Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

5 RootKits hidden & can't be removed: inline hook ntdll.dll ldrunloaddll

(New)
(!)

Jbcurt00's Avatar
Jbcurt00 Jbcurt00 is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Feb 2011
Experience: Intermediate
09-Feb-2011, 11:44 PM #1
5 RootKits hidden & can't be removed: inline hook ntdll.dll ldrunloaddll
DDS: DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by 96 at 23:22:29.89 on Wed 02/09/2011 Internet Explorer: 8.0.6001.19019 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5921 [GMT -5:00] AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\nvraidservice.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\96\Desktop\Downloads\5zdf5pvi.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\96\Desktop\Downloads\dds(2).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [UpdateP2GoShortCut] &quot;c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe&quot; &quot;c:\Program Files (x86)\CyberLink\Power2Go&quot; UpdateWithCreateOnce &quot;SOFTWARE\CyberLink\Power2Go\6.0&quot; mRun: [UpdatePDIRShortCut] &quot;c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe&quot; &quot;c:\Program Files (x86)\CyberLink\PowerDirector&quot; UpdateWithCreateOnce &quot;SOFTWARE\CyberLink\PowerDirector\7.0&quot; mRun: [UpdatePSTShortCut] &quot;c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe&quot; &quot;c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe&quot; UpdateWithCreateOnce &quot;Software\CyberLink\PowerStarter&quot; mRun: [TSMAgent] &quot;c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe&quot; mRun: [CLMLServer for HP TouchSmart] &quot;c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe&quot; mRun: [DVDAgent] &quot;c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe&quot; mRun: [SunJavaUpdateSched] &quot;C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe&quot; mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Adobe Reader Speed Launcher] &quot;C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe&quot; mRun: [Adobe ARM] &quot;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe&quot; mRun: [DivXUpdate] &quot;C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe&quot; /CHECKNOW mRun: [DivX Download Manager] &quot;C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe&quot; start mRun: [avast5] &quot;C:\Program Files\Alwil Software\Avast5\avastUI.exe&quot; /nogui StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun-x64: [OsdMaestro] &quot;C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe&quot; mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming ================= FIREFOX =================== FF - ProfilePath - C:\Users\96\AppData\Roaming\Mozilla\Firefox\Profiles\v9co7cs6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputil s2.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputil s3.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputil s35.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\96\AppData\Roaming\Mozilla\Firefox\Profiles\v9co7cs6.default\exten sions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: C:\Users\96\AppData\Roaming\Mozilla\Firefox\Profiles\v9co7cs6.default\exten sions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF - Ext: Hotmail-Ad-Zap!: hotmail-ad-zap@csenthilkumar.com - %profile%\extensions\hotmail-ad-zap@csenthilkumar.com FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net FF - Ext: Classic Compact Options: notreal.ccoptions@environmentalchemistry.com - %profile%\extensions\notreal.ccoptions@environmentalchemistry.com FF - Ext: ClearPrivate Data... +: {0dd39226-2650-404d-a43d-ffd906b35a9e} - %profile%\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} FF - Ext: Open Image In New Tab: imagetab@next.gen.nz - %profile%\extensions\imagetab@next.gen.nz FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen FF - Ext: BrowserProtect: browserprotect@browserprotect.com - %profile%\extensions\browserprotect@browserprotect.com FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-7 273488] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-7 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-7 62032] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-7 40384] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-3-4 192512] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-18 517448] S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-5 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0 400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-18 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] =============== File Associations =============== JSEFile=C:\Windows\SysWOW64\WScript.exe &quot;%1&quot; %* =============== Created Last 30 ================ 2011-02-10 03:29:49 -------- d-----w- C:\Program Files (x86)\trend micro 2011-02-10 03:29:06 -------- d-----w- C:\Rooter$ 2011-02-09 01:37:56 -------- d-----w- C:\Users\96\AppData\Roaming\SUPERAntiSpyware.com 2011-02-09 01:37:56 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-02-09 01:37:51 -------- d-----w- C:\PROGRA~3\!SASCORE 2011-02-09 01:37:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-02-08 22:25:04 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2011-02-08 22:25:04 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2011-02-08 22:18:56 2757632 ----a-w- C:\Windows\System32\win32k.sys 2011-02-08 22:03:39 4699024 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-02-08 22:03:38 1585168 ----a-w- C:\Windows\System32\ntdll.dll 2011-02-08 22:03:38 1168512 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-02-08 