1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TR/Rootkit.Gen3 Ruining My Online College Classes

Discussion in 'Virus & Other Malware Removal' started by trepiechick, Sep 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    For the past few weeks I've noticed a great increase in the number of viruses and attempts to access my computer. It wasn't until I ran Avira recovery CD that it found what I'm hoping is the problem. Apparently the isapnp.sys is infected and Avira is unable to repair it. Now however, I can no longer use any internet browser and Windows freezes at the welcome screen. Thankfully safe mode works, and on the off chance that Windows does start normally, explorer encounters an error, and Norton sometimes brings up an alert that something called "Downloader" was found. Luckily I was able to run a Hijackthis, DDS, and Gmer scan while in normal mode, but I'm not sure how long normal mode will continue to work.

    I'd be very grateful if someone could help me; I use this laptop for college. Three of my classes are online, and if this doesn't get fixed, I'm screwed!


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:34:54 AM, on 9/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Documents and Settings\Kathleen\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080618
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=6080618
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Lwehatodejexijok] rundll32.exe "C:\WINDOWS\ivicevenupehuk.dll",Startup
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kathleen Guilford\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\Run: [Evaxal] rundll32.exe "C:\WINDOWS\mapshtl3.dll",Startup
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215051145953
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O18 - Filter hijack: text/html - {9136ac71-6f4b-4c43-a4d0-b05ec242044e} - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16126 bytes


    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Kathleen at 0:35:20.23 on Mon 09/27/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1200 [GMT -4:00]

    AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wscntfy.exe
    svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Documents and Settings\Kathleen\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080618
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\documents and settings\kathleen\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    uRun: [Evaxal] rundll32.exe "c:\windows\mapshtl3.dll",Startup
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [TkBellExe] "realsched.exe" -osboot
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Lwehatodejexijok] rundll32.exe "c:\windows\ivicevenupehuk.dll",Startup
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215051145953
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\CoIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 wvauth

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-5 218592]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-10 310320]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-11 11608]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-10 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-27 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100924.001\IDSXpx86.sys [2010-9-24 331640]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-11 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-11 267432]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-11 60936]
    R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
    R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2009-3-29 137344]
    R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-10 117640]
    R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2009-3-29 12032]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100926.003\NAVENG.SYS [2010-9-26 85424]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100926.003\NAVEX15.SYS [2010-9-26 1362608]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-24 102448]
    S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-18 30192]
    S3 musbehco;musbehco;\??\c:\docume~1\kathle~1\locals~1\temp\musbehco.sys --> c:\docume~1\kathle~1\locals~1\temp\musbehco.sys [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
    S3 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

    ============== File Associations ===============

    regfile=*** no open command defined ***

    =============== Created Last 30 ================

    2010-09-27 00:25 <DIR> --dsh--- C:\found.001
    2010-09-26 04:03 0 a------- c:\windows\Wluzeroqaxac.bin
    2010-09-26 04:03 120 a------- c:\windows\Btitanunevifohah.dat
    2010-09-22 10:28 <DIR> --d----- c:\program files\Veoh Networks
    2010-09-16 16:27 <DIR> --dsh--- C:\found.000
    2010-09-16 11:08 37,248 a------- c:\windows\system32\drivers\isapnp.sys
    2010-09-11 08:44 <DIR> --d----- c:\docume~1\kathle~1\applic~1\Avira
    2010-09-11 08:11 <DIR> --d----- c:\windows\system32\NtmsData
    2010-09-11 08:02 60,936 a------- c:\windows\system32\drivers\avgntflt.sys
    2010-09-11 08:02 <DIR> --d----- c:\program files\Avira
    2010-09-11 08:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
    2010-09-11 01:44 664 a------- c:\windows\system32\d3d9caps.dat
    2010-09-10 08:01 <DIR> --d----- c:\windows\Royal Trouble
    2010-09-10 03:03 36,053 a------- c:\windows\system32\nvModes.001
    2010-09-10 03:03 36,053 a------- c:\windows\system32\nvModes.dat
    2010-09-10 02:58 232,968 a------- c:\windows\system32\nvdrsdb0.bin
    2010-09-10 02:58 232,968 a------- c:\windows\system32\nvdrsdb1.bin
    2010-09-10 02:58 1 a------- c:\windows\system32\nvdrssel.bin
    2010-09-10 02:58 0 a------- c:\windows\system32\nvdrswr.lk
    2010-09-10 02:58 <DIR> --d----- c:\program files\NVIDIA Corporation
    2010-09-10 02:57 61,440 a------- c:\windows\system32\OpenCL.dll
    2010-09-10 02:57 2,914,408 a------- c:\windows\system32\nvcuvid.dll
    2010-09-10 02:57 2,506,344 a------- c:\windows\system32\nvcuvenc.dll
    2010-09-10 02:57 10,260,480 a------- c:\windows\system32\nvcompiler.dll
    2010-09-10 02:57 4,595,712 a------- c:\windows\system32\nvcuda.dll
    2010-09-10 02:57 2,195,030 a------- c:\windows\system32\nvdata.bin
    2010-09-10 02:56 111,544 a------- c:\windows\system32\nvapps.xml
    2010-09-10 02:55 <DIR> --d----- c:\windows\nview
    2010-09-07 16:13 <DIR> -cd----- C:\ProgramData
    2010-09-04 16:33 <DIR> --d----- c:\program files\iPod
    2010-09-04 16:33 <DIR> --d----- c:\program files\iTunes
    2010-09-04 01:34 <DIR> -cd----- C:\RESOURCE
    2010-09-04 01:31 <DIR> -cd----- C:\PHANTOM
    2010-09-03 13:21 <DIR> --d----- c:\docume~1\kathle~1\applic~1\Uniblue
    2010-09-02 20:19 0 a------- c:\windows\Secrets.INI
    2010-09-02 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-09-02 00:29 <DIR> --d----- c:\program files\Gravity

