Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Removed Trojan.Win32/BHO Yesterday

John D.

By John D.
in IObit Security 360

Recommended Posts

John D. Newbie

John D.

Posted
Posted

For the past few months, I have been sending out unwanted ads to people on my mail list.

 

Yesterday I removed Trojan.Win32/BHO. Today emails were generated by malware.

 

Several computers share the one connection leaving the house. She was infected with Generic Trojan. I also removed it yesterday using Security 360.

 

I ran a scan of each computer and no threats were detected.

 

I have attached the report from my computer.

 

I am currently using IE 7 - WinXP SP3.

 

I am a new user of Security 360 and this Forum.

 

I would appreciate your help. I have copied and pasted the report file below. Did not located how to attach.

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 20:41:17, on 2010-12-18

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Program\schedule_launch.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Program\scripts.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} -

O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}SWCtl.SWCtl.11 - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336}UploaderX.UploadListView.1 - http://picasaweb.google.com/s/v/45.19/uploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}SoftwareDistribution.WebControl.1 - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226686344531

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226686893640

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}TheFacebook.FacebookPhotoUploader5.5.1 - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Security Toolbar Service (AVG Security Toolbar Service) - Unknown - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9895919cebd66) (gupdate1c9895919cebd66) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LVCOMSer (LVCOMSer) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ProtexisLicensing (ProtexisLicensing) - Unknown - C:\WINDOWS\system32\PSIService.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

 

 

 

 

John D.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Greetings,

 

After reading some of the info available at this site, I decided to download and run Super AntiSpyware. It found Adware HBHelper, Adware Tracking Cookies and Browser Hjaker Desktop which was removed.

 

I reran Super AntiSpyware and Security 360 at Full scan. No threats were detected. Please look at the below log and tell me if I am finally free of malware or not. I sure would appreciate knowing.

 

Thanks,

John D.

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 16:5:15, on 2010-12-19

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Program\schedule_launch.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program Files\Program\scripts.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} -

O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}SWCtl.SWCtl.11 - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336}UploaderX.UploadListView.1 - http://picasaweb.google.com/s/v/45.19/uploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}SoftwareDistribution.WebControl.1 - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226686344531

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226686893640

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}TheFacebook.FacebookPhotoUploader5.5.1 - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Security Toolbar Service (AVG Security Toolbar Service) - Unknown - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9895919cebd66) (gupdate1c9895919cebd66) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LVCOMSer (LVCOMSer) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ProtexisLicensing (ProtexisLicensing) - Unknown - C:\WINDOWS\system32\PSIService.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

Link to comment
Share on other sites
enoskype Newbie

enoskype

Posted
Posted

Hi John D.

 

-Follow suggestion of jelrikj and do the following.

 

-Please check the below in the web and VirusTotal if they are safe:

 

C:\Program Files\Program\scripts.exe

 

O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} -

 

O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll

 

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}TheFacebook.FacebookPhotoUploader5.5. 1 - http://upload.facebook.com/controls/...Uploader55.cab

 

 

-Update your Java Runtime Environment 1.6.0.17 to Java Runtime Environment 1.6.0.23 .

 

-Use JavaRa to clean the old clutter of Java.

 

-Update to IE8 with all recent patches.

 

If you still think there is something wrong with your system, then open a thread in Spyware-Malware Removal Help! section following the procedure in Guidelines for requesting malware removal assistance thread.

 

Wait for a Malware Fighter to respond there.

 

Cheers.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Thanks Jeirikj - Yes, I agree. I always run with only one Virus Protection system normally. I added Avast Antivirus when I started having problems some few weeks ago. I will remove AVG. I really appreciate your time and effort expended on my problems.

 

Thanks again John.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Thanks enoskype,

 

I really appreciate your expert time expended on this former problem hopefully. I will follow suggestion of jelrik and uninstall free AVG which I have used for many years.

 

I will submit the files you indicated to Virus Total. First I heard of it. Thanks for the suggestion. I did note the files mentioned as a possible problem and did disable all browser helpers or at least I thought I did after running the Hijack This program. Will look all browser helpers and limit their use ASAP.

 

I am a old time scriptwriter and think I thought I needed the old Java to show certain Rich Text stats. Also, because of some loss of not being able to open the old MetaCreation script stats (I think) and other know losses I decided to not to update as I am taking Advanced VBS scripting lesson. I know from a security standpoint this is/was not wise. However, it appears from your expert advice that I need to do so.

 

Will run JavaRa. Sound like great advice. I never heard of it and never considered the Java files accumulation (old clutter) not being cleanned by the several programs I run.

 

Thanks again for all your wonderful expert advice. I will be back in touch in the Malware Fighter if I think I might have a malware problem.

 

I think the major problem is my wife, and my three grandkids (4-10- and 15 years of age) but still assume all responsibilities for my network. I have never experienced something like this in many years of using the Computer. It sure is getting harder and harder to enjoy the Computer.

 

Thanks again and again,

John D. /B]

Link to comment
Share on other sites
enoskype Newbie

enoskype

Posted
Posted

Nothing at all John D, with pleasure. :grin:

 

Assuming all the other security measures have been taken, I can not dwell on more about the suggession to use immediately the latest available versions or patches of the following (not in the order of importance) when they are available without bugs, as they are being the worst vulnarable targets of the recent hackings on the web.

 

1) Adobe

 

2) Flash

 

3) Java

 

4) Browsers (FF being more secure than IE)

 

 

All the best.

Link to comment
Share on other sites
So_sad Newbie

So_sad

Posted
Posted

Hello John and enoskype :smile:

 

@John : I hope you don't mind my asking a few questions. I've looked your logs over and I see something a little odd, or should I say "unknown".

enoskype pointed one out :

 

C:\Program Files\Program\scripts.exe <

 

..and I see a second file, in the same folder (directory) :

 

C:\Program Files\Program\schedule_launch.exe <

 

This "Program" directory, within "Program Files" looks odd. Could be from a legit application ; if so, the name of the directory could have been modified because it doesn't match with anything I've been able to find.

 

Best thing to do right now is what enoskype suggested earlier : have both those files analysed at the VirusTotal site. You can bookmark each page where the scan will be performed and simply paste those two links here afterwards for us to see, if there are any detections from any of 40 (ish) antivirus engines.

 

I would ask you to run another scanning tool, as explained in Step #3 from this link :

http://forums.iobit.com/showthread.php?t=6216

 

Copy/paste both logs from the DDS tool here, using two replies : one per log. And don't forget the VirusTotal links as well, for those two files mentionned above.

