1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

5 RootKits hidden & can't be removed: inline hook ntdll.dll ldrunloaddll

Discussion in 'Virus & Other Malware Removal' started by Jbcurt00, Feb 9, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Jbcurt00

    Jbcurt00 Thread Starter

    Joined:
    Feb 9, 2011
    Messages:
    5
    DDS: DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by 96 at 23:22:29.89 on Wed 02/09/2011 Internet Explorer: 8.0.6001.19019 Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.8190.5921 [GMT -5:00] AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\nvraidservice.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\96\Desktop\Downloads\5zdf5pvi.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\96\Desktop\Downloads\dds(2).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [UpdateP2GoShortCut] &quot;c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe&quot; &quot;c:\Program Files (x86)\CyberLink\Power2Go&quot; UpdateWithCreateOnce &quot;SOFTWARE\CyberLink\Power2Go\6.0&quot; mRun: [UpdatePDIRShortCut] &quot;c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe&quot; &quot;c:\Program Files (x86)\CyberLink\PowerDirector&quot; UpdateWithCreateOnce &quot;SOFTWARE\CyberLink\PowerDirector\7.0&quot; mRun: [UpdatePSTShortCut] &quot;c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe&quot; &quot;c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe&quot; UpdateWithCreateOnce &quot;Software\CyberLink\PowerStarter&quot; mRun: [TSMAgent] &quot;c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe&quot; mRun: [CLMLServer for HP TouchSmart] &quot;c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe&quot; mRun: [DVDAgent] &quot;c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe&quot; mRun: [SunJavaUpdateSched] &quot;C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe&quot; mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Adobe Reader Speed Launcher] &quot;C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe&quot; mRun: [Adobe ARM] &quot;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe&quot; mRun: [DivXUpdate] &quot;C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe&quot; /CHECKNOW mRun: [DivX Download Manager] &quot;C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe&quot; start mRun: [avast5] &quot;C:\Program Files\Alwil Software\Avast5\avastUI.exe&quot; /nogui StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun-x64: [OsdMaestro] &quot;C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe&quot; mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming ================= FIREFOX =================== FF - ProfilePath - C:\Users\96\AppData\Roaming\Mozilla\Firefox\Profiles\v9co7cs6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\96\AppData\Roaming\Mozilla\Firefox\Profiles\v9co7cs6.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll FF - plugin: C:\Users\96\AppData\Roaming\Mozilla\Firefox\Profiles\v9co7cs6.default\extensions\[email protected]\plugins\npCoralIETab.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF - Ext: Hotmail-Ad-Zap!: [email protected] - %profile%\extensions\[email protected] FF - Ext: Webmail Ad Blocker: [email protected] - %profile%\extensions\[email protected] FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Adblock Plus Pop-up Addon: [email protected] - %profile%\extensions\[email protected] FF - Ext: Classic Compact Options: [email protected] - %profile%\extensions\[email protected] FF - Ext: ClearPrivate Data... +: {0dd39226-2650-404d-a43d-ffd906b35a9e} - %profile%\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} FF - Ext: Open Image In New Tab: [email protected] - %profile%\extensions\[email protected] FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected] FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-7 273488] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-7 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-7 62032] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-7 40384] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-3-4 192512] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-18 517448] S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-5 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-18 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] =============== File Associations =============== JSEFile=C:\Windows\SysWOW64\WScript.exe &quot;%1&quot; %* =============== Created Last 30 ================ 2011-02-10 03:29:49 -------- d-----w- C:\Program Files (x86)\trend micro 2011-02-10 03:29:06 -------- d-----w- C:\Rooter$ 2011-02-09 01:37:56 -------- d-----w- C:\Users\96\AppData\Roaming\SUPERAntiSpyware.com 2011-02-09 01:37:56 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-02-09 01:37:51 -------- d-----w- C:\PROGRA~3\!SASCORE 2011-02-09 01:37:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-02-08 22:25:04 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2011-02-08 22:25:04 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2011-02-08 22:18:56 2757632 ----a-w- C:\Windows\System32\win32k.sys 2011-02-08 22:03:39 4699024 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-02-08 22:03:38 1585168 ----a-w- C:\Windows\System32\ntdll.dll 2011-02-08 22:03:38 1168512 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-02-08 21:59:38 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-08 21:59:38 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-08 21:59:37 48128 