21:59:38 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-08 21:59:38 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-08 21:59:37 48128 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-08 21:59:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-08 00:49:59 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-02-08 00:49:25 38848 ----a-w- C:\Windows\avastSS.scr 2011-02-08 00:49:13 -------- d-----w- C:\PROGRA~3\Alwil Software 2011-02-06 01:10:45 -------- d--h--w- C:\$AVG 2011-02-06 00:52:37 -------- d-----w- C:\Users\96\AppData\Local\{11543896-7199-4C1D-9491-546EEA721FE5} 2011-02-06 00:52:24 -------- d-----w- C:\Users\96\AppData\Roaming\Windows Live Writer 2011-02-06 00:52:24 -------- d-----w- C:\Users\96\AppData\Local\Windows Live Writer 2011-02-06 00:41:37 -------- d-----w- C:\Windows\en 2011-02-06 00:38:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2011-02-06 00:36:32 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2011-02-06 00:32:41 -------- d-----w- C:\Users\96\AppData\Local\Windows Live 2011-02-06 00:32:41 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2011-02-06 00:32:18 754688 ----a-w- C:\Windows\SysWow64\webservices.dll 2011-02-06 00:32:18 1103872 ----a-w- C:\Windows\System32\webservices.dll 2011-01-30 22:54:24 -------- d-----w- C:\Windows\PCHEALTH 2011-01-30 22:51:20 -------- d-----w- C:\Users\96\AppData\Local\Microsoft Help 2011-01-30 15:45:12 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-01-29 14:39:59 -------- d-----w- C:\Users\96\Acer 7738g 2011-01-29 04:16:22 -------- d-----w- C:\Users\96\HP 9517c 2011-01-29 00:14:04 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0CA4A3C2-D93D-41B1-9F40-7BD1F2A1681A}\mpengine.dll 2011-01-20 00:52:54 -------- d-----w- C:\Windows\SysWow64\spool 2011-01-20 00:52:54 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices 2011-01-20 00:52:53 -------- d-----w- C:\Program Files\Windows Portable Devices 2011-01-20 00:34:13 736256 ----a-w- C:\Windows\System32\UIAutomationCore.dll 2011-01-20 00:34:13 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll 2011-01-20 00:34:13 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll 2011-01-20 00:34:13 4096 ----a-w- C:\Windows\System32\oleaccrc.dll 2011-01-20 00:34:13 315904 ----a-w- C:\Windows\System32\oleacc.dll 2011-01-20 00:34:13 234496 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-01-20 00:32:12 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2011-01-20 00:32:12 103424 ----a-w- C:\Windows\System32\UIAnimation.dll 2011-01-20 00:32:11 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2011-01-20 00:32:11 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2011-01-20 00:32:10 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll 2011-01-20 00:32:10 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2011-01-20 00:19:31 652296 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Micr osoft.MediaCenter.Sports.UI.dll 2011-01-20 00:19:15 749832 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightRes ources.dll 2011-01-19 22:10:49 -------- d-----w- C:\Users\96\AppData\Roaming\Malwarebytes 2011-01-19 22:10:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-01-19 22:10:39 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-01-19 22:10:36 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-01-19 22:10:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-01-19 21:47:55 316928 ----a-w- C:\Windows\System32\msshsq.dll 2011-01-19 21:47:55 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll 2011-01-19 21:47:54 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-19 21:47:54 420352 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-19 03:19:02 -------- d-----w- C:\Windows\SysWow64\vi-VN 2011-01-19 03:19:02 -------- d-----w- C:\Windows\SysWow64\eu-ES 2011-01-19 03:19:02 -------- d-----w- C:\Windows\SysWow64\ca-ES 2011-01-19 03:19:02 -------- d-----w- C:\Windows\System32\eu-ES 2011-01-19 03:19:02 -------- d-----w- C:\Windows\System32\ca-ES 2011-01-19 03:19:01 -------- d-----w- C:\Windows\System32\vi-VN 2011-01-19 03:02:05 -------- d-----w- C:\Windows\System32\EventProviders 2011-01-19 02:23:27 -------- d-----w- C:\Users\96\AppData\Roaming\WinBatch 2011-01-19 02:17:02 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-01-19 02:17:02 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2011-01-19 02:03:44 12240896 ----a-w- C:\Windows\SysWow64\NlsLexicons0007.dll 2011-01-19 02:02:59 82432 ----a-w- C:\Windows\System32\davclnt.dll 2011-01-19 02:01:58 218624 ----a-w- C:\Windows\SysWow64\wdscore.dll 2011-01-19 00:59:57 442368 ----a-w- C:\Windows\System32\winhttp.dll 2011-01-19 00:59:57 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll 2011-01-19 00:59:48 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui 2011-01-19 00:59:23 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2011-01-19 00:59:23 451584 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-01-19 00:59:23 179712 ----a-w- C:\Windows\System32\srvsvc.dll 2011-01-19 00:59:23 17920 ----a-w- C:\Windows\SysWow64\netevent.dll 2011-01-19 00:59:23 17920 ----a-w- C:\Windows\System32\netevent.dll 2011-01-19 00:59:23 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-01-19 00:59:23 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-01-19 00:59:23 12288 ----a-w- C:\Windows\System32\sscore.dll 2011-01-19 00:59:08 975360 ----a-w- C:\Windows\System32\inetcomm.dll 2011-01-19 00:59:08 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-01-18 22:15:52 -------- d-----w- C:\Program Files\CCleaner 