 

See you soon !

 

===

Link to comment
Share on other sites
  • 2 weeks later...
John D. Newbie

John D.

Posted
  • Author
Posted

Thanks So_Sad,

 

I did consider the two files to have analyzed thru Virus Total. Was not absolutely sure how. I did check and at the time thought them OK.

 

I have updated my Java, Flash and Adobe. I updated IE7 to IE8. Have installed FF and used. Have ran malware detections programs numerous times without indication of a problem.

 

I thought I was now OK from this "plague" (malware) but yesterday Advertisement email was sent out from my computer to all my email addresses.

 

Will be working with your suggestions and will get back into the group with what I have. Might need to drop in to ask a question but think I understand what you want me to do.

 

Thanks,

John D.

Link to comment
Share on other sites
So_sad Newbie

So_sad

Posted
Posted

Hi there John, and a Happy New Year to you and yours :smile:

 

Fair enough ; go at your own pace.

 

If you'd consider having those two unknown files scanned at VirusTotal again, I can walk you through it :

 

1) Go to their site >> http://www.virustotal.com/

 

2) Once there, click the "Browse..." button ; an Explorer-like window will appear ;

 

3) From the Explorer window, locate the following file then double-click on it :

 

C:\Program Files\Program\scripts.exe

 

4) Next, click on "Send file" (middle of the window)

 

5) If their servers are busy, you may be put in a queue ; just wait it out. The analysis will start. If you get a message that the file has already been scanned, click for a new analysis please. Analysis only takes a minute or two, then all results will be displayed. Just bookmark that page.

 

6) Do the same for the other file below (click "Browse...", then double-click the file when found, then click "Send file"). Bookmark that page as well. This is the second file :

 

C:\Program Files\Program\schedule_launch.exe

 

7) Paste both your links here, so we can view the scan reports.

 

8) Go ahead with the DDS scan, as prescribed in my previous message, then copy/paste the first log in one reply here (with the links to VirusTotal) and then copy/paste the second DDS log in a new reply.

 

===

 

Are you sure the emails originate from your computer ? Have you actually witnessed your mail program sending out the junk ? I'm asking because there's another possibility : your email address and contact list could have been harvested from your machine initially, then used and abused without any involvement from your machine. We'll see...

 

See you soon.

 

===

===

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Good Morning So_Sad,

 

I did look at the source of the two files you were concerned with (C:\Program Files\Program\scripts.exe and C:\Program Files\Program\schedule_launch.exe). They are associated (needed) for my Paragon Back-up Copy. I am currently not using and could uninstall the whole program or could and perhaps will go ahead and run in VirusTotal.

 

Will do the other things and will post results in Spyware Malware Removal Help unless you want me to post here.

 

John D.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

The below is the URL of the check for the schedule_launch.exe file

 

http://www.virustotal.com/file-scan/report.html?id=d65fd6b88969c89af08e4a23f11026116ac44ab215a49b31dd727d2ac3128131-1294234301

 

 

launcher.exe

 

http://www.virustotal.com/file-scan/report.html?id=c15910d932151690bc52a2f29942522806902ecffaf33bb502658a120e2b13ef-1294234620

 

 

original analysis for script.exe

http://www.virustotal.com/file-scan/reanalysis.html?id=69155001c24ec917e1d35f641b09d45f0a1d3ab7e10e0aefea4b9f1554f7157f-1294234854

 

2nd run on script.exe

http://www.virustotal.com/file-scan/report.html?id=69155001c24ec917e1d35f641b09d45f0a1d3ab7e10e0aefea4b9f1554f7157f-1294234854

 

This was way cool. Sure a great learning experience. Thanks,

 

Do hope this is how I was suppose to do. I do hope it is OK to continue in this forum for now.

 

John D.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

This might be the second response in regards to email from my computer. I lost my first one and it might show up here.

 

Are you sure the emails originate from your computer ?

 

Yes, I am sure but my assurance is based on the limited knowledge that I have concerning malware.

 

I do have several addresses in my address book that are no longer good for one reason or another. I know when something is sent out from this computer based on the unable to deliver emails received back from the not valid email addresses. I open the attachement and see the message sent out by the vendor.

 

I have checked and have deleted all of the not valid email sends.

 

I do have a copy of the email that I sent out to my list group with the attached message from the vendor.

 

John D.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

ok

 

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 9:54:55.26 on Wed 01/05/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.285 [GMT -5:00]

 

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program Files\Program\schedule_launch.exe

C:\Program Files\Program\scripts.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Owner\My Documents\dds\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: TBSB05974: {fcbccb87-9224-4b8d-b117-f56d924beb18} - TBSB05974 Class

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} -

TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?

 

lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4AD

 

YARwA"&"inst=NwA3AC0ANAA1ADEAOAA4ADgANAAzADEALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAt

 

AEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3A

 

EMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAA"&"prod=90"&"ver=9.0.872

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\setup.exe

IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm

IE: &Download using 4shared Desktop - c:\program files\4shared desktop\down_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11

 

\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search &

 

destroy\SDHelper.dll

Trusted Zone: ameritrade.com\wwws

Trusted Zone: java.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-

 

1719D1177202/LegitCheckControl.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/45.19/uploader2.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

 

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226686344531

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

 

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226686893640

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

 

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

 

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - c:\program files\gamebox\gamebox_toolbar.dll

Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active

 

trader\system\atngprot.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: "c:\progra~1\google\google,desktop,search\GoogleDesktopNetwork3.dll"

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\roib9uj9.default\

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-

 

3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5

 

\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-

 

46ed-80e3-08825760534b}

 

============= SERVICES / DRIVERS ===============

 

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-3-11 36512]

R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2009-3-11 39456]

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-6-4 40368]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-12 64288]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-17 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-17 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-17 40384]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

 

\mscorsvw.exe [2010-3-18 130384]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-17 312152]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-17 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-17 40384]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

S1 soqwx32;soqwx32; [x]

S2 gupdate1c9895919cebd66;Google Update Service (gupdate1c9895919cebd66);c:\program files\google\update\GoogleUpdate.exe

 

[2009-2-7 133104]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2009-12-25 29184]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop

 

search\GoogleDesktop.exe [2008-11-14 29744]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

 

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== Created Last 30 ================

 

2011-01-03 17:21:39 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2011-01-03 17:20:10 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2011-01-03 17:16:10 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2011-01-03 17:07:51 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-01-03 17:06:52 -------- d-----w- c:\windows\ie8updates

