2010-07-21 02:25 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-28 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "CTHelper"="CTHELPER.EXE" [2005-08-07 16384] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "masqform.exe"="c:\program files\IBM\Lotus Forms\Viewer\3.0\masqform.exe" [2008-01-17 991232] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-10-09 33677312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-14 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-14 13917800] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk backup=c:\windows\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-28 01:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\BioWare\\DragonAge\\bin_ship\\DAOCharacterCreator.exe"= "d:\\Program Files\\BioWare\\DragonAge\\DAOriginsLauncher.exe"= "d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23687:TCP"= 23687:TCP:BitComet 23687 TCP "23687:UDP"= 23687:UDP:BitComet 23687 UDP "46123:TCP"= 46123:TCP:BitComet 46123 TCP "46123:UDP"= 46123:UDP:BitComet 46123 UDP "57093:TCP"= 57093:TCP:Pando Media Booster "57093:UDP"= 57093:UDP:Pando Media Booster R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/3/2010 4:34 PM 165456] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/30/2010 3:42 PM 44032] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/26/2010 7:01 AM 58600] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11/21/2009 7:54 PM 22328] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/21/2009 8:04 PM 1418368] S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2010 3:20 PM 135664] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/3/2009 1:35 PM 25832] S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/21/2009 8:05 PM 9216] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2010 8:56 AM 721904] --- Other Services/Drivers In Memory --- *Deregistered* - vtxakhgg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20] 2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe HKU-Default-Run-Llaletil - c:\windows\mfockex.dll Notify-AtiExtEvent - (no file) MSConfigStartUp-10DPP6O2VE - c:\docume~1\Zach\LOCALS~1\Temp\Npm.exe MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe MSConfigStartUp-BSK91O3T6D - c:\docume~1\Zach\LOCALS~1\Temp\Npk.exe MSConfigStartUp-evebelkt - c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp\fwfkjjhtssd.exe MSConfigStartUp-ewrgetuj - c:\docume~1\Zach\LOCALS~1\Temp\geurge.exe MSConfigStartUp-Llaletil - c:\windows\mfockex.dll MSConfigStartUp-Qdabufeworitul - c:\windows\ojuqadiru.dll MSConfigStartUp-settingsxx - c:\settingsxx.exe\settingsxx.exe MSConfigStartUp-sta - mieup.dll AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-17 10:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtxakhgg] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-573735546-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:16,03,6c,fa,b6,33,38,d5,1a,14,5e,70,24,62,07,8c,2d,b0,f9,d8,2c,c6,1d, 72,d9,1c,30,28,69,2a,32,b6,b9,ea,76,f6,5c,10,3e,8a,af,77,3b,44,30,6c,9b,ca,\ "??"=hex:e5,bd,29,ba,7d,03,71,d3,9d,9b,ff,6f,37,c5,dc,02 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2420) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\acs.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\program files\HP\Digital Imaging\bin\hpqgalry.exe . ************************************************************************** . Completion time: 2010-08-17 10:34:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-17 17:34 Pre-Run: 12,755,623,936 bytes free Post-Run: 12,971,769,856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - CE27DEC699242337F1CDF63062DA895E Help me Obi-Wan Kenobi, you're my only hope.
  12. Thanks for your help - this has been supremely frustrating. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xB32B1000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10600448 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.56 ) 0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6352896 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.56 ) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2150400 bytes 0x804D7000 RAW 2150400 bytes 0x804D7000 WMIxWDM 2150400 bytes 0xBF800000 Win32k 1851392 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xAC68C000 C:\WINDOWS\system32\drivers\viahduaa.sys 1421312 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver) 0xACAF6000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1114112 bytes (Creative Technology Ltd, Creative 20X HAL (WDM)) 0xB7EA2000 vtxakhgg.sys 811008 bytes 0xACA06000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM)) 0xB7D5C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xAC453000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB31C2000 C:\WINDOWS\system32\drivers\ctaud2k.sys 442368 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver) 0xB2FEE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xAC600000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xAB74B000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xAB372000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xB316C000 C:\WINDOWS\system32\drivers\ctoss2k.sys 204800 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM)) 0xB304C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xACAC9000 C:\WINDOWS\system32\drivers\emupia2k.sys 184320 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM)) 