    ==================== Find3M ====================

    2010-08-28 02:36 4,620 a------- c:\windows\XChange.dat
    2010-07-09 18:38 13,549,568 a------- c:\windows\system32\nvoglnt.dll
    2010-07-09 18:38 10,604,128 a------- c:\windows\system32\dllcache\nv4_mini.sys
    2010-07-09 18:38 6,343,040 a------- c:\windows\system32\nv4_disp.dll
    2010-07-09 18:38 6,343,040 a------- c:\windows\system32\dllcache\nv4_disp.dll
    2010-07-09 18:38 1,388,544 a------- c:\windows\system32\nvapi.dll
    2010-07-09 18:38 604,776 a------- c:\windows\system32\nvudisp.exe
    2010-07-09 18:38 236,136 a------- c:\windows\system32\nvcodins.dll
    2010-07-09 18:38 236,136 a------- c:\windows\system32\nvcod.dll
    2010-07-09 16:24 81,920 a------- c:\windows\system32\nvwddi.dll
    2010-07-09 16:24 274,432 a------- c:\windows\system32\nvrsnl.dll
    2010-07-09 16:24 274,432 a------- c:\windows\system32\nvrsesm.dll
    2010-07-09 16:24 253,952 a------- c:\windows\system32\nvrssv.dll
    2010-07-09 16:24 13,923,432 a------- c:\windows\system32\nvcpl.dll
    2010-07-09 16:24 277,608 a------- c:\windows\system32\nvmccs.dll
    2010-07-09 16:24 155,752 a------- c:\windows\system32\nvsvc32.exe
    2010-07-09 16:24 145,000 a------- c:\windows\system32\nvcolor.exe
    2010-07-09 16:24 110,696 a------- c:\windows\system32\nvmctray.dll
    2010-07-07 14:03 604,776 a------- c:\windows\system32\NVUNINST.EXE
    2008-07-25 20:56 0 ac------ c:\program files\temp01
    2002-07-01 10:13 224 a--sh--- c:\docume~1\kathle~1\applic~1\brun_nbeta12.dat
    2008-07-03 00:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070320080704\index.dat

    ============= FINISH: 0:37:20.98 ===============


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-27 10:06:22
    Windows 5.1.2600 Service Pack 3
    Running: cllkcd1j.exe; Driver: C:\DOCUME~1\KATHLE~1\LOCALS~1\Temp\pxrdrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A182650 ZwAlertResumeThread
    SSDT 8A154650 ZwAlertThread
    SSDT 898FBCB8 ZwAllocateVirtualMemory
    SSDT 8A145050 ZwAssignProcessToJobObject
    SSDT 8A600BD8 ZwConnectPort
    SSDT B8713286 ZwCreateKey
    SSDT 898B1058 ZwCreateMutant
    SSDT 898B60E8 ZwCreateSymbolicLinkObject
    SSDT B871327C ZwCreateThread
    SSDT 8A606050 ZwDebugActiveProcess
    SSDT B871328B ZwDeleteKey
    SSDT B8713295 ZwDeleteValueKey
    SSDT 899064A8 ZwDuplicateObject
    SSDT splr.sys ZwEnumerateKey [0xB7ECDDA4]
    SSDT splr.sys ZwEnumerateValueKey [0xB7ECE132]
    SSDT 898ADCB8 ZwFreeVirtualMemory
    SSDT 8A17D650 ZwImpersonateAnonymousToken
    SSDT 8A6EA650 ZwImpersonateThread
    SSDT 8A5D1D00 ZwLoadDriver
    SSDT B871329A ZwLoadKey
    SSDT 898AC6B0 ZwMapViewOfSection
    SSDT 8A44B4B8 ZwOpenEvent
    SSDT splr.sys ZwOpenKey [0xB7EB50C0]
    SSDT B8713268 ZwOpenProcess
    SSDT 8A4A14E0 ZwOpenProcessToken
    SSDT 8A44E250 ZwOpenSection
    SSDT B871326D ZwOpenThread
    SSDT 898B61B8 ZwProtectVirtualMemory
    SSDT splr.sys ZwQueryKey [0xB7ECE20A]
    SSDT splr.sys ZwQueryValueKey [0xB7ECE08A]
    SSDT B87132A4 ZwReplaceKey
    SSDT B871329F ZwRestoreKey
    SSDT 8A4A2498 ZwResumeThread
    SSDT 8A146650 ZwSetContextThread
    SSDT 898AB3D8 ZwSetInformationProcess
    SSDT 8A172050 ZwSetSystemInformation
    SSDT B8713290 ZwSetValueKey
    SSDT 8A453650 ZwSuspendProcess
    SSDT 8A5DA650 ZwSuspendThread
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAD58F620]
    SSDT 8A351650 ZwTerminateThread
    SSDT 8A352650 ZwUnmapViewOfSection
    SSDT 898ADD88 ZwWriteVirtualMemory