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-08 21:59:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-08 00:49:59 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-02-08 00:49:25 38848 ----a-w- C:\Windows\avastSS.scr 2011-02-08 00:49:13 -------- d-----w- C:\PROGRA~3\Alwil Software 2011-02-06 01:10:45 -------- d--h--w- C:\$AVG 2011-02-06 00:52:37 -------- d-----w- C:\Users\96\AppData\Local\{11543896-7199-4C1D-9491-546EEA721FE5} 2011-02-06 00:52:24 -------- d-----w- C:\Users\96\AppData\Roaming\Windows Live Writer 2011-02-06 00:52:24 -------- d-----w- C:\Users\96\AppData\Local\Windows Live Writer 2011-02-06 00:41:37 -------- d-----w- C:\Windows\en 2011-02-06 00:38:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2011-02-06 00:36:32 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2011-02-06 00:32:41 -------- d-----w- C:\Users\96\AppData\Local\Windows Live 2011-02-06 00:32:41 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2011-02-06 00:32:18 754688 ----a-w- C:\Windows\SysWow64\webservices.dll 2011-02-06 00:32:18 1103872 ----a-w- C:\Windows\System32\webservices.dll 2011-01-30 22:54:24 -------- d-----w- C:\Windows\PCHEALTH 2011-01-30 22:51:20 -------- d-----w- C:\Users\96\AppData\Local\Microsoft Help 2011-01-30 15:45:12 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-01-29 14:39:59 -------- d-----w- C:\Users\96\Acer 7738g 2011-01-29 04:16:22 -------- d-----w- C:\Users\96\HP 9517c 2011-01-29 00:14:04 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0CA4A3C2-D93D-41B1-9F40-7BD1F2A1681A}\mpengine.dll 2011-01-20 00:52:54 -------- d-----w- C:\Windows\SysWow64\spool 2011-01-20 00:52:54 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices 2011-01-20 00:52:53 -------- d-----w- C:\Program Files\Windows Portable Devices 2011-01-20 00:34:13 736256 ----a-w- C:\Windows\System32\UIAutomationCore.dll 2011-01-20 00:34:13 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll 2011-01-20 00:34:13 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll 2011-01-20 00:34:13 4096 ----a-w- C:\Windows\System32\oleaccrc.dll 2011-01-20 00:34:13 315904 ----a-w- C:\Windows\System32\oleacc.dll 2011-01-20 00:34:13 234496 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-01-20 00:32:12 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2011-01-20 00:32:12 103424 ----a-w- C:\Windows\System32\UIAnimation.dll 2011-01-20 00:32:11 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2011-01-20 00:32:11 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2011-01-20 00:32:10 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll 2011-01-20 00:32:10 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2011-01-20 00:19:31 652296 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-01-20 00:19:15 749832 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-01-19 22:10:49 -------- d-----w- C:\Users\96\AppData\Roaming\Malwarebytes 2011-01-19 22:10:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-01-19 22:10:39 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-01-19 22:10:36 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-01-19 22:10:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-01-19 21:47:55 316928 ----a-w- C:\Windows\System32\msshsq.dll 2011-01-19 21:47:55 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll 2011-01-19 21:47:54 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-19 21:47:54 420352 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-19 03:19:02 -------- d-----w- C:\Windows\SysWow64\vi-VN 2011-01-19 03:19:02 -------- d-----w- C:\Windows\SysWow64\eu-ES 2011-01-19 03:19:02 -------- d-----w- C:\Windows\SysWow64\ca-ES 2011-01-19 03:19:02 -------- d-----w- C:\Windows\System32\eu-ES 2011-01-19 03:19:02 -------- d-----w- C:\Windows\System32\ca-ES 2011-01-19 03:19:01 -------- d-----w- C:\Windows\System32\vi-VN 2011-01-19 03:02:05 -------- d-----w- C:\Windows\System32\EventProviders 2011-01-19 02:23:27 -------- d-----w- C:\Users\96\AppData\Roaming\WinBatch 2011-01-19 02:17:02 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-01-19 02:17:02 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2011-01-19 02:03:44 12240896 ----a-w- C:\Windows\SysWow64\NlsLexicons0007.dll 2011-01-19 02:02:59 82432 ----a-w- C:\Windows\System32\davclnt.dll 2011-01-19 02:01:58 218624 ----a-w- C:\Windows\SysWow64\wdscore.dll 2011-01-19 00:59:57 442368 ----a-w- C:\Windows\System32\winhttp.dll 2011-01-19 00:59:57 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll 2011-01-19 00:59:48 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui 2011-01-19 00:59:23 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2011-01-19 00:59:23 451584 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-01-19 00:59:23 179712 ----a-w- C:\Windows\System32\srvsvc.dll 2011-01-19 00:59:23 17920 ----a-w- C:\Windows\SysWow64\netevent.dll 2011-01-19 00:59:23 17920 ----a-w- C:\Windows\System32\netevent.dll 2011-01-19 00:59:23 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-01-19 00:59:23 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-01-19 00:59:23 12288 ----a-w- C:\Windows\System32\sscore.dll 2011-01-19 00:59:08 975360 ----a-w- C:\Windows\System32\inetcomm.dll 2011-01-19 00:59:08 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-01-18 22:15:52 -------- d-----w- C:\Program Files\CCleaner 2011-01-18 22:14:34 -------- d-----w- C:\Program Files (x86)\Ask.com 2011-01-18 22:13:49 -------- d-----w- C:\Program Files (x86)\GRETECH 2011-01-18 22:13:03 -------- d-----w- C:\Users\96\AppData\Roaming\Local 2011-01-18 22:12:35 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2011-01-18 22:12:30 -------- d-----w- C:\Program Files\DivX 2011-01-18 22:12:10 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2011-01-18 22:10:12 -------- d-----w- C:\Program Files (x86)\DivX 2011-01-18 22:08:35 -------- d-----w- C:\PROGRA~3\DivX 2011-01-18 06:55:20 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2011-01-18 06:55:20 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2011-01-18 06:55:20 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2011-01-18 06:55:20 444752 ----a-w- C:\Windows\System32\mscoree.dll 2011-01-18 06:55:20 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2011-01-18 06:55:20 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2011-01-18 06:55:20 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2011-01-18 06:55:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-01-18 06:55:20 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-01-18 06:55:20 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2011-01-18 06:54:08 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-01-18 06:54:04 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-01-18 06:34:25 -------- d-----w- C:\Users\96\AppData\Local\Adobe 2011-01-18 06:29:23 53248 ----a-r- C:\Users\96\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-01-18 06:29:10 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-01-18 06:28:05 -------- d-----w- C:\Users\96\AppData\Roaming\Logishrd 2011-01-18 05:09:23 -------- d-----w- C:\Users\96\AppData\Local\AVG Security Toolbar 2011-01-18 05:08:04 -------- d-----w- C:\Users\96\AppData\Roaming\AVG10 2011-01-18 05:06:37 -------- d--h--w- C:\PROGRA~3\Common Files 2011-01-18 05:06:30 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar 2011-01-18 05:06:22 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2011-01-18 05:05:50 -------- d-----w- C:\Windows\System32\drivers\AVG 2011-01-18 05:05:50 -------- d-----w- C:\PROGRA~3\AVG10 2011-01-18 05:04:41 -------- d-----w- C:\Program Files (x86)\AVG 2011-01-18 04:47:38 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe 2011-01-18 04:46:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-01-18 04:46:28 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-01-18 04:46:10 1927680 ----a-w- C:\Windows\System32\gameux.dll 2011-01-18 04:46:09 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll 2011-01-18 04:46:09 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll 2011-01-18 04:46:09 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll 2011-01-18 04:46:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll 2011-01-18 04:46:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll 2011-01-18 04:46:04 1797120 ----a-w- C:\Windows\System32\msxml6.dll 2011-01-18 04:46:04 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll 2011-01-18 04:44:41 368128 ----a-w- C:\Windows\System32\wmpdxm.dll 2011-01-18 04:43:59 677376 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2011-01-18 04:42:38 772608 ----a-w- C:\Windows\System32\localspl.dll 2011-01-18 04:33:39 72192 ----a-w- C:\Windows\System32\l3codeca.acm 2011-01-18 04:33:39 62464 ----a-w- C:\Windows\SysWow64\l3codeca.acm 2011-01-18 04:33:38 220672 ----a-w- C:\Windows\SysWow64\l3codecp.acm 2011-01-18 04:33:38 181760 ----a-w- C:\Windows\System32\l3codecp.acm 2011-01-18 04:24:43 -------- d-----w- C:\Users\96\AppData\Local\Microsoft Games 2011-01-18 04:09:47 218624 ----a-w- C:\Windows\System32\wintrust.dll 2011-01-18 04:09:47 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2011-01-18 04:09:45 98304 ----a-w- C:\Windows\SysWow64\cabview.dll 2011-01-18 04:09:45 104960 ----a-w- C:\Windows\System32\cabview.dll 2011-01-18 04:02:42 -------- d-----w- C:\PROGRA~3\MFAData 2011-01-18 04:01:46 2621440 ----a-w- C:\Windows\System32\wucltux.dll 2011-01-18 04:00:58 98816 ----a-w- C:\Windows\System32\wudriver.dll 2011-01-18 04:00:58 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll 2011-01-18 03:55:00 36864 ----a-w- C:\Windows\System32\wuapp.exe 2011-01-18 03:55:00 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2011-01-18 03:55:00 185416 ----a-w- C:\Windows\System32\wuwebv.dll 2011-01-18 03:55:00 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2011-01-18 03:28:48 -------- d-----w- C:\Users\96\AppData\Roaming\PictureMover 2011-01-18 03:28:39 -------- d-----w- C:\Users\96\AppData\Local\Hewlett-Packard 2011-01-18 03:24:03 -------- d-----w- C:\Users\96\AppData\Roaming\HP TCS ==================== Find3M ==================== 2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv 2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll 2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll 2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll 2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll 2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll 2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll 2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll 2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll 2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll 2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll 2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll 2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv 2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll 2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll 2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll 2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll 2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll 2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe 2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll 2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll 2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll 2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll 2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll 2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe 2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll 2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll 2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll 2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll 2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll 2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll 2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll 2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll 2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll 2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll 2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll 2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll 2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll 2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec 2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe 2010-12-08 09:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2010-11-12 18:19:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys ============= FINISH: 23:22:56.14 =============== Attach Log: DDS (Ver_10-12-12.02) Microsoft® Windows Vista&#8482; Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/5/2009 11:12:23 AM System Uptime: 2/9/2011 11:06:26 PM (0 hours ago) Motherboard: PEGATRON CORPORATION | | VIOLET Processor: AMD Phenom(tm) 9550 Quad-Core Processor | CPU 1 | 2200/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 918 GiB total, 705.405 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.812 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP7: 1/17/2011 11:00:34 PM - Windows Update RP8: 1/17/2011 11:09:48 PM - Windows Update RP9: 1/17/2011 11:21:55 PM - Installed RP10: 1/17/2011 11:22:28 PM - Installed RP17: 1/17/2011 11:59:07 PM - Windows Update RP18: 1/18/2011 12:32:35 AM - Windows Update RP19: 1/18/2011 1:35:27 AM - Installed Adobe Reader X. RP20: 1/18/2011 1:51:39 AM - Windows Update RP21: 1/18/2011 1:52:54 AM - Windows Update RP22: 1/18/2011 1:54:31 AM - Windows Update RP23: 1/18/2011 4:23:45 PM - Windows Update RP24: 1/18/2011 9:07:16 PM - Windows Update RP25: 1/18/2011 9:51:06 PM - Windows Update RP26: 1/18/2011 10:01:21 PM - Windows Update RP27: 1/19/2011 7:31:46 PM - Windows Update RP28: 1/22/2011 4:20:27 PM - Scheduled Checkpoint RP29: 1/23/2011 11:29:24 AM - Scheduled Checkpoint RP30: 1/24/2011 7:12:42 PM - Scheduled Checkpoint RP31: 1/25/2011 6:53:30 PM - Scheduled Checkpoint RP32: 1/26/2011 4:28:10 PM - Scheduled Checkpoint RP33: 1/26/2011 5:36:24 PM - Removed GOM Player + Ask Toolbar. RP34: 1/27/2011 4:35:42 PM - Windows Update RP35: 1/28/2011 7:13:55 PM - Windows Update RP36: 1/29/2011 10:41:24 AM - Scheduled Checkpoint RP37: 1/30/2011 8:27:46 AM - Scheduled Checkpoint RP38: 1/30/2011 5:50:45 PM - Installed Microsoft Office Home and Student 2007 RP39: 1/31/2011 6:29:15 PM - Scheduled Checkpoint RP40: 2/1/2011 6:04:01 PM - Scheduled Checkpoint RP41: 2/2/2011 7:07:36 PM - Scheduled Checkpoint RP42: 2/3/2011 6:44:00 PM - Scheduled Checkpoint RP43: 2/5/2011 12:21:16 AM - Scheduled Checkpoint RP44: 2/5/2011 6:31:48 PM - Windows Update RP45: 2/5/2011 7:31:01 PM - Windows Update RP46: 2/6/2011 3:13:00 PM - Windows Update RP47: 2/7/2011 7:49:02 PM - avast! Free Antivirus Setup RP48: 2/8/2011 6:41:46 PM - Windows Update RP49: 2/9/2011 8:07:57 PM - Scheduled Checkpoint ==== Installed Programs ====================== ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader X (10.0.1) Ask Toolbar avast! Free Antivirus Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe D3DX10 DivX Setup Enhanced Multimedia Keyboard Solution eReg GOM Player Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Easy Backup HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP Picasso Media Center Add-In HP Recovery Manager RSS HP Total Care Advisor HP Total Care Setup HP Update HPAsset component for HP Active Support Library Java(TM) 6 Update 7 Junk Mail filter update LabelPrint LightScribe System Software 1.14.25.1 LightScribe Template Labeler Malwarebytes' Anti-Malware Mesh Runtime Messenger Companion Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Mozilla Firefox (3.6.13) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal PictureMover Power2Go PowerDirector Python 2.5.2 Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Segoe UI sp44626 Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.4053 Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Event Viewer Messages From Past Week ======== 2/9/2011 6:59:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 2/9/2011 6:59:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/9/2011 6:59:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error &quot;1053&quot; attempting to start the service WSearch with arguments &quot;&quot; in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/9/2011 11:08:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt ==== End Of File =========================== GMER log: Nothing found, no *.txt file or contents to copy to a *.txt
     