0xAB842000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB7D2F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xAB061000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xAC4C3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xB3275000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xAC5B0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xAC42C000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module) 0xACAA2000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 159744 bytes (Creative Technology Ltd, SoundFont® Manager (WDM)) 0xB7E5D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xAC113000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xB319E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB3251000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB322E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xAC58E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806E4000 ACPI_HAL 134400 bytes 0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB7E25000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB7E83000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xB7D15000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB7E45000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xABD8C000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP) 0xB7DFC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB312D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xABAA7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB329D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xAC659000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xB7DE9000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xB7E13000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB307C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xB30ED000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xB8198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xB81B8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xB81C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xB8178000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 61440 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver) 0xB81A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xABF3B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xB8258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xB8168000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver) 0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xB8278000 C:\WINDOWS\system32\drivers\nvhda32.sys 53248 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver) 0xB81D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xB81F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xB8238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xB8188000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xB81E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xB30BD000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver) 0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xB8268000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xB8228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xB8298000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xB8208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xB8218000 C:\WINDOWS\system32\DRIVERS\ndisrd.sys 36864 bytes (NT Kernel Resources, NDISRD helper driver) 0xB309D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xAB603000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xB8118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xB30AD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xB8398000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM)) 0xB84A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xB8430000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xB8380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xB8468000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xB8480000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xB8340000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP) 0xB83E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xB83F0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xB8488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xB8498000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xB83C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xB83D8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xB83B8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xB8370000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver) 0xB8390000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xABECB000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver) 0xB859C000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xB85A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xABEEB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xB8560000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xB854C000 C:\WINDOWS\system32\DRIVERS\usbfilter.sys 16384 bytes (Advanced Micro Devices, AMD USB Filter Driver) 0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xAC424000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xAC848000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB2FEA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xB857C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xB2FDA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xB8574000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xB85EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xB85E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xB85EE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xB85F2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xB85CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xB85B6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xB8671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver) 0xB87D5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xB8777000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xB86DC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0x8AFE5158 unknown_irp_handler 3752 bytes !!!!!!!!!!!Hidden driver: 0x8ACCFAEA ?