    INT 0x62 ? 8A95FBF8
    INT 0x63 ? 8A95FBF8
    INT 0x84 ? 8A71DF00
    INT 0x94 ? 8A71DF00
    INT 0x94 ? 8A71DF00
    INT 0x94 ? 8A71DF00
    INT 0xA4 ? 8A71DF00
    INT 0xA4 ? 8A71DF00
    INT 0xA4 ? 8A71DF00
    INT 0xA4 ? 8A71DF00

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C94 80504530 8 Bytes CALL FCD9D095
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 6 Bytes [50, 36, 45, 8A, 50, A6]
    ? splr.sys The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB58383A0, 0x59FFE5, 0xE8000020]
    .text USBPORT.SYS!DllUnload B58188AC 5 Bytes JMP 8A71D4E0
    .reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xABEEF480, 0x306DD, 0xE0000060]
    .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xABE3C300, 0x3B638, 0xE8000020]
    .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xADA49300, 0x1BEE, 0xE8000020]
    .text C:\WINDOWS\system32\DRIVERS\litsgt.sys section is writeable [0xABC62300, 0x1F510, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E1000A
    .text C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E2000A
    .text C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E0000C
    .text C:\WINDOWS\System32\svchost.exe[1584] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 018B000A
    .text C:\WINDOWS\System32\svchost.exe[1584] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
    .text C:\WINDOWS\Explorer.EXE[1824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA000A
    .text C:\WINDOWS\Explorer.EXE[1824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D3000A
    .text C:\WINDOWS\Explorer.EXE[1824] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C9000C

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A95E1F8

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBPDO-0 8A71E500
    Device \Driver\usbuhci \Device\USBPDO-1 8A71E500
    Device \Driver\usbehci \Device\USBPDO-2 8A716500
    Device \Driver\usbuhci \Device\USBPDO-3 8A71E500
    Device \Driver\usbuhci \Device\USBPDO-4 8A71E500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{1A02121C-37F3-4F67-9752-FA489D55DA5A} 8A1801F8

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBPDO-5 8A71E500
    Device \Driver\usbehci \Device\USBPDO-6 8A716500
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9D11F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A9D11F8
    Device \Driver\Cdrom \Device\CdRom0 8A670500
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8A9D11F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DF1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B7DF1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7DF1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1801F8
    Device \Driver\NetBT \Device\NetbiosSmb 8A1801F8

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBFDO-0 8A71E500
    Device \Driver\usbuhci \Device\USBFDO-1 8A71E500
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A6331F8
    Device \Driver\usbehci \Device\USBFDO-2 8A716500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A6331F8
    Device \Driver\usbuhci \Device\USBFDO-3 8A71E500
    Device \Driver\USBSTOR \Device\000000bb 8A1271F8
    Device \Driver\usbuhci \Device\USBFDO-4 8A71E500
    Device \Driver\Ftdisk \Device\FtControl 8A9D11F8
    Device \Driver\usbuhci \Device\USBFDO-5 8A71E500
    Device \Driver\USBSTOR \Device\000000bd 8A1271F8
    Device \Driver\usbehci \Device\USBFDO-6 8A716500
    Device \FileSystem\Fastfat \Fat 88CDD1F8
    Device \FileSystem\Fastfat \Fat A9204297

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 8986C1F8
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x13 0x8F 0xAF 0xDB ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD6 0x21 0x76 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x68 0x5D 0x60 0x95 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0xB2 0x2F 0x8C 0x79 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x11 0xE4 0xCF 0x82 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x83 0x92 0x65 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x74 0x76 0xD9 0x22 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD6 0x21 0x76 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x68 0x5D 0x60 0x95 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xB2 0x2F 0x8C 0x79 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x11 0xE4 0xCF 0x82 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x83 0x92 0x65 0xC1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x74 0x76 0xD9 0x22 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD6 0x21 0x76 0xF9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x68 0x5D 0x60 0x95 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xB2 0x2F 0x8C 0x79 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x11 0xE4 0xCF 0x82 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x83 0x92 0x65 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x74 0x76 0xD9 0x22 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD6 0x21 0x76 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x68 0x5D 0x60 0x95 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xB2 0x2F 0x8C 0x79 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x11 0xE4 0xCF 0x82 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x83 0x92 0x65 0xC1 ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
  3. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    Please help!
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  5. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    Thank you so much for your time! Now however, when I start the laptop in normal mode, and if it gets past the welcome screen, explorer doesn't start at all. Is there some way I can get it to work, or would it be all right for me to run ComboFix in safe mode?
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Yes, Please run it in safe mode
     