  2. Jbcurt00

    Jbcurt00 Thread Starter

    Joined:
    Feb 9, 2011
    Messages:
    5
    I now have my work laptop at home too, for following advice & posting to forum.

    Also, why did my post have punctuation & 'returns' removed? Making it a big run-on?
     
  3. Jbcurt00

    Jbcurt00 Thread Starter

    Joined:
    Feb 9, 2011
    Messages:
    5
    Thanks Byteman
    jbc
     
  4. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    No it didn't I was still trying when you posted....either I had edited the wrong post, removing your original log files...or you did, while I was trying to remove what I was trying, that did not work..... the logs are still running on together

    I think we should just wait for a helper to get to you. I cannot-

    Please leave the text posted.....there may be an easy way to straigten it out. Usually, it is the Format tab in either Notepad or whatever text editor you used to save those logs in....

    The "Word Wrap" setting may need to be checked or UNchecked, I tried it here but saving it either way in WordPad, Notepad, or as Rich Text did not change the unformatting condition.....did you use MS Word or something?
     
  5. Jbcurt00

    Jbcurt00 Thread Starter

    Joined:
    Feb 9, 2011
    Messages:
    5
    No MS Word, used notepad that opened when the scans were done & populated the field automatically. I just copied the text out of those files. It was formatted the same as other posts when I inserted text into the forum's message board field. Remained that way when I previewed my post. Something changed after I posted message. Thanks anyway....
     
  6. Jbcurt00

    Jbcurt00 Thread Starter

    Joined:
    Feb 9, 2011
    Messages:
    5
    Byteman
    Please delete this post if possible. Lots of subject views no further advice. I will try & re-post w/ punctuation later tonight. AVG rescue CD (updated to current Rev) booting from a usb drive found no rootkits. Re-scanned w/ regular AVG & found same 5 rootkits. Unable to delete them, modules different....Re-scanned 2nd time with hidden files 'unhidden' & system files shown..

    Maybe a fresh start from scratch will help get them removed.
    JBC
     
  7. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    We don't delete threads but I will Close it for you. You can open a new thread if you wish.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/979952