2011-01-03 17:04:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-01-03 17:04:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-01-03 17:04:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-01-03 17:01:53 -------- dc-h--w- c:\windows\ie8

2010-12-28 00:53:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Mozilla

2010-12-27 15:10:08 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-25 17:22:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-19 16:29:32 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com

2010-12-19 16:29:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-19 16:29:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-17 21:57:00 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PCHealth

2010-12-16 03:34:50 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-16 03:34:15 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-07 14:16:21 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

 

==================== Find3M ====================

 

2010-12-29 02:02:56 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2002-07-29 03:40:00 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf

2001-04-02 20:31:14 550602 ----a-w- c:\program files\EyeCand3.8bf

2001-04-02 20:22:50 409600 ----a-w- c:\program files\EC3-ENG.8BF

1999-06-25 14:56:04 127184 ----a-w- c:\program files\UNWISE.EXE

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

 

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x851DFAB8]

3 CLASSPNP[0xF75D0FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000090[0x851729E8]

5 ACPI[0xF73E7620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP4T0L0-1f[0x8513CD98]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SI, 0x7c00; MOV DI, 0x7a00; MOV SS, AX; MOV SP, DI; MOV DS, AX; MOV ES, AX; MOV CX, 0x200; CLD ; REP

 

MOVSB ; JMP FAR 0x0:0x7a1b; }

user != kernel MBR !!!

 

============= FINISH: 9:56:27.39 ===============

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

attached.txt

 

note: have been unable to update IE 8 completely for some reason since I the upgrade to IE8.

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/6/2008 8:38:29 PM

System Uptime: 1/5/2011 9:42:08 AM (0 hours ago)

 

Motherboard: MICRO-STAR | | MS-7184

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 |

 

2188/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 233 GiB total, 173.956 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP721: 10/8/2010 3:00:16 AM - Software Distribution Service 3.0

RP722: 10/9/2010 3:00:17 AM - Software Distribution Service 3.0

RP723: 10/10/2010 3:00:17 AM - Software Distribution Service 3.0

RP724: 10/11/2010 3:00:18 AM - Software Distribution Service 3.0

RP725: 10/12/2010 3:00:21 AM - Software Distribution Service 3.0

RP726: 10/13/2010 3:00:27 AM - Software Distribution Service 3.0

RP727: 10/14/2010 3:00:16 AM - Software Distribution Service 3.0

RP728: 10/15/2010 3:00:21 AM - Software Distribution Service 3.0

RP729: 10/16/2010 3:00:17 AM - Software Distribution Service 3.0

RP730: 10/17/2010 3:00:17 AM - Software Distribution Service 3.0

RP731: 10/18/2010 3:00:16 AM - Software Distribution Service 3.0

RP732: 10/19/2010 3:00:17 AM - Software Distribution Service 3.0

RP733: 10/20/2010 3:00:22 AM - Software Distribution Service 3.0

RP734: 10/20/2010 10:51:55 AM - COMODO Registry Cleaner 20-

 

10-10_10-51-50

RP735: 10/21/2010 3:00:19 AM - Software Distribution Service 3.0

RP736: 10/22/2010 3:00:22 AM - Software Distribution Service 3.0

RP737: 10/23/2010 3:00:22 AM - Software Distribution Service 3.0

RP738: 10/24/2010 3:00:28 AM - Software Distribution Service 3.0

RP739: 10/25/2010 3:00:17 AM - Software Distribution Service 3.0

RP740: 10/26/2010 3:00:17 AM - Software Distribution Service 3.0

RP741: 10/26/2010 8:47:28 AM - Avg Update

RP742: 10/27/2010 3:00:22 AM - Software Distribution Service 3.0

RP743: 10/28/2010 3:00:19 AM - Software Distribution Service 3.0

RP744: 10/28/2010 10:31:36 AM - Installed Fidelity Active Trader

 

Pro®.

RP745: 10/29/2010 3:00:23 AM - Software Distribution Service 3.0

RP746: 10/30/2010 3:00:22 AM - Software Distribution Service 3.0

RP747: 10/31/2010 3:00:17 AM - Software Distribution Service 3.0

RP748: 11/1/2010 3:00:25 AM - Software Distribution Service 3.0

RP749: 11/2/2010 3:00:20 AM - Software Distribution Service 3.0

RP750: 11/3/2010 3:00:28 AM - Software Distribution Service 3.0

RP751: 11/4/2010 3:00:20 AM - Software Distribution Service 3.0

RP752: 11/5/2010 3:00:20 AM - Software Distribution Service 3.0

RP753: 11/6/2010 3:00:22 AM - Software Distribution Service 3.0

RP754: 11/7/2010 2:00:19 AM - Software Distribution Service 3.0

RP755: 11/7/2010 3:00:15 AM - Software Distribution Service 3.0

RP756: 11/8/2010 3:00:16 AM - Software Distribution Service 3.0

RP757: 11/9/2010 3:00:22 AM - Software Distribution Service 3.0

RP758: 11/10/2010 3:00:20 AM - Software Distribution Service 3.0

RP759: 11/10/2010 8:15:31 AM - Avg Update

RP760: 11/10/2010 8:16:34 AM - Avg Update

RP761: 11/11/2010 3:00:28 AM - Software Distribution Service 3.0

RP762: 11/12/2010 3:00:23 AM - Software Distribution Service 3.0

RP763: 11/13/2010 3:00:21 AM - Software Distribution Service 3.0

RP764: 11/13/2010 6:32:10 PM - Software Distribution Service 3.0

RP765: 11/14/2010 3:00:22 AM - Software Distribution Service 3.0

RP766: 11/15/2010 3:00:16 AM - Software Distribution Service 3.0

RP767: 11/16/2010 3:00:18 AM - Software Distribution Service 3.0

RP768: 11/17/2010 3:00:22 AM - Software Distribution Service 3.0

RP769: 11/17/2010 11:27:57 AM - avast! Free Antivirus Setup

RP770: 11/17/2010 11:56:28 AM - Removed Fidelity Active Trader

 

Pro®.

RP771: 11/17/2010 8:25:00 PM - Installed Fidelity Active Trader

 

Pro®.