  7. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    No icons appear on my task bar in safe mode, and I'm not quite sure how to disable Norton and Avira since their programs aren't showing up in the task manager nor am I able to activate Norton in safe mode.
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Uninstall one of them, having two AV's causes system slowdowns, conflicts and crashes, then proceed with the other, try opening the security center for the other AV in safe mode and turn off real time protection

    if you still can't disable it, run ComboFix in safe mode, it should be OK
     
  9. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    Well since it couldn't connect to the internet in safe mode, it couldn't download the Windows Recovery Console, but it's scanning right now. So far it's said that it found rootkit activity in C:\WINDOWS\system32\DRIVERS\atapi.sys and then I needed to restart, but it restarted in normal mode. It then beeped loudly every few seconds and showed a blank error window before shutting down.
     
  10. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    Here's the log:


    ComboFix 10-10-01.07 - Kathleen 10/02/2010 19:54:50.1.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1770 [GMT -4:00]
    Running from: c:\documents and settings\Kathleen\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Documents\Server\admin.txt
    c:\documents and settings\All Users\Documents\Server\server.dat
    c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
    c:\documents and settings\Kathleen\Application Data\.#
    c:\documents and settings\Kathleen\Local Settings\Application Data\{5D00AE96-12F6-48FB-A0D0-AB167791953C}
    c:\documents and settings\Kathleen\Local Settings\Application Data\{5D00AE96-12F6-48FB-A0D0-AB167791953C}\chrome.manifest
    c:\documents and settings\Kathleen\Local Settings\Application Data\{5D00AE96-12F6-48FB-A0D0-AB167791953C}\chrome\content\_cfg.js
    c:\documents and settings\Kathleen\Local Settings\Application Data\{5D00AE96-12F6-48FB-A0D0-AB167791953C}\chrome\content\overlay.xul
    c:\documents and settings\Kathleen\Local Settings\Application Data\{5D00AE96-12F6-48FB-A0D0-AB167791953C}\install.rdf
    C:\Install.exe
    c:\windows\ivicevenupehuk.dll
    c:\windows\mapshtl3.dll

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
    .

    2010-09-27 04:25 . 2010-09-27 04:25 -------- d-----w- C:\found.001
    2010-09-26 13:23 . 2010-09-26 13:22 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
    2010-09-26 13:23 . 2010-09-26 13:23 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-09-26 13:23 . 2010-09-26 13:23 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-09-26 13:23 . 2010-09-26 13:23 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-09-26 08:03 . 2010-10-02 23:22 0 ----a-w- c:\windows\Wluzeroqaxac.bin
    2010-09-26 08:03 . 2010-09-26 08:03 120 ----a-w- c:\windows\Btitanunevifohah.dat
    2010-09-22 14:28 . 2010-09-22 14:28 -------- d-----w- c:\program files\Veoh Networks
    2010-09-16 20:27 . 2010-09-16 20:27 -------- d-----w- C:\found.000
    2010-09-16 15:08 . 2008-04-14 00:06 37248 -c--a-w- c:\windows\system32\drivers\isapnp.sys
    2010-09-11 12:44 . 2010-09-11 12:44 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Avira
    2010-09-11 12:11 . 2010-09-26 13:28 -------- d-----w- c:\windows\system32\NtmsData
    2010-09-11 12:02 . 2010-03-01 14:05 124784 -c--a-w- c:\windows\system32\drivers\avipbb.sys
    2010-09-11 12:02 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-11 12:02 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-09-11 12:02 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-09-11 12:02 . 2010-09-11 12:02 -------- d-----w- c:\program files\Avira
    2010-09-11 12:02 . 2010-09-11 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-09-11 06:10 . 2010-09-11 06:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-09-11 05:44 . 2010-09-26 12:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-10 12:01 . 2010-09-10 12:01 -------- d-----w- c:\windows\Royal Trouble
    2010-09-10 07:03 . 2010-09-25 13:51 36053 ----a-w- c:\windows\system32\nvModes.dat
    2010-09-10 06:58 . 2010-09-10 06:58 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-09-10 06:58 . 2010-09-10 06:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-09-10 06:58 . 2010-09-10 06:58 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-09-10 06:58 . 2010-09-10 06:59 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-09-10 06:57 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-09-10 06:57 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-09-10 06:57 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-09-10 06:57 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
    2010-09-10 06:57 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-09-10 06:57 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
    2010-09-10 06:55 . 2010-09-10 07:02 -------- d-----w- c:\windows\nview
    2010-09-07 20:13 . 2010-09-22 04:51 -------- dc----w- C:\ProgramData
    2010-09-04 20:33 . 2010-09-04 20:33 -------- d-----w- c:\program files\iPod
    2010-09-04 20:33 . 2010-09-04 20:34 -------- d-----w- c:\program files\iTunes
    2010-09-04 20:28 . 2010-09-04 20:29 -------- d-----w- c:\program files\QuickTime
    2010-09-04 20:20 . 2010-09-04 20:20 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
    2010-09-04 05:34 . 2009-03-07 05:40 -------- dc----w- C:\RESOURCE
    2010-09-04 05:31 . 2010-09-04 05:40 -------- dc----w- C:\PHANTOM
    2010-09-03 17:21 . 2010-09-03 17:21 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Uniblue