2011-01-18 22:14:34 -------- d-----w- C:\Program Files (x86)\Ask.com 2011-01-18 22:13:49 -------- d-----w- C:\Program Files (x86)\GRETECH 2011-01-18 22:13:03 -------- d-----w- C:\Users\96\AppData\Roaming\Local 2011-01-18 22:12:35 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2011-01-18 22:12:30 -------- d-----w- C:\Program Files\DivX 2011-01-18 22:12:10 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2011-01-18 22:10:12 -------- d-----w- C:\Program Files (x86)\DivX 2011-01-18 22:08:35 -------- d-----w- C:\PROGRA~3\DivX 2011-01-18 06:55:20 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2011-01-18 06:55:20 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2011-01-18 06:55:20 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2011-01-18 06:55:20 444752 ----a-w- C:\Windows\System32\mscoree.dll 2011-01-18 06:55:20 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2011-01-18 06:55:20 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2011-01-18 06:55:20 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2011-01-18 06:55:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-01-18 06:55:20 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-01-18 06:55:20 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2011-01-18 06:54:08 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-01-18 06:54:04 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-01-18 06:34:25 -------- d-----w- C:\Users\96\AppData\Local\Adobe 2011-01-18 06:29:23 53248 ----a-r- C:\Users\96\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-01-18 06:29:10 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-01-18 06:28:05 -------- d-----w- C:\Users\96\AppData\Roaming\Logishrd 2011-01-18 05:09:23 -------- d-----w- C:\Users\96\AppData\Local\AVG Security Toolbar 2011-01-18 05:08:04 -------- d-----w- C:\Users\96\AppData\Roaming\AVG10 2011-01-18 05:06:37 -------- d--h--w- C:\PROGRA~3\Common Files 2011-01-18 05:06:30 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar 2011-01-18 05:06:22 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2011-01-18 05:05:50 -------- d-----w- C:\Windows\System32\drivers\AVG 2011-01-18 05:05:50 -------- d-----w- C:\PROGRA~3\AVG10 2011-01-18 05:04:41 -------- d-----w- C:\Program Files (x86)\AVG 2011-01-18 04:47:38 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe 2011-01-18 04:46:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-01-18 04:46:28 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-01-18 04:46:10 1927680 ----a-w- C:\Windows\System32\gameux.dll 2011-01-18 04:46:09 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll 2011-01-18 04:46:09 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll 2011-01-18 04:46:09 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll 2011-01-18 04:46:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll 2011-01-18 04:46:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll 2011-01-18 04:46:04 1797120 ----a-w- C:\Windows\System32\msxml6.dll 2011-01-18 04:46:04 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll 2011-01-18 04:44:41 368128 ----a-w- C:\Windows\System32\wmpdxm.dll 2011-01-18 04:43:59 677376 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2011-01-18 04:42:38 772608 ----a-w- C:\Windows\System32\localspl.dll 2011-01-18 04:33:39 72192 ----a-w- C:\Windows\System32\l3codeca.acm 2011-01-18 04:33:39 62464 ----a-w- C:\Windows\SysWow64\l3codeca.acm 2011-01-18 04:33:38 220672 ----a-w- C:\Windows\SysWow64\l3codecp.acm 2011-01-18 04:33:38 181760 ----a-w- C:\Windows\System32\l3codecp.acm 2011-01-18 04:24:43 -------- d-----w- C:\Users\96\AppData\Local\Microsoft Games 2011-01-18 04:09:47 218624 ----a-w- C:\Windows\System32\wintrust.dll 2011-01-18 04:09:47 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2011-01-18 04:09:45 98304 ----a-w- C:\Windows\SysWow64\cabview.dll 2011-01-18 04:09:45 104960 ----a-w- C:\Windows\System32\cabview.dll 2011-01-18 04:02:42 -------- d-----w- C:\PROGRA~3\MFAData 2011-01-18 04:01:46 2621440 ----a-w- C:\Windows\System32\wucltux.dll 2011-01-18 04:00:58 98816 ----a-w- C:\Windows\System32\wudriver.dll 2011-01-18 04:00:58 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll 2011-01-18 03:55:00 36864 ----a-w- C:\Windows\System32\wuapp.exe 2011-01-18 03:55:00 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2011-01-18 03:55:00 185416 ----a-w- C:\Windows\System32\wuwebv.dll 2011-01-18 03:55:00 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2011-01-18 03:28:48 -------- d-----w- C:\Users\96\AppData\Roaming\PictureMover 2011-01-18 03:28:39 -------- d-----w- C:\Users\96\AppData\Local\Hewlett-Packard 2011-01-18 03:24:03 -------- d-----w- C:\Users\96\AppData\Roaming\HP TCS ==================== Find3M ==================== 2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv 2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll 2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll 2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll 2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll 2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll 2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll 2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll 2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll 2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll 2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll 2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll 2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv 2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll 2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll 2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll 2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll 2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll 2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe 2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll 2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll 2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll 2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll 2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll 2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe 2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll 2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll 2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll 2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll 2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll 2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll 2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll 2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll 2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll 2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll 2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll 2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll 2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll 2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec 2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe 2010-12-08 09:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2010-11-12 18:19:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys ============= FINISH: 23:22:56.14 =============== Attach Log: DDS (Ver_10-12-12.02) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/5/2009 11:12:23 AM System Uptime: 2/9/2011 11:06:26 PM (0 hours ago) Motherboard: PEGATRON CORPORATION | | VIOLET Processor: AMD Phenom(tm) 9550 Quad-Core Processor | CPU 1 | 2200/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 918 GiB total, 705.405 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.812 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP7: 1/17/2011 11:00:34 PM - Windows Update RP8: 1/17/2011 11:09:48 PM - Windows Update RP9: 1/17/2011 11:21:55 PM - Installed RP10: 1/17/2011 11:22:28 PM - Installed RP17: 1/17/2011 11:59:07 PM - Windows Update RP18: 1/18/2011 12:32:35 AM - Windows Update RP19: 1/18/2011 1:35:27 AM - Installed Adobe Reader X. RP20: 1/18/2011 1:51:39 AM - Windows Update RP21: 1/18/2011 1:52:54 AM - Windows Update RP22: 1/18/2011 1:54:31 AM - Windows Update RP23: 1/18/2011 4:23:45 PM - Windows Update RP24: 1/18/2011 9:07:16 PM - Windows Update RP25: 1/18/2011 9:51:06 PM - Windows Update RP26: 1/18/2011 10:01:21 PM - Windows Update RP27: 1/19/2011 7:31:46 PM - Windows Update RP28: 1/22/2011 4:20:27 PM - Scheduled Checkpoint RP29: 1/23/2011 11:29:24 AM - Scheduled Checkpoint RP30: 1/24/2011 7:12:42 PM - Scheduled Checkpoint RP31: 1/25/2011 6:53:30 PM - Scheduled Checkpoint RP32: 1/26/2011 4:28:10 PM - Scheduled Checkpoint RP33: 1/26/2011 5:36:24 PM - Removed GOM Player + Ask Toolbar. RP34: 1/27/2011 4:35:42 PM - Windows Update RP35: 1/28/2011 7:13:55 PM - Windows Update RP36: 1/29/2011 10:41:24 AM - Scheduled Checkpoint RP37: 1/30/2011 8:27:46 AM - Scheduled Checkpoint RP38: 1/30/2011 5:50:45 PM - Installed Microsoft Office Home and Student 2007 RP39: 1/31/2011 6:29:15 PM - Scheduled Checkpoint RP40: 2/1/2011 6:04:01 PM - Scheduled Checkpoint RP41: 2/2/2011 7:07:36 PM - Scheduled Checkpoint RP42: 2/3/2011 6:44:00 PM - Scheduled Checkpoint RP43: 2/5/2011 12:21:16 AM - Scheduled Checkpoint RP44: 2/5/2011 6:31:48 PM - Windows Update RP45: 2/5/2011 7:31:01 PM - Windows Update RP46: 2/6/2011 3:13:00 PM - Windows Update RP47: 2/7/2011 7:49:02 PM - avast! Free Antivirus Setup RP48: 2/8/2011 6:41:46 PM - Windows Update RP49: 2/9/2011 8:07:57 PM - Scheduled Checkpoint ==== Installed Programs ====================== ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader X (10.0.1) Ask Toolbar avast! Free Antivirus Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe D3DX10 DivX Setup Enhanced Multimedia Keyboard Solution eReg GOM Player Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Easy Backup HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP Picasso Media Center Add-In HP Recovery Manager RSS HP Total Care Advisor HP Total Care Setup HP Update HPAsset component for HP Active Support Library Java(TM) 6 Update 7 Junk Mail filter update LabelPrint LightScribe System Software 1.14.25.1 LightScribe Template Labeler Malwarebytes' Anti-Malware Mesh Runtime Messenger Companion Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Mozilla Firefox (3.6.13) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal PictureMover Power2Go PowerDirector Python 2.5.2 Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Segoe UI sp44626 Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.4053 Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Event Viewer Messages From Past Week ======== 2/9/2011 6:59:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 2/9/2011 6:59:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/9/2011 6:59:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error &quot;1053&quot; attempting to start the service WSearch with arguments &quot;&quot; in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/9/2011 11:08:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt ==== End Of File =========================== GMER log: Nothing found, no *.txt file or contents to copy to a *.txt