_empty_? 1302 bytes !!!!!!!!!!!Hidden driver: 0x8AE3DF38 ?_empty_? 0 bytes ============================================== >Stealth ============================================== 0xB7E45000 WARNING: suspicious driver modification [atapi.sys::0x8ACCFAEA] 0xB83F0000 WARNING: Virus alike driver modification [mouclass.sys], 24576 bytes WARNING: File locked for read access [C:\WINDOWS\system32\drivers\vtxakhgg.sys] ============================================== >Files ============================================== !-->[Hidden] C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\D3KN7N2F\pixel;r=270870788;fpan=1;fpa=P0-817672776-1281714151296;ns=0;url=http___www.thathomesite.com_forums_load_windows_msg091959 1531546.html_5;ref=http___www.google[1].gif] !-->[Hidden] C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\NMJVQWBC\data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,PR-UWyqR0rGpaBnEu1s6_mSnkkr42DYmCQ8QXe0UOU59v9QzktdomgTyW40ucTeEj4l369E9QoQhlLwnvlP i0d-QIm79hkn5cY8sOT_B_uvpfPJjW_wObgs[1].gifif !-->[Hidden] C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\VWEMK758\data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,5NjbnR36G-srCeLqF8d0n6M3Awg8Ri6CtxX1ophb3WeeQbzp3qpKYEOW8hmxjcyoRLnMXTPFMLugc1M9Z0EBMj23AY txhXNy1E0uBlHadgrvJWAxB-wi800[1].gifif !-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb::$DATA !-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log::$DATA !-->[Hidden] C:\WINDOWS\system32\CatRoot2\tmp.edb ============================================== >Hooks ============================================== Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page] ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe] [1464]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page] [1464]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page] [1464]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page] [1464]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page] [1464]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page] [1464]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page] [1464]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page] [440]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [440]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [440]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll] [440]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page] [440]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page] [440]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page] [440]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page] [440]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page] [440]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page] [440]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [440]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [780]rundll32.exe-->user32.dll-->MessageBoxW, Type: IAT modification 0x010010A8-->00000000 [unknown_code_page] [984]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page] [984]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 10/10/2008 10:56:17 AM System Uptime: 8/15/2010 10:12:44 AM (0 hours ago) Motherboard: MSI | | 770-G45 (MS-7599) Processor: AMD Phenom II X2 550 Processor | CPU1 | 3100/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 128 GiB total, 11.37 GiB free. D: is FIXED (NTFS) - 105 GiB total, 30.689 GiB free. E: is CDROM () F: is FIXED (NTFS) - 149 GiB total, 66.792 GiB free. H: is Removable I: is Removable J: is Removable K: is Removable L: is Removable N: is FIXED (FAT32) - 596 GiB total, 331.994 GiB free. P: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&2966AB86&0&38A4 Manufacturer: NETGEAR, Inc. Name: NETGEAR 108 Mbps Wireless PCI Adapter WG311T #3 PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&2966AB86&0&38A4 Service: AR5211 ==== System Restore Points =================== RP1: 8/3/2010 2:01:06 PM - System Checkpoint RP2: 8/3/2010 2:43:56 PM - Software Distribution Service 3.0 RP3: 8/3/2010 4:34:27 PM - avast! Free Antivirus Setup RP4: 8/3/2010 4:41:27 PM - avast! Free Antivirus Setup RP5: 8/4/2010 9:33:15 PM - System Checkpoint RP6: 8/5/2010 9:45:03 PM - System Checkpoint RP7: 8/6/2010 10:07:55 PM - System Checkpoint RP8: 8/7/2010 11:55:13 PM - System Checkpoint RP9: 8/9/2010 3:17:53 AM - System Checkpoint RP10: 8/10/2010 3:43:11 AM - System Checkpoint RP11: 8/11/2010 4:35:47 AM - System Checkpoint RP12: 8/12/2010 4:45:27 AM - System Checkpoint RP13: 8/13/2010 4:57:39 AM - System Checkpoint RP14: 8/13/2010 11:35:56 PM - Installed BitDefender Antivirus 2010 RP15: 8/15/2010 1:38:41 AM - System Checkpoint ==== Installed Programs ====================== AAC Decoder Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.3 Adobe Shockwave Player 11.5 AiO_Scan AMD Processor Driver AMD USB Filter Driver ATI - Software Uninstall Utility ATI AVIVO Codecs ATI Parental Control & Encoder AutoUpdate avast! Free Antivirus BitComet 1.12 BitDefender Antivirus 2010 BufferChm Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center HydraVision Full ccc-core-preinstall ccc-core-static ccc-utility CCC Help English CCScore Citrix Presentation Server Client - Web Only Compatibility Pack for the 2007 Office system Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 Creative Media Toolbox Creative MediaSource Creative System Information CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations Director DivX Codec DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player DocProc DocumentViewer Download Manager 2.3.10 Dragon Age: Origins Dragon Age: Origins Character Creator ESSCDBK ESScore ESSgui ESSini ESSPCD ESSSONIC ESSTOOLS essvatgt ExtractNow getPlus® for Adobe Google Toolbar for Internet Explorer Google Update Helper H.264 Decoder Heroes of Newerth Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics IBM Lotus Forms Viewer 3.0 InstantShare Java Auto Updater Java 6 Update 18 K-Lite Codec Pack 4.1.7 (Full) kgcbaby kgcbase kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday KODAK EASYSHARE Gallery Upload ActiveX Control Kodak EasyShare software KODAK Gallery Upload Software KSU Liveupdate4 Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Office XP Media Content Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MKV Splitter Move Media Player MSI Afterburner 1.6.0 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nancy Drew: Secret of Shadow Ranch netbrdg NETGEAR Wireless Adapter WG311T Notifier NVIDIA Display Control Panel NVIDIA Drivers NVIDIA nView Desktop Manager NVIDIA PhysX OfotoXMI OGA Notifier 2.0.0048.0 Pando Media Booster PanoStandAlone PCDADDIN PCDHELP PhotoGallery Platform PSP ISO Compressor QFolder QuickTime Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) SFR SHASTA SKIN0001 SkinsHP1 SKINXSDK Sound Blaster X-Fi StarCraft II staticcr System Requirements Lab tooltips TrayApp Uniblue DriverScanner 2009 Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 VIA Platform Device Manager Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.1 VPRINTOL WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver WIRELESS XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 8/8/2010 10:51:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/13/2010 8:12:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service. 8/12/2010 1:54:42 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/12/2010 1:54:42 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified. 8/12/2010 1:53:59 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 8/12/2010 1:53:59 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. ==== End Of File ===========================
  13. About a week ago I would be browsing the internet and be redirected to all sorts of websites. Nothing bad, just I couldn't do a thing. I would do a google search, click one of the topics, and go to some random other websites. I tried running various anti-virus scans and could get nothing to really clean it. It started as the antivir virus, I tried clearing that and downloaded Avast, which I can't seem to remove now.... I just got BitDefender hoping to clean everything up, no luck. BitDefender still pops up with something called Gen:Variant.Bubnix.1 accessed by AvastSvc and apparently can'tg et rid of it. This is after running MBAM as well. I have to post everything on my 2nd computer because now I can't even open internet explorer. Here are the MBAM and DDS/GMER logs. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4430 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/14/2010 2:01:17 PM mbam-log-2010-08-14 (14-01-17).txt Scan type: Quick scan Objects scanned: 134560 Time elapsed: 6 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 12 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 10 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bsk91o3t6d (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Zach\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Zach\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Zach\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Zach\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Zach\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msrun.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Zach at 10:17:45.04 on Sun 08/15/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2776 [GMT -7:00] AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Documents and Settings\Zach\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.0\PEhelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [masqform.exe] c:\program files\ibm\lotus forms\viewer\3.0\masqform.exe -RunOnce" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe" dRun: [Llaletil] rundll32.exe "c:\windows\mfockex.dll",Startup dRun: [fserhsrx] c:\documents and settings\networkservice\local settings\application data\kstjpntbu\igyksvktssd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe mPolicies-system: EnableLUA = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-4-30 44032] R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-8 