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-02 22:14 . 2008-07-03 00:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-10-02 21:59 . 2008-09-30 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-10-02 21:58 . 2008-07-03 00:38 -------- d-----w- c:\program files\Symantec
    2010-09-26 13:24 . 2010-05-15 13:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-09-26 13:23 . 2010-05-15 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-09-26 13:23 . 2010-03-14 11:33 -------- d-----w- c:\program files\DivX
    2010-09-26 13:23 . 2010-05-26 04:06 63488 ----a-w- c:\documents and settings\Kathleen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-26 13:23 . 2009-12-06 10:30 117760 ----a-w- c:\documents and settings\Kathleen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-26 13:22 . 2010-05-15 13:37 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-09-26 13:22 . 2010-05-15 13:36 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-09-26 13:22 . 2010-05-15 13:37 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-09-18 13:27 . 2008-07-14 00:30 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Apple Computer
    2010-09-16 19:49 . 2008-10-03 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-09-16 19:21 . 2010-07-10 10:46 -------- d-----w- c:\program files\Games
    2010-09-09 00:33 . 2009-08-02 22:15 -------- d-----w- c:\program files\7-Zip
    2010-09-08 01:47 . 2009-08-11 08:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-04 20:33 . 2008-07-14 00:28 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-02 21:44 . 2010-03-05 23:46 -------- d-----w- c:\documents and settings\Kathleen\Application Data\vlc
    2010-09-02 21:26 . 2010-09-02 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-09-02 04:29 . 2010-09-02 04:29 -------- d-----w- c:\program files\Gravity
    2010-09-02 04:29 . 2008-06-18 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-31 07:58 . 2009-11-06 01:06 -------- d-----w- c:\program files\Common Files\BioWare
    2010-08-28 06:36 . 2010-08-27 03:41 4620 ----a-w- c:\windows\XChange.dat
    2010-08-28 03:17 . 2009-12-06 10:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-08-27 17:43 . 2009-11-06 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
    2010-08-27 17:18 . 2010-08-27 16:19 -------- d-----w- c:\program files\Dragon Age
    2010-08-27 16:55 . 2009-11-06 01:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-21 07:23 . 2009-09-16 08:10 -------- d-----w- c:\program files\Shockwave.com
    2010-08-20 19:04 . 2008-10-03 04:41 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Yahoo!
    2010-08-19 19:03 . 2010-08-19 19:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2010-08-19 04:49 . 2009-12-24 22:07 -------- d-----w- c:\program files\CCleaner
    2010-08-18 19:05 . 2010-08-18 03:30 -------- d-----w- c:\documents and settings\Kathleen\Application Data\RenPy
    2010-08-18 19:05 . 2010-08-18 19:05 -------- d-----w- c:\program files\Bionic Heart
    2010-08-13 03:25 . 2010-07-28 23:55 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
    2010-08-13 03:13 . 2008-06-18 21:31 -------- d-----w- c:\program files\Microsoft.NET
    2010-08-13 03:09 . 2008-06-18 21:41 -------- d-----w- c:\program files\Microsoft Small Business
    2010-07-24 03:30 . 2010-07-24 03:30 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    2010-07-24 03:30 . 2010-07-24 03:30 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
    2010-07-24 03:30 . 2010-07-24 03:30 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
    2010-07-24 03:30 . 2010-07-24 03:30 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
    2010-07-24 03:30 . 2010-07-24 03:30 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
    2010-07-24 03:29 . 2010-07-24 03:29 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
    2010-07-09 22:38 . 2008-06-18 20:53 604776 ----a-w- c:\windows\system32\nvudisp.exe
    2010-07-09 22:38 . 2008-06-18 20:47 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-07-09 22:38 . 2008-06-18 20:47 236136 ----a-w- c:\windows\system32\nvcodins.dll
    2010-07-09 22:38 . 2008-06-18 20:47 236136 ----a-w- c:\windows\system32\nvcod.dll
    2010-07-09 22:38 . 2008-06-18 20:47 1388544 ----a-w- c:\windows\system32\nvapi.dll
    2010-07-09 22:38 . 2004-08-10 17:59 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-07-09 22:38 . 2004-08-10 17:59 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-07-09 20:24 . 2010-07-09 20:24 274432 ----a-w- c:\windows\system32\nvrsnl.dll
    2010-07-09 20:24 . 2010-07-09 20:24 274432 ----a-w- c:\windows\system32\nvrsesm.dll
    2010-07-09 20:24 . 2010-07-09 20:24 253952 ----a-w- c:\windows\system32\nvrssv.dll
    2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
    2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-07-07 18:03 . 2008-10-10 22:07 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
    2008-07-26 00:56 . 2008-07-26 00:56 0 -c--a-w- c:\program files\temp01
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\Kathleen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="realsched.exe -osboot" [X]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-06-16 738776]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="NvMCTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-18 50688]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
    2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-08-02 21:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
    "c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "57113:TCP"= 57113:TCP:pando Media Booster
    "57113:UDP"= 57113:UDP:pando Media Booster