RP772: 11/18/2010 3:00:18 AM - Software Distribution Service 3.0

RP773: 11/19/2010 3:00:24 AM - Software Distribution Service 3.0

RP774: 11/20/2010 3:00:23 AM - Software Distribution Service 3.0

RP775: 11/21/2010 3:00:21 AM - Software Distribution Service 3.0

RP776: 11/21/2010 10:27:32 PM - Software Distribution Service

 

3.0

RP777: 11/22/2010 3:00:16 AM - Software Distribution Service 3.0

RP778: 11/23/2010 3:00:19 AM - Software Distribution Service 3.0

RP779: 11/24/2010 3:00:21 AM - Software Distribution Service 3.0

RP780: 11/24/2010 9:54:03 AM - Avg Update

RP781: 11/24/2010 9:55:31 AM - Avg Update

RP782: 11/25/2010 3:00:21 AM - Software Distribution Service 3.0

RP783: 11/26/2010 3:00:24 AM - Software Distribution Service 3.0

RP784: 11/27/2010 3:00:29 AM - Software Distribution Service 3.0

RP785: 11/28/2010 3:00:18 AM - Software Distribution Service 3.0

RP786: 11/29/2010 3:00:22 AM - Software Distribution Service 3.0

RP787: 11/30/2010 3:00:19 AM - Software Distribution Service 3.0

RP788: 12/1/2010 3:00:23 AM - Software Distribution Service 3.0

RP789: 12/1/2010 8:39:55 PM - Avg Update

RP790: 12/2/2010 3:00:16 AM - Software Distribution Service 3.0

RP791: 12/3/2010 3:00:20 AM - Software Distribution Service 3.0

RP792: 12/4/2010 3:00:30 AM - Software Distribution Service 3.0

RP793: 12/5/2010 6:46:53 AM - Software Distribution Service 3.0

RP794: 12/6/2010 3:00:22 AM - Software Distribution Service 3.0

RP795: 12/7/2010 3:00:17 AM - Software Distribution Service 3.0

RP796: 12/8/2010 3:00:22 AM - Software Distribution Service 3.0

RP797: 12/9/2010 3:00:19 AM - Software Distribution Service 3.0

RP798: 12/9/2010 10:05:41 AM - Software Distribution Service 3.0

RP799: 12/10/2010 3:00:18 AM - Software Distribution Service 3.0

RP800: 12/10/2010 12:35:17 PM - Software Distribution Service

 

3.0

RP801: 12/11/2010 3:00:19 AM - Software Distribution Service 3.0

RP802: 12/11/2010 5:32:34 PM - COMODO Registry Cleaner 11-12

 

-10_17-32-30

RP803: 12/12/2010 3:00:20 AM - Software Distribution Service 3.0

RP804: 12/13/2010 3:00:22 AM - Software Distribution Service 3.0

RP805: 12/14/2010 3:00:21 AM - Software Distribution Service 3.0

RP806: 12/15/2010 3:00:22 AM - Software Distribution Service 3.0

RP807: 12/16/2010 3:00:33 AM - Software Distribution Service 3.0

RP808: 12/16/2010 8:36:09 AM - COMODO Registry Cleaner 16-12

 

-10_08-36-02

RP809: 12/17/2010 3:00:19 AM - Software Distribution Service 3.0

RP810: 12/17/2010 4:38:28 PM - Software Distribution Service 3.0

RP811: 12/17/2010 4:47:50 PM - Software Distribution Service 3.0

RP812: 12/18/2010 3:00:19 AM - Software Distribution Service 3.0

RP813: 12/18/2010 10:52:10 AM - Software Distribution Service

 

3.0

RP814: 12/18/2010 10:58:28 AM - Software Distribution Service

 

3.0

RP815: 12/19/2010 3:00:20 AM - Software Distribution Service 3.0

RP816: 12/19/2010 4:57:41 PM - Software Distribution Service 3.0

RP817: 12/19/2010 5:05:57 PM - Software Distribution Service 3.0

RP818: 12/19/2010 5:11:43 PM - Software Distribution Service 3.0

RP819: 12/20/2010 3:00:19 AM - Software Distribution Service 3.0

RP820: 12/20/2010 1:45:26 PM - Software Distribution Service 3.0

RP821: 12/21/2010 3:00:21 AM - Software Distribution Service 3.0

RP822: 12/22/2010 3:00:22 AM - Software Distribution Service 3.0

RP823: 12/23/2010 3:00:20 AM - Software Distribution Service 3.0

RP824: 12/24/2010 3:00:22 AM - Software Distribution Service 3.0

RP825: 12/25/2010 3:00:24 AM - Software Distribution Service 3.0

RP826: 12/25/2010 10:44:29 AM - Software Distribution Service

 

3.0

RP827: 12/25/2010 11:20:16 AM - Software Distribution Service

 

3.0

RP828: 12/25/2010 12:21:35 PM - Installed Java 6 Update 23

RP829: 12/25/2010 12:25:23 PM - IObit Uninstaller RestorePoint

RP830: 12/25/2010 12:27:14 PM - Removed AVG Free 9.0

RP831: 12/25/2010 12:29:23 PM - Installed AVG Free 9.0

RP832: 12/26/2010 3:00:21 AM - Software Distribution Service 3.0

RP833: 12/27/2010 3:00:18 AM - Software Distribution Service 3.0

RP834: 12/27/2010 9:54:49 AM - Software Distribution Service 3.0

RP835: 12/27/2010 10:05:29 AM - Removed Java 6 Update 10

RP836: 12/27/2010 10:09:18 AM - Installed Java 6 Update 23

RP837: 12/28/2010 3:00:18 AM - Software Distribution Service 3.0

RP838: 12/29/2010 3:00:21 AM - Software Distribution Service 3.0

RP839: 12/30/2010 3:00:21 AM - Software Distribution Service 3.0

RP840: 12/31/2010 3:00:21 AM - Software Distribution Service 3.0

RP841: 1/1/2011 3:00:17 AM - Software Distribution Service 3.0

RP842: 1/2/2011 3:00:19 AM - Software Distribution Service 3.0

RP843: 1/3/2011 3:00:16 AM - Software Distribution Service 3.0

RP844: 1/3/2011 11:38:28 AM - Software Distribution Service 3.0

RP845: 1/3/2011 11:43:44 AM - Software Distribution Service 3.0

RP846: 1/3/2011 11:52:22 AM - Software Distribution Service 3.0

RP847: 1/3/2011 4:27:12 PM - Software Distribution Service 3.0

RP848: 1/3/2011 4:40:07 PM - Software Distribution Service 3.0

RP849: 1/3/2011 4:42:01 PM - Software Distribution Service 3.0

RP850: 1/3/2011 4:44:37 PM - Software Distribution Service 3.0

RP851: 1/3/2011 4:47:09 PM - Software Distribution Service 3.0

RP852: 1/3/2011 4:55:03 PM - Software Distribution Service 3.0

RP853: 1/3/2011 5:04:26 PM - Software Distribution Service 3.0

RP854: 1/4/2011 3:00:17 AM - Software Distribution Service 3.0

RP855: 1/5/2011 3:01:17 AM - Software Distribution Service 3.0

RP856: 1/5/2011 9:49:05 AM - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