20480] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-7-26 58600] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-11-21 22328] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-21 1418368] S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-28 135664] S2 StarWindServiceAE;StarWind AE Service;c:\downloads\alcohol.120.v1.9.8.7612.retail.multilang.patch.v4.1.1.chvl\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-3 25832] S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2009-11-21 9216] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] =============== Created Last 30 ================ 2010-08-15 17:11:28 274 ----a-w- c:\documents and settings\zach\defogger_reenable 2010-08-14 21:04:18 385 ----a-w- c:\windows\system32\user_gensett.xml 2010-08-14 20:52:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-14 20:52:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-14 06:44:56 850 ----a-w- c:\documents and settings\zach\Application DataProductTweaks.xml 2010-08-14 06:44:56 385 ----a-w- c:\documents and settings\zach\Application Datauser_gensett.xml 2010-08-14 06:44:45 52 ----a-w- c:\windows\system32\ashttpstats.csv 2010-08-14 06:41:05 376 ----a-w- c:\documents and settings\zach\Application Dataprivacy.xml 2010-08-14 06:35:59 0 d-----w- c:\program files\BitDefender 2010-08-14 06:35:59 0 d-----w- c:\docume~1\zach\applic~1\BitDefender 2010-08-14 06:35:59 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender 2010-08-14 06:35:31 0 d-----w- c:\program files\common files\BitDefender 2010-08-14 06:29:46 880 ----a-w- C:\BdUninstallTool2010.08.13-11.29.45.reg 2010-08-14 06:27:14 79244 ----a-w- C:\BdUninstallTool2010.08.13-11.27.14.reg 2010-08-12 02:58:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-08 21:37:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-08 21:37:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-08 21:21:23 0 d-----w- c:\docume~1\zach\applic~1\Malwarebytes 2010-08-08 20:54:46 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2010-08-03 23:47:01 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-08-03 23:34:32 38848 ----a-w- c:\windows\avastSS.scr 2010-08-03 23:34:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-08-03 23:22:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-03 21:04:15 2858 ----a-w- c:\windows\ewazurowov.dll 2010-08-03 20:48:51 5 ----a-w- C:\zrpt.xml 2010-08-03 20:46:50 0 ----a-w- c:\windows\Isiqog.bin 2010-08-03 20:46:49 120 ----a-w- c:\windows\Qworililunutow.dat 2010-08-03 20:46:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Update 2010-08-03 20:45:18 102400 --sha-r- c:\windows\system32\framebufw.dll 2010-08-03 20:44:50 782336 ----a-w- c:\windows\system32\drivers\vtxakhgg.sys 2010-08-03 20:44:25 0 d-----w- c:\docume~1\zach\applic~1\3EA1A769637C132C6EA7D09AACD8BD49 2010-08-02 13:31:23 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-07-26 14:01:24 58600 ----a-w- c:\windows\system32\drivers\nvhda32.sys 2010-07-26 14:01:24 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2010-07-26 14:01:24 227944 ----a-w- c:\windows\system32\nvcohda.dll 2010-07-25 06:09:04 0 d-----w- c:\program files\Heroes of Newerth 2010-07-18 04:13:06 228632 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-07-18 04:13:04 228632 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-07-18 04:13:04 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-07-18 04:13:04 0 ----a-w- c:\windows\system32\nvdrswr.lk 2010-07-18 04:06:56 0 d-----w- c:\program files\SystemRequirementsLab ==================== Find3M ==================== 2010-06-14 22:03:00 6352768 ----a-w- c:\windows\system32\nv4_disp.dll 2010-06-14 22:03:00 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-06-14 22:03:00 4579328 ----a-w- c:\windows\system32\nvcuda.dll 2010-06-14 22:03:00 2910824 ----a-w- c:\windows\system32\nvcuvid.dll 2010-06-14 22:03:00 2505320 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-06-14 22:03:00 232040 ----a-w- c:\windows\system32\nvcodins.dll 2010-06-14 22:03:00 232040 ----a-w- c:\windows\system32\nvcod.dll 2010-06-14 22:03:00 2195030 ----a-w- c:\windows\system32\nvdata.bin 2010-06-14 22:03:00 1388544 ----a-w- c:\windows\system32\nvapi.dll 2010-06-14 22:03:00 13533184 ----a-w- c:\windows\system32\nvoglnt.dll 2010-06-14 22:03:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll 2010-06-07 02:57:41 68250 ----a-w- c:\windows\hpoins05.dat 2010-06-02 11:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-06-02 11:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-06-02 11:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-05-26 18:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-05-26 18:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-05-26 18:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-05-26 18:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-05-26 18:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2005-04-06 18:55:38 456384 ----a-w- c:\windows\inf\wg311t\WG311T13.sys 2004-10-20 02:58:28 35232 ----a-w- c:\windows\inf\wg311t\ME_INST.EXE 2004-10-20 02:58:28 26112 ----a-w- c:\windows\inf\wg311t\install.exe 2008-10-27 19:33:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081013\index.dat 2008-10-27 19:33:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat ============= FINISH: 10:19:04.10 =============== Thanks, Zach