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/5/2010 7:43 PM 218592]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
    S2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [1/23/2008 4:19 AM 501560]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/11/2010 8:02 AM 135336]
    S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 1:57 PM 135664]
    S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 1:51 PM 14336]
    S2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [3/29/2009 1:45 PM 137344]
    S2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [3/29/2009 1:45 PM 12032]
    S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 1:50 PM 5120]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
    S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/18/2008 5:36 PM 30192]
    S3 musbehco;musbehco;\??\c:\docume~1\KATHLE~1\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\KATHLE~1\LOCALS~1\Temp\musbehco.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2008 1:57 AM 691696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:57]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:57]

    2010-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872132856-1609978231-1670840034-1009Core.job
    - c:\documents and settings\Kathleen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 21:12]

    2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872132856-1609978231-1670840034-1009UA.job
    - c:\documents and settings\Kathleen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 21:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080618
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-Evaxal - c:\windows\mapshtl3.dll
    HKLM-Run-Lwehatodejexijok - c:\windows\ivicevenupehuk.dll
    AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-02 20:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2872132856-1609978231-1670840034-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:63,90,bd,a5,d1,42,4a,3d,de,6b,42,8a,fb,f9,66,7b,15,01,aa,f8,5e,c9,f8,
    21,31,09,36,03,bb,25,ba,5b,a8,6e,bd,ed,ce,e9,07,dc,3e,88,17,e8,72,09,4b,32,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_USERS\S-1-5-21-2872132856-1609978231-1670840034-1009\Software\SecuROM\License information*]
    "datasecu"=hex:6e,2b,c3,fe,3a,f0,a9,97,fd,5c,b9,24,1c,a4,1b,87,bc,e5,b3,7b,7c,
    78,1a,75,ac,93,0a,be,e3,70,e2,b5,1f,df,d2,88,97,93,e8,fa,b9,55,51,ff,39,b7,\
    "rkeysecu"=hex:15,39,58,07,c1,70,41,e5,9e,b0,37,20,d6,8e,4b,15

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(240)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\System32\BCMLogon.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

    - - - - - - - > 'lsass.exe'(296)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    Completion time: 2010-10-02 20:22:37
    ComboFix-quarantined-files.txt 2010-10-03 00:22

    Pre-Run: 23,491,854,336 bytes free
    Post-Run: 24,230,391,808 bytes free

    Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - C9A42123853A09A01F36E572857D9A05
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/7626584-post10.html
    
    Collect::
    c:\windows\Btitanunevifohah.dat
    c:\docume~1\KATHLE~1\LOCALS~1\Temp\musbehco.sys
    
    File::
    c:\windows\Wluzeroqaxac.bin
    
    Driver::
    musbehco
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



    NEXT



    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Run an on-line scan with Kaspersky

    Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.
    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    3. Click Run at the Security prompt.
    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.

      [​IMG]
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
     
  12. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    Well I can't get online to do the last step, but I'll do the other two and post the results tomorrow. Thanks again for all your help!
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    what happens when you try and connect?

    have you tried to repair the connection?

    if your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

    [​IMG]

    If you have no task bar icon do this:

    • Click on the Start button.
    • Click on the Settings menu option.
    • Click on the Control Panel option.
    • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
    • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
    • click on the Repair menu option.

    [​IMG]

    Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.
     
  14. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    In safe mode with networking I tried to repair both the Local Connection and the Wireless Connection but was unable to.
     
  15. trepiechick

    trepiechick Thread Starter

    Joined:
    Sep 26, 2010
    Messages:
    14
    ComboFix 10-10-01.07 - Kathleen 10/03/2010 12:59:49.1.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1749 [GMT -4:00]
    Running from: c:\documents and settings\Kathleen\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Kathleen\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\Wluzeroqaxac.bin"

    file zipped: c:\windows\Btitanunevifohah.dat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Btitanunevifohah.dat
    c:\windows\Wluzeroqaxac.bin

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MUSBEHCO
    -------\Service_musbehco


    ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
    .