20/20 v2.2

4shared Desktop

7-Zip 4.65

ABBYY FineReader 5.0 Sprint Plus

Action Replay DSi Code Manager

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.1

Adobe Shockwave Player

Advanced SystemCare 3

Alien Skin Eye Candy 5 Nature

AmphiSoft plug-in filters DEMO

Any Video Converter 2.7.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

avast! Free Antivirus

Bonjour

buZZ.Pro 2.0

Color Cop 5.4.3

COMODO System Cleaner 1.1.64946.38(32bit)

Compatibility Pack for the 2007 Office system

Corel Paint Shop Pro X

Cover Commander 3.0 by Insofta Development

CSE HTML Validator Lite v9.02

Driver Detective

Eml2Html

Eye Candy 3

Eye Candy 4000 Demo

Fidelity Active Trader Pro®

Filter Forge Freepack 1 - Metals 1.012

Filter Forge Freepack 2 - Photo Effects 1.012

Filter Forge Freepack 3 - Frames 1.012

Filter Forge Freepack 4 - Distortions 1.015

Filters Unlimited 2.0

GameBox Toolbar

Google Chrome

Google Desktop

Google Earth

Google Photos Screensaver

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HTML-Kit

IncrediMail

Inpaint 2.3

IObit Security 360

iTunes

Jasc Animation Shop 3

Jasc Animation Shop 3 20041030_07 Help file Patch

Jasc Paint Shop Pro 9

Jasc Paint Shop Pro 9 GDI+ Patch

Jasc Paint Shop Pro 9.01 - (9.0.1.1)

Jasc Paint Shop Pro 9.01 Patch

Java Auto Updater

Java 6 Update 23

Lexmark 4200 Series

Lexmark 4200 Series Fax Solutions

Lexmark Fax Solutions

Logitech QuickCam

Logitech Updater

magicJack

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Visual C++ 2005 ATL Update kb973923 - x86

 

8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft Works 6-9 Converter

Mozilla Firefox (3.6.13)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Paragon Drive Copy 9.0 Personal Special Edition

pcHugBug Browser Deluxe Lite

pcHugWare AutoUpdater

Picasa 3

Plugin Galaxy 1.0

PSP Thumbnail Handler

QuickTime

Realtek AC'97 Audio

Roblox for Owner

Screen Calipers 2.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1

 

(KB2416473)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Smart Defrag

Sothink JWScroller

Sothink SWF Quicker

Spybot - Search & Destroy

SpywareBlaster 4.4

sTile 2.7

SUPERAntiSpyware

The Big Box of Art 1 Million

thinkorswim from TD AMERITRADE

TomTom HOME 2.7.5.2014

TomTom HOME Visual Studio Merge Modules

TopStyle Lite (Version 3)

Ulead ArtTexture.Plugin 1.0

Ulead Particle.Plugin 1.0

Uniblue DriverScanner 2009

Uninstall DreamSuite Bonus

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Virtual Earth 3D (Beta)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WD Diagnostics

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu

 

-Ray

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Wondershare Video Converter Platinum(Build 4.2.0.56)

 

==== Event Viewer Messages From Past Week ========

 

12/29/2010 12:41:12 PM, error: Service Control Manager [7031] -

 

The Lavasoft Ad-Aware Service service terminated

 

unexpectedly. It has done this 1 time(s). The following

 

corrective action will be taken in 5000 milliseconds: Restart the

 

service.

12/29/2010 12:41:01 PM, error: Service Control Manager [7034] -

 

The Process Monitor service terminated unexpectedly. It has

 

done this 1 time(s).

12/29/2010 12:41:01 PM, error: Service Control Manager [7034] -

 

The IS360service service terminated unexpectedly. It has done

 

this 1 time(s).

12/29/2010 12:41:00 PM, error: Service Control Manager [7034] -

 

The TomTomHOMEService service terminated unexpectedly. It

 

has done this 1 time(s).

12/29/2010 12:41:00 PM, error: Service Control Manager [7034] -

 

The ProtexisLicensing service terminated unexpectedly. It has

 

done this 1 time(s).

12/29/2010 12:41:00 PM, error: Service Control Manager [7034] -

 

The LVCOMSer service terminated unexpectedly. It has done

 

this 1 time(s).

12/29/2010 12:40:59 PM, error: Service Control Manager [7034] -

 

The Java Quick Starter service terminated unexpectedly. It has

 

done this 1 time(s).

12/29/2010 12:40:59 PM, error: Service Control Manager [7034] -

 

The Bonjour Service service terminated unexpectedly. It has

 

done this 1 time(s).

12/29/2010 12:40:59 PM, error: Service Control Manager [7031] -

 

The Apple Mobile Device service terminated unexpectedly. It

 

has done this 1 time(s). The following corrective action will be

 

taken in 60000 milliseconds: Restart the service.

12/29/2010 12:40:57 PM, error: Service Control Manager [7034] -

 

The LexBce Server service terminated unexpectedly. It has

 

done this 1 time(s).

12/29/2010 12:40:55 PM, error: Service Control Manager [7034] -

 

The Ati HotKey Poller service terminated unexpectedly. It has

 

done this 1 time(s).

1/4/2011 8:19:03 AM, error: Service Control Manager [7009] -

 

Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware

 

Service service to connect.

1/4/2011 8:19:03 AM, error: Service Control Manager [7000] - The

 

Lavasoft Ad-Aware Service service failed to start due to the

 

following error: The service did not respond to the start or

 

control request in a timely fashion.

1/4/2011 8:18:58 AM, error: Service Control Manager [7031] - The

 

Microsoft .NET Framework NGEN v4.0.30319_X86 service

 

terminated unexpectedly. It has done this 1 time(s). The

 

following corrective action will be taken in 120000 milliseconds:

 

Restart the service.

1/3/2011 11:38:42 AM, error: Windows Update Agent [20] -

 

Installation Failure: Windows failed to install the following

 

update with error 0x80070002: Internet Explorer 8 for Windows

 

XP.