Last edited by Byteman; 10-Feb-2011 at 07:37 PM..
Jbcurt00's Avatar
Jbcurt00 Jbcurt00 is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Feb 2011
Experience: Intermediate
10-Feb-2011, 05:06 PM #2
I now have my work laptop at home too, for following advice & posting to forum.

Also, why did my post have punctuation & 'returns' removed? Making it a big run-on?
Jbcurt00's Avatar
Jbcurt00 Jbcurt00 is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Feb 2011
Experience: Intermediate
10-Feb-2011, 07:36 PM #3
Thanks, I guess that 'cleaned' up the text, but it sure doesn't look that way.
Thanks Byteman
jbc
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,448 posts.
 
Join Date: Jan 2002
Location: NY
10-Feb-2011, 07:40 PM #4
No it didn't I was still trying when you posted....either I had edited the wrong post, removing your original log files...or you did, while I was trying to remove what I was trying, that did not work..... the logs are still running on together

I think we should just wait for a helper to get to you. I cannot-

Please leave the text posted.....there may be an easy way to straigten it out. Usually, it is the Format tab in either Notepad or whatever text editor you used to save those logs in....

The "Word Wrap" setting may need to be checked or UNchecked, I tried it here but saving it either way in WordPad, Notepad, or as Rich Text did not change the unformatting condition.....did you use MS Word or something?
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
Jbcurt00's Avatar
Jbcurt00 Jbcurt00 is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Feb 2011
Experience: Intermediate
10-Feb-2011, 07:52 PM #5
No MS Word, used notepad that opened when the scans were done & populated the field automatically. I just copied the text out of those files. It was formatted the same as other posts when I inserted text into the forum's message board field. Remained that way when I previewed my post. Something changed after I posted message. Thanks anyway....
Jbcurt00's Avatar
Jbcurt00 Jbcurt00 is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Feb 2011
Experience: Intermediate
11-Feb-2011, 09:19 PM #6
Byteman
Please delete this post if possible. Lots of subject views no further advice. I will try & re-post w/ punctuation later tonight. AVG rescue CD (updated to current Rev) booting from a usb drive found no rootkits. Re-scanned w/ regular AVG & found same 5 rootkits. Unable to delete them, modules different....Re-scanned 2nd time with hidden files 'unhidden' & system files shown..

Maybe a fresh start from scratch will help get them removed.
JBC
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,448 posts.
 
Join Date: Jan 2002
Location: NY
13-Feb-2011, 11:24 PM #7
We don't delete threads but I will Close it for you. You can open a new thread if you wish.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Rootkit virus may still be lingering on my computer... Help appreciated! :) bunnysgotabug Virus & Other Malware Removal 6 04-Nov-2010 07:29 PM
Can't reach Mircosoft Outlook files windows says exe or something else can't be found Starrloves Windows XP 0 29-Sep-2009 11:11 PM
Windows 7 random explorer.exe fail [ntdll.dll] thisisevilevil Windows Vista 6 19-Sep-2009 12:42 PM
Solved: hidden files not being displayed indeeptrouble Windows XP 8 24-Jul-2009 04:01 AM
Internet Explorer ntdll.dll error saml1m Web & Email 3 21-Apr-2009 01:21 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2