    2010-09-27 04:25 . 2010-09-27 04:25 -------- d-----w- C:\found.001
    2010-09-26 13:23 . 2010-09-26 13:22 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
    2010-09-26 13:23 . 2010-09-26 13:23 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-09-26 13:23 . 2010-09-26 13:23 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-09-26 13:23 . 2010-09-26 13:23 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-09-22 14:28 . 2010-09-22 14:28 -------- d-----w- c:\program files\Veoh Networks
    2010-09-16 20:27 . 2010-09-16 20:27 -------- d-----w- C:\found.000
    2010-09-16 15:08 . 2008-04-14 00:06 37248 -c--a-w- c:\windows\system32\drivers\isapnp.sys
    2010-09-11 12:44 . 2010-09-11 12:44 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Avira
    2010-09-11 12:11 . 2010-09-26 13:28 -------- d-----w- c:\windows\system32\NtmsData
    2010-09-11 12:02 . 2010-03-01 14:05 124784 -c--a-w- c:\windows\system32\drivers\avipbb.sys
    2010-09-11 12:02 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-11 12:02 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-09-11 12:02 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-09-11 12:02 . 2010-09-11 12:02 -------- d-----w- c:\program files\Avira
    2010-09-11 12:02 . 2010-09-11 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-09-11 06:10 . 2010-09-11 06:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-09-11 05:44 . 2010-09-26 12:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-10 12:01 . 2010-09-10 12:01 -------- d-----w- c:\windows\Royal Trouble
    2010-09-10 07:03 . 2010-09-25 13:51 36053 ----a-w- c:\windows\system32\nvModes.dat
    2010-09-10 06:58 . 2010-09-10 06:58 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-09-10 06:58 . 2010-09-10 06:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-09-10 06:58 . 2010-09-10 06:58 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-09-10 06:58 . 2010-09-10 06:59 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-09-10 06:57 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-09-10 06:57 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-09-10 06:57 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-09-10 06:57 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
    2010-09-10 06:57 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-09-10 06:57 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
    2010-09-10 06:55 . 2010-09-10 07:02 -------- d-----w- c:\windows\nview
    2010-09-07 20:13 . 2010-09-22 04:51 -------- dc----w- C:\ProgramData
    2010-09-04 20:33 . 2010-09-04 20:33 -------- d-----w- c:\program files\iPod
    2010-09-04 20:33 . 2010-09-04 20:34 -------- d-----w- c:\program files\iTunes
    2010-09-04 20:28 . 2010-09-04 20:29 -------- d-----w- c:\program files\QuickTime
    2010-09-04 20:20 . 2010-09-04 20:20 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
    2010-09-04 05:34 . 2009-03-07 05:40 -------- dc----w- C:\RESOURCE
    2010-09-04 05:31 . 2010-09-04 05:40 -------- dc----w- C:\PHANTOM
    2010-09-03 17:21 . 2010-09-03 17:21 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Uniblue