 

==== End Of File ===========================

Link to comment
Share on other sites
So_sad Newbie

So_sad

Posted
Posted

Hi there John :-)

 

And thanks to enoskype for speeding things along ;)

 

First, John, thanks for those logs. Nice work. Now, let's look at what we have :

 

- There's a leftover from a nasty rootkit/backdoor infection known as Rustock, capable of transforming any PC into a zombie. "Zombie", in our realm, means a machine taken over by a remote operator to do what they want, without your consent or even your knowledge. This includes spamming from your machine, meaning sending out spam emails with your name on them (or anybody else's, really...). According to some online sources, the Rustock botnet is responsible for 40% of spam worldwide. That's huge, and run by organized crime. A botnet is a network of zombie PCs.

 

- About IE8 not updating : looks like you may have installed it recently, while infected. Having an older version of IE on the machine could very well explain how Rustock got onboard. Either way, you have more malware present that would definitely block updates to the browser. We'll get to that part soon...

 

- About Paragon and those mysterious files : thanks for double-checking and confirming they are Paragon files. My earlier research pointed to Paragon for the file names, but the location didn't fit. Go to this next link to view all known locations :

http://www.online-armor.com/oasis2/file/paragon_technologie_gmbh/unspecified_product/scripts_exe/91521

 

- DDS logs are showing another nasty, hooked down deep in your machine. We'll need to run a couple more tools for that one. One at a time. This is the first step :

 

Download TDSSKiller.zip from the folllowing link and save it to your Desktop :

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

* Extract (unzip) its contents to your Desktop

* Double-click the TDSSKiller Folder on your Desktop

* Important!: Run this fix once and once only

* Double-click TDSSKiller.exe then click Start scan

* A box will appear saying System scan completed

* If any Malicious objects are found, click the default action Cure > Continue > Reboot now

* If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue

* A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 30.09.2010

* Please post the contents of that log in your next reply.

 

==================

 

See you soon :wink:

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Greetings So_Sad

 

Wow! It is sad to have "nasties". Yes, I probably stuck with IE 7 too long thinking my security system was sufficient to protect me. Bad thinking!!! Below is the results of running TDSSKiller. Upon completion it stated something to the effect of "no problem".

 

 

 

2011/01/06 07:55:39.0593 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/06 07:55:39.0593 ================================================================================

2011/01/06 07:55:39.0593 SystemInfo:

2011/01/06 07:55:39.0593

2011/01/06 07:55:39.0593 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/06 07:55:39.0593 Product type: Workstation

2011/01/06 07:55:39.0593 ComputerName: JDURHAM_EMPC

2011/01/06 07:55:39.0593 UserName: Owner

2011/01/06 07:55:39.0593 Windows directory: C:\WINDOWS

2011/01/06 07:55:39.0593 System windows directory: C:\WINDOWS

2011/01/06 07:55:39.0593 Processor architecture: Intel x86

2011/01/06 07:55:39.0593 Number of processors: 1

2011/01/06 07:55:39.0593 Page size: 0x1000

2011/01/06 07:55:39.0593 Boot type: Normal boot

2011/01/06 07:55:39.0593 ================================================================================

2011/01/06 07:55:40.0000 Initialize success

2011/01/06 07:55:51.0937 ================================================================================

2011/01/06 07:55:51.0937 Scan started

2011/01/06 07:55:51.0937 Mode: Manual;

2011/01/06 07:55:51.0937 ================================================================================

2011/01/06 07:55:53.0281 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/01/06 07:55:53.0359 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/06 07:55:53.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/06 07:55:53.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/06 07:55:53.0468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/06 07:55:53.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/06 07:55:53.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/06 07:55:53.0609 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/06 07:55:53.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/06 07:55:53.0671 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/06 07:55:53.0703 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/06 07:55:53.0734 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/06 07:55:53.0843 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/01/06 07:55:53.0921 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/06 07:55:53.0953 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/06 07:55:53.0984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/06 07:55:54.0046 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/01/06 07:55:54.0078 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/06 07:55:54.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/06 07:55:54.0171 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/06 07:55:54.0187 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/06 07:55:54.0218 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/06 07:55:54.0265 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/01/06 07:55:54.0296 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/01/06 07:55:54.0359 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/01/06 07:55:54.0406 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2011/01/06 07:55:54.0468 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/01/06 07:55:54.0515 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/06 07:55:54.0562 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/06 07:55:54.0671 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/06 07:55:54.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/06 07:55:54.0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/06 07:55:54.0890 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/06 07:55:54.0921 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/06 07:55:54.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/06 07:55:54.0984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/06 07:55:55.0015 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/06 07:55:55.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/06 07:55:55.0093 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/06 07:55:55.0125 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/06 07:55:55.0203 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/06 07:55:55.0234 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/06 07:55:55.0296 crpf (70e81df572f4064b87858a17b15af04b) C:\WINDOWS\system32\drivers\crpf.sys

2011/01/06 07:55:55.0328 csdf (98e8c198dc164d43c2be5fb498d63a98) C:\WINDOWS\system32\drivers\csdf.sys

2011/01/06 07:55:55.0359 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/06 07:55:55.0390 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/06 07:55:55.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/06 07:55:55.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/06 07:55:55.0546 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/06 07:55:55.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/06 07:55:55.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/06 07:55:55.0687 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/06 07:55:55.0718 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/06 07:55:55.0781 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys

2011/01/06 07:55:55.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/06 07:55:55.0906 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/06 07:55:55.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/06 07:55:55.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/06 07:55:56.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/06 07:55:56.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/06 07:55:56.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/06 07:55:56.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/06 07:55:56.0234 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/06 07:55:56.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/06 07:55:56.0359 hotcore3 (d308726110a6011514dcdfc6e3fc21f2) C:\WINDOWS\system32\drivers\hotcore3.sys

2011/01/06 07:55:56.0375 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/06 07:55:56.0421 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/01/06 07:55:56.0484 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/01/06 07:55:56.0562 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/06 07:55:56.0640 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/06 07:55:56.0656 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/06 07:55:56.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/06 07:55:56.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/06 07:55:56.0796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/06 07:55:56.0828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/06 07:55:56.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/06 07:55:56.0921 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/06 07:55:56.0953 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/06 07:55:57.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/06 07:55:57.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/06 07:55:57.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/06 07:55:57.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/06 07:55:57.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/06 07:55:57.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/06 07:55:57.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/06 07:55:57.0406 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/01/06 07:55:57.0437 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/01/06 07:55:57.0562 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/01/06 07:55:57.0625 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2011/01/06 07:55:57.0703 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/06 07:55:57.0765 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/01/06 07:55:57.0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/06 07:55:57.0875 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/06 07:55:57.0906 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/06 07:55:57.0937 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/06 07:55:57.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/06 07:55:57.0984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/06 07:55:58.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/06 07:55:58.0109 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/06 07:55:58.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/06 07:55:58.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/06 07:55:58.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/06 07:55:58.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/06 07:55:58.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/06 07:55:58.0406 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2011/01/06 07:55:58.0437 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/06 07:55:58.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/06 07:55:58.0531 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/06 07:55:58.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/06 07:55:58.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/06 07:55:58.0625 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/06 07:55:58.0687 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/06 07:55:58.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/06 07:55:58.0750 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/06 07:55:58.0828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/06 07:55:58.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/06 07:55:58.0906 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/06 07:55:58.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/06 07:55:59.0046 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/06 07:55:59.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/06 07:55:59.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/06 07:55:59.0218 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/06 07:55:59.0265 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/01/06 07:55:59.0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/06 07:55:59.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/06 07:55:59.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/06 07:55:59.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/06 07:55:59.0453 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/06 07:55:59.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/06 07:55:59.0609 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/06 07:55:59.0640 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/06 07:55:59.0734 PID_0928 (3551190e9cf1eb4c0971bdef4269ca25) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS

2011/01/06 07:55:59.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/06 07:55:59.0828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/06 07:55:59.0859 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/06 07:55:59.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/06 07:55:59.0937 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/06 07:55:59.0968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/06 07:56:00.0000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/06 07:56:00.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/06 07:56:00.0062 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/06 07:56:00.0093 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/06 07:56:00.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/06 07:56:00.0156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/06 07:56:00.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/06 07:56:00.0218 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/06 07:56:00.0250 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/06 07:56:00.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/06 07:56:00.0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/06 07:56:00.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/06 07:56:00.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/06 07:56:00.0500 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/01/06 07:56:00.0562 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/01/06 07:56:00.0671 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/01/06 07:56:00.0687 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/01/06 07:56:00.0750 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/06 07:56:00.0828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/06 07:56:00.0890 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/06 07:56:00.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/06 07:56:01.0031 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/06 07:56:01.0078 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/06 07:56:01.0156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/06 07:56:01.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/06 07:56:01.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/06 07:56:01.0296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/06 07:56:01.0359 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/06 07:56:01.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/06 07:56:01.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/06 07:56:01.0500 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/06 07:56:01.0531 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/06 07:56:01.0562 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/06 07:56:01.0593 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/06 07:56:01.0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/06 07:56:01.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/06 07:56:01.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/06 07:56:01.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/06 07:56:01.0890 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/06 07:56:01.0921 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/06 07:56:01.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/06 07:56:02.0015 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/06 07:56:02.0078 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/06 07:56:02.0156 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/06 07:56:02.0234 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/06 07:56:02.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/06 07:56:02.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/06 07:56:02.0359 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/06 07:56:02.0406 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/01/06 07:56:02.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/06 07:56:02.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/06 07:56:02.0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/06 07:56:02.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/06 07:56:02.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/06 07:56:02.0593 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/06 07:56:02.0625 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/06 07:56:02.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/06 07:56:02.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/06 07:56:02.0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/06 07:56:02.0890 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/01/06 07:56:03.0015 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/06 07:56:03.0234 ================================================================================

2011/01/06 07:56:03.0234 Scan finished

2011/01/06 07:56:03.0234 ================================================================================

 

 

[/b]

Link to comment
Share on other sites
So_sad Newbie

So_sad

Posted
Posted

Hi John,

 

Yeah, running IE7 nowadays is way too risky. Even worse with IE6, although very few out there still use that dinosaur.

 

It's a good thing TDSSKiller didn't find anything, but we'll need to keep looking because there is something ; probably hiding very well.

 

Before we run other tools, you'll need to completely uninstall Ad-Aware, because I've just noticed it's the version with an antivirus ; you already have Avast so you can't have two antivirus programs running together - ever. Avast is superior to Ad-Aware, so uninstall the latter please.

 

Once Ad-Aware has been removed, please follow instructions from this next link to download and then run ComboFix :

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

**Important : during the installation, you will be prompted to allow ComboFix to download and install the Recovery Console for XP ; this is an important step so please allow it.

 

> Once ComboFix has completed its run, please copy/paste the content of the log it produced here in your reply.

 

> If you run into any problems or have any questions, please let me know.

 

See you soon !

 

===

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Greetings once again,

 

I uninstalled Ad-Aware as requested. I thought I was only running the Ad-Aware part of the program and did not know it was considered a Anti-Virus program. No problem.

 

Did attempt to follow all instructions and downloaded ComboFix. Attempted to exit all running Anti-Virus type programs prior to startup of ComboFix.

It did say Recovery Console download was needed. No problems.

 

The programs ran and restarted computer. Upon restart my Virus protection restarted per my normal shutdown method. Hope this is not a problem. Did attempt to follow the instructions for shutdown on the ComboFix page.

 

Everything looked like it went oK except the ComboFix - Find3M Preparing Log Report - Do not run any program until ComboFix has finished. I waited over 15 minutes. Exited the program and did a search for the ComboFix log report. Found and copied and pasted below.

 

 

 

 

ComboFix 11-01-06.02 - Owner 01/06/2011 14:05:56.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.491 [GMT -5:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Toolbar4

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Setup.exe

C:\Documents and Settings\Owner\Application Data\EurekaLog

C:\Program Files\Search Toolbar

C:\Program Files\Search Toolbar\basis.xml

C:\Program Files\Search Toolbar\bg.bmp

C:\Program Files\Search Toolbar\bing_logo.png

C:\Program Files\Search Toolbar\celebrity.png

C:\Program Files\Search Toolbar\drop_images.png

C:\Program Files\Search Toolbar\drop_maps.png

C:\Program Files\Search Toolbar\drop_news.png

C:\Program Files\Search Toolbar\drop_videos.png

C:\Program Files\Search Toolbar\drop_web.png

C:\Program Files\Search Toolbar\facebook.png

C:\Program Files\Search Toolbar\favicon.png

C:\Program Files\Search Toolbar\games.png

C:\Program Files\Search Toolbar\hotmail.png

C:\Program Files\Search Toolbar\icon.ico

C:\Program Files\Search Toolbar\images.png

C:\Program Files\Search Toolbar\include.xml

C:\Program Files\Search Toolbar\info.txt

C:\Program Files\Search Toolbar\lifestyle.png

C:\Program Files\Search Toolbar\maps.png

C:\Program Files\Search Toolbar\messenger.png

C:\Program Files\Search Toolbar\msn.png

C:\Program Files\Search Toolbar\news.png

C:\Program Files\Search Toolbar\Thumbs.db

C:\Program Files\Search Toolbar\twitter.png

C:\Program Files\Search Toolbar\version.txt

C:\Program Files\Search Toolbar\video.png

C:\Program Files\Search Toolbar\videos.png

C:\Program Files\Search Toolbar\weather.png

C:\Program Files\Search Toolbar\web.png

C:\WINDOWS\a3kebook.ini

C:\WINDOWS\akebook.ini

C:\WINDOWS\ANS2000.INI

C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

 

.

((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))

.

 

2011-01-04 04:18:01 . 2011-01-04 04:18:01 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache

2011-01-03 17:21:39 . 2011-01-03 17:21:39 -------- d-sh--w- C:\Documents and Settings\Owner\IECompatCache

2011-01-03 17:20:10 . 2011-01-03 17:20:10 -------- d-sh--w- C:\Documents and Settings\Owner\PrivacIE

2011-01-03 17:16:50 . 2011-01-03 17:16:50 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache

2011-01-03 17:16:10 . 2011-01-03 17:16:10 -------- d-sh--w- C:\Documents and Settings\Owner\IETldCache

2011-01-03 17:07:51 . 2010-10-18 11:10:56 7680 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll

2011-01-03 17:04:49 . 2010-11-06 00:26:58 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll

2011-01-03 17:04:44 . 2010-11-06 00:26:57 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll

2011-01-03 17:04:42 . 2010-11-06 00:26:57 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll

2011-01-03 17:01:53 . 2011-01-03 17:04:28 -------- dc-h--w- C:\WINDOWS\ie8

2010-12-28 00:53:09 . 2010-12-28 00:53:09 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla

2010-12-27 15:10:08 . 2010-12-27 15:09:49 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl

2010-12-25 17:23:10 . 2010-12-25 17:23:10 -------- d-----w- C:\Program Files\Common Files\Java

2010-12-25 17:22:47 . 2010-12-27 15:09:48 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2010-12-19 16:29:32 . 2010-12-19 16:29:32 -------- d-----w- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

2010-12-19 16:29:32 . 2010-12-19 16:29:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-19 16:29:16 . 2010-12-19 16:29:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2010-12-17 21:57:00 . 2010-12-17 21:57:00 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth

2010-12-16 03:34:50 . 2010-11-02 15:17:02 40960 -c----w- C:\WINDOWS\system32\dllcache\ndproxy.sys

2010-12-16 03:34:15 . 2010-10-11 14:59:30 45568 -c----w- C:\WINDOWS\system32\dllcache\wab.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 23:09:00 . 2010-07-17 19:02:50 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-12-20 23:08:40 . 2010-07-17 19:02:48 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-11-18 18:12:44 . 2008-11-06 17:02:42 81920 ----a-w- C:\WINDOWS\system32\isign32.dll

2010-11-06 00:26:58 . 2008-11-06 17:07:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2010-11-06 00:26:58 . 2008-11-06 17:04:16 43520 ------w- C:\WINDOWS\system32\licmgr10.dll

2010-11-06 00:26:58 . 2008-11-06 17:02:37 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2010-11-05 16:16:13 . 2009-10-27 16:01:21 98392 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys

2010-11-03 12:25:54 . 2008-11-06 17:02:29 385024 ------w- C:\WINDOWS\system32\html.iec

2010-11-02 15:17:02 . 2008-11-06 17:05:16 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys

2010-10-28 13:13:22 . 2008-11-06 17:00:26 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll

2010-10-26 13:25:00 . 2008-11-06 17:07:18 1853312 ----a-w- C:\WINDOWS\system32\win32k.sys

2002-07-29 03:40:00 . 2007-05-22 20:20:54 1059840 ----a-w- C:\Program Files\DS_Bonus_Plugin.8bf

2001-04-02 20:31:14 . 2009-06-04 12:33:56 550602 ----a-w- C:\Program Files\EyeCand3.8bf

2001-04-02 20:22:50 . 2009-06-04 12:33:56 409600 ----a-w- C:\Program Files\EC3-ENG.8BF

1999-06-25 14:56:04 . 2009-06-04 12:33:56 127184 ----a-w- C:\Program Files\UNWISE.EXE

.

 

 

 

 

 

 

 

 

 

 

 

[/b]

Link to comment
Share on other sites
So_sad Newbie

So_sad

Posted
Posted

Hi John :-)

 

Nice job there. Well executed. One small problem though : the log is too short and I'm hoping you have the rest of it. Please open the saved log again, from "C:\ComboFix.txt", then look for the missing sections, below the "Find3M Report" section. Copy/paste here, if present. If you've posted everything the log is showing, let me know and we'll find a way to get a full log.

 

FYI : ComboFix has removed a password stealer (aka keylogger). The files involved may have been installed by an infection or by one of those commercial keylogging (spying) programs. Either way, it's dead now.

 

I'll wait for the rest of the ComboFix log before prescribing anything else. Oh and let me know if your machine has been sending more spam emails since we've started cleaning things up.

 

Thanks ;)

 

===

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Greetings So_Sad,

 

I thought the log might have not been complete when posted. I did check the ComboFix text file. I verified that I copied and pasted everything. I did a search for Find3m report.txt file. Nothing came up. I am searching with other possible names of the file but no success thus far. Did look in C program folder but did not find. Did I not want long enough for the complete report to be generated?

 

Lots of strange things happend this morning. I leave computer on all night. This morning it would not restart normally. Had to restart using restore but a selected one by the computer (since I don't understand then I cannot really relay exactly).

 

Also, did a Advanced System care after I started up not normally. Lots of Registery Fixes (133) - 14 Sytem Optimization problems found - Much junk files. One problem remains unfixed - No popup on boot.

 

Also, don't have the icon from Microsoft indicating a need to update. Not sure if they have been installed or not. Will check.

 

Waiting to hear what you think needs done.

 

Thanks. I sure appreciate your help.

 

John D.

Link to comment
Share on other sites
John D. Newbie

John D.

Posted
  • Author
Posted

Greetings once again,

 

I missed answering one of your questions in my first post today.

 

"Oh and let me know if your machine has been sending more spam emails since we've started cleaning things up".

 

No! It is wonderful thing as nothing has been sent out since we started cleaning things.

 

John D.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...