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-02 22:14 . 2008-07-03 00:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-10-02 21:59 . 2008-09-30 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-10-02 21:58 . 2008-07-03 00:38 -------- d-----w- c:\program files\Symantec
    2010-09-26 13:24 . 2010-05-15 13:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-09-26 13:23 . 2010-05-15 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-09-26 13:23 . 2010-03-14 11:33 -------- d-----w- c:\program files\DivX
    2010-09-26 13:23 . 2010-05-26 04:06 63488 ----a-w- c:\documents and settings\Kathleen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-26 13:23 . 2009-12-06 10:30 117760 ----a-w- c:\documents and settings\Kathleen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-26 13:22 . 2010-05-15 13:37 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-09-26 13:22 . 2010-05-15 13:36 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-09-26 13:22 . 2010-05-15 13:37 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-09-18 13:27 . 2008-07-14 00:30 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Apple Computer
    2010-09-16 19:49 . 2008-10-03 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-09-16 19:21 . 2010-07-10 10:46 -------- d-----w- c:\program files\Games
    2010-09-09 00:33 . 2009-08-02 22:15 -------- d-----w- c:\program files\7-Zip
    2010-09-08 01:47 . 2009-08-11 08:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-04 20:33 . 2008-07-14 00:28 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-02 21:44 . 2010-03-05 23:46 -------- d-----w- c:\documents and settings\Kathleen\Application Data\vlc
    2010-09-02 21:26 . 2010-09-02 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-09-02 04:29 . 2010-09-02 04:29 -------- d-----w- c:\program files\Gravity
    2010-09-02 04:29 . 2008-06-18 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-31 07:58 . 2009-11-06 01:06 -------- d-----w- c:\program files\Common Files\BioWare
    2010-08-28 06:36 . 2010-08-27 03:41 4620 ----a-w- c:\windows\XChange.dat
    2010-08-28 03:17 . 2009-12-06 10:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-08-27 17:43 . 2009-11-06 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
    2010-08-27 17:18 . 2010-08-27 16:19 -------- d-----w- c:\program files\Dragon Age
    2010-08-27 16:55 . 2009-11-06 01:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-21 07:23 . 2009-09-16 08:10 -------- d-----w- c:\program files\Shockwave.com
    2010-08-20 19:04 . 2008-10-03 04:41 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Yahoo!
    2010-08-19 19:03 . 2010-08-19 19:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2010-08-19 04:49 . 2009-12-24 22:07 -------- d-----w- c:\program files\CCleaner
    2010-08-18 19:05 . 2010-08-18 03:30 -------- d-----w- c:\documents and settings\Kathleen\Application Data\RenPy
    2010-08-18 19:05 . 2010-08-18 19:05 -------- d-----w- c:\program files\Bionic Heart
    2010-08-13 03:25 . 2010-07-28 23:55 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
    2010-08-13 03:13 . 2008-06-18 21:31 -------- d-----w- c:\program files\Microsoft.NET
    2010-08-13 03:09 . 2008-06-18 21:41 -------- d-----w- c:\program files\Microsoft Small Business
    2010-07-24 03:30 . 2010-07-24 03:30 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    2010-07-24 03:30 . 2010-07-24 03:30 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
    2010-07-24 03:30 . 2010-07-24 03:30 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
    2010-07-24 03:30 . 2010-07-24 03:30 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
    2010-07-24 03:30 . 2010-07-24 03:30 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
    2010-07-24 03:29 . 2010-07-24 03:29 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
    2010-07-09 22:38 . 2008-06-18 20:53 604776 ----a-w- c:\windows\system32\nvudisp.exe
    2010-07-09 22:38 . 2008-06-18 20:47 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-07-09 22:38 . 2008-06-18 20:47 236136 ----a-w- c:\windows\system32\nvcodins.dll
    2010-07-09 22:38 . 2008-06-18 20:47 236136 ----a-w- c:\windows\system32\nvcod.dll
    2010-07-09 22:38 . 2008-06-18 20:47 1388544 ----a-w- c:\windows\system32\nvapi.dll
    2010-07-09 22:38 . 2004-08-10 17:59 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-07-09 22:38 . 2004-08-10 17:59 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-07-09 20:24 . 2010-07-09 20:24 274432 ----a-w- c:\windows\system32\nvrsnl.dll
    2010-07-09 20:24 . 2010-07-09 20:24 274432 ----a-w- c:\windows\system32\nvrsesm.dll
    2010-07-09 20:24 . 2010-07-09 20:24 253952 ----a-w- c:\windows\system32\nvrssv.dll
    2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
    2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-07-07 18:03 . 2008-10-10 22:07 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
    2008-07-26 00:56 . 2008-07-26 00:56 0 -c--a-w- c:\program files\temp01
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\Kathleen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
    "Evaxal"="c:\windows\mapshtl3.dll" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="realsched.exe -osboot" [X]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-06-16 738776]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="NvMCTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "Lwehatodejexijok"="c:\windows\ivicevenupehuk.dll" [BU]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-18 50688]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
    2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-08-02 21:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
    "c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "57113:TCP"= 57113:TCP:pando Media Booster
    "57113:UDP"= 57113:UDP:pando Media Booster

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/5/2010 7:43 PM 218592]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
    S2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [1/23/2008 4:19 AM 501560]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/11/2010 8:02 AM 135336]
    S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 1:57 PM 135664]
    S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 1:51 PM 14336]
    S2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [3/29/2009 1:45 PM 137344]
    S2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [3/29/2009 1:45 PM 12032]
    S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 1:50 PM 5120]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
    S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/18/2008 5:36 PM 30192]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2008 1:57 AM 691696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:57]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:57]

    2010-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872132856-1609978231-1670840034-1009Core.job
    - c:\documents and settings\Kathleen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 21:12]

    2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872132856-1609978231-1670840034-1009UA.job
    - c:\documents and settings\Kathleen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 21:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080618
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-03 13:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2872132856-1609978231-1670840034-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:63,90,bd,a5,d1,42,4a,3d,de,6b,42,8a,fb,f9,66,7b,15,01,aa,f8,5e,c9,f8,
    21,31,09,36,03,bb,25,ba,5b,a8,6e,bd,ed,ce,e9,07,dc,3e,88,17,e8,72,09,4b,32,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_USERS\S-1-5-21-2872132856-1609978231-1670840034-1009\Software\SecuROM\License information*]
    "datasecu"=hex:6e,2b,c3,fe,3a,f0,a9,97,fd,5c,b9,24,1c,a4,1b,87,bc,e5,b3,7b,7c,
    78,1a,75,ac,93,0a,be,e3,70,e2,b5,1f,df,d2,88,97,93,e8,fa,b9,55,51,ff,39,b7,\
    "rkeysecu"=hex:15,39,58,07,c1,70,41,e5,9e,b0,37,20,d6,8e,4b,15

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(688)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\System32\BCMLogon.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

    - - - - - - - > 'lsass.exe'(744)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll

    - - - - - - - > 'explorer.exe'(1056)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-10-03 13:21:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-03 17:21
    ComboFix2.txt 2010-10-03 00:22

    Pre-Run: 24,224,579,584 bytes free
    Post-Run: 24,228,061,184 bytes free

    Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - AF2525C891229BF0AF6685C4F1868761


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4577

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    10/3/2010 1:36:42 PM
    mbam-log-2010-10-03 (13-36-42).txt

    Scan type: Quick scan
    Objects scanned: 144823
    Time elapsed: 